23 March 2009, ETSI Headquarters
Risk analysis is the key to assurance in security design. The method defined in ETSI TISPAN is that of a stepwise 'Threat Vulnerability Risk Analysis' (TVRA) and stems from the 'Design for Assurance' approach adopted by ETSI TISPAN in the development of security standards. In both cases the intent is to build on the Common Criteria approach to security assurance testing and evaluation and to turn it towards the developer of standards.
Key to evaluation is determination if the designer has evaluated the risk to the system and mitigated it appropriately. The tool for evaluation of risk is the TVRA and this workshop intended to demonstrate the use of the TVRA through development of an analysis for a real world standards problem in the NGN. To support the TVRA method ETSI has developed a web-based data store and the workshop used this to store and report on the analysis.
Key tasks covered in the workshop were as follows:
- Identification, verification and recording of security objectives;
- Identification, verification and recording of security requirements;
- Application of functional capabilities from ISO 15408 to functional requirements;
- Identification, verification and recording of security functional requirements;
- Identification and verification of the security boundary;
- Identification of intrinsic system weaknesses;
- Analysis of the threats and the available threat agents;
- Determination of risk factors – likelihood and impact, motivation;
- Determination of where standards should be applied.
The workshop was led by ETSI TISPAN WG7 with support from members of STF357.
Workshop Outline
Morning
- Introduction
- Overview of the ETSI TVRA method
- The eTVRA Tool
- A worked example: NGN customer premise Network (CPN)
Afternoon
The workshop was of particular interest for:
- TISPAN members
- 3GPP SA3 members
- OCG SEC
- TC MTS
- TC HF members
- TC ITS members
Download: Presentations