Tom Gilb
Result Planning, Ltd.
Description:
This talk will address the issue of How to specify security requirements in a quantified way, how to express the richness of security needs, and how to balance security investment with other system quality needs.
The talk will also address:
• The systemic advantages of quantifying the security problem
• Basic planning language for quantified security specification
• A generic model of security (Integrity, Security and Attack)
• An example of tailored real security specifications
• Advanced security specification with information about risks, issues,
dependencies and priorities
• Security design specification: how to estimate the security impacts
and costs
• Evaluating security design alternatives quantitatively using impact
estimation tables
• Evolutionary delivers for security capability: early security priorities
first, learn from feedback and experience.
Biography:
Tom Gilb is an international consultant, teacher and author. His 9th book is ‘Competitive Engineering’ (planned Summer 2005 publication) which is a definition of the planning language ‘Planguage’, which allows security metrics to me integrated with all other system requirements and designs. He works with major multinationals such as Symbian, Citigroup, Schlumberger, HP, IBM, Nokia, Ericsson, Motorola, US DOD, UK MOD, Boeing, British Aerospace, Microsoft and many others. See www.GILB.com for much more detail and free publications on quantification, metrics. Included, at Gilb.com is a pre publication manuscript of 'Competitive Engineering' book, with a great deal about metrics and some security quantification information.
Gilb first published his Security Quantification ideas in his landmark book Software Metrics ( 1976) which is the acknowledged basis for the IBM (and successors at SEI CMM CMMI) Development of CMM Level 4 (metrics). He is a pioneer in quantification of software quality attributes, and coined the term 'Software metrics'.