Electronics & Connectivity - September 5, 2012 - 17

e
Base Metric Group
Access Vector Access Complexity Authentication Confidentiality Impact Integrity Impact Availability Impact

c

Temporal Metric Group
Exploitability Remediation Level Report Confidence

Environmental Metric Group
Collateral Damage Potential Target Distribution Confidentiality Requirement Integrity Requirement Availability Requirement

Based on the Common Vulnerabilities Scoring System, the Common Vulnerabilities and Exposures are then associated with an impact metric based on the characteristics of the vulnerability. cial: it is the ultimate justification for the financing of recurring efforts required to perform operational security management for a given system. Security events can be allocated to two main categories: internal faults such as vulnerabilities, and external faults such as intentional attacks or inadvertent actions, with faults being defined as the adjudged or hypothesized cause of an error. Vulnerabilities are internal faults that enable an external fault to cause an error and possibly subsequent failures. The origin of such vulnerabilities can be from the implementation, configuration, or design of the system. Ensuring that product implementation, configuration, and design are robust against external faults is in part achieved by validation and verification during system development. Security audits are performed on the systems to evaluate the robustness against intentional or inadvertent attacks. The security threat is dynamic and consists of elements other than just implementation vulnerabilities for which alerts are issued by alert service providSAE electronics+connectivity

Security incidents can be grouped into two classes: a class of incidents for which the security event is the fault or cause of an error, and a class of incidents for which the security event is the failure or consequence of an error. ers. Other threats include weaknesses to crypto algorithms for which no CVEs (Common Vulnerabilities and Exposures) may be published (as the vulnerability is not vendor specific) or the development of new tools that make the exploitation of system weaknesses easier. It may therefore also be necessary to perform periodic security audits after system release to test the aircraft IT system against the most current security threat environment. The necessity to perform a security audit on a system prior to release as well as the frequency of performing security audits on the system thereafter, should be identified in the associated risk analysis of the system. Another one of the three inputs in this operational security management process are alerts of implementation vulnerabilities. As for security audits, the necessity of this operational measure should be identified in the associated risk analysis for
September 5, 2012

17



Electronics & Connectivity - September 5, 2012

Table of Contents for the Digital Edition of Electronics & Connectivity - September 5, 2012

Electronics & Connectivity - September 5, 2012
Contents
The Ups and Downs of Connectivity
Tech Report
Securing IT in the sky
Data Collection Made Easy
Ad Index
Resource Links
Upcoming from the Editors
Electronics & Connectivity - September 5, 2012 - Cover1
Electronics & Connectivity - September 5, 2012 - Electronics & Connectivity - September 5, 2012
Electronics & Connectivity - September 5, 2012 - Contents
Electronics & Connectivity - September 5, 2012 - The Ups and Downs of Connectivity
Electronics & Connectivity - September 5, 2012 - Tech Report
Electronics & Connectivity - September 5, 2012 - 5
Electronics & Connectivity - September 5, 2012 - 6
Electronics & Connectivity - September 5, 2012 - 7
Electronics & Connectivity - September 5, 2012 - 8
Electronics & Connectivity - September 5, 2012 - 9
Electronics & Connectivity - September 5, 2012 - 10
Electronics & Connectivity - September 5, 2012 - 11
Electronics & Connectivity - September 5, 2012 - 12
Electronics & Connectivity - September 5, 2012 - 13
Electronics & Connectivity - September 5, 2012 - Securing IT in the sky
Electronics & Connectivity - September 5, 2012 - 15
Electronics & Connectivity - September 5, 2012 - 16
Electronics & Connectivity - September 5, 2012 - 17
Electronics & Connectivity - September 5, 2012 - 18
Electronics & Connectivity - September 5, 2012 - 19
Electronics & Connectivity - September 5, 2012 - Data Collection Made Easy
Electronics & Connectivity - September 5, 2012 - 21
Electronics & Connectivity - September 5, 2012 - 22
Electronics & Connectivity - September 5, 2012 - 23
Electronics & Connectivity - September 5, 2012 - 24
Electronics & Connectivity - September 5, 2012 - Upcoming from the Editors
https://www.nxtbook.com/nxtbooks/sae/12DEC1128
https://www.nxtbook.com/nxtbooks/sae/12DEC0905
https://www.nxtbook.com/nxtbooks/sae/12DEC0530
https://www.nxtbook.com/nxtbooks/sae/12DEC0301
https://www.nxtbook.com/nxtbooks/sae/ec_prototype
https://www.nxtbookmedia.com