Scribd Logo
Upload

Welcome to Scribd!

  • Estimating The Cost of Cyber Projects-Identifying The Key Cost Drivers For Cyber Hygiene

    Uploaded by

    علي الاسمري
    7 views33 pages

    Original Title

    20180529scafandcosmicpresentaitonsrajagopal-180620151613

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    7 views33 pages

    Estimating The Cost of Cyber Projects-Identifying The Key Cost Drivers For Cyber Hygiene

    Uploaded by

    علي الاسمري

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 33

    QINETIQ PROPRIETARY

    Estimating the Cost of Cyber


    Projects- Identifying the Key
    Cost Drivers for Cyber Hygiene

    S Rajagopal- QinetiQ Fellow


    Estimating Manager- Cyber, Information and Training

    05 June 2018

    QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    Unclassified-QinetiQ Proprietary

    QinetiQ Businesses

    Air and Space Maritime, land and North America


    weapons

    Cyber, Information & OptaSense® International


    training

    2 QINETIQ/CP18/02042 Unclassified-QinetiQ Proprietary


    Unclassified-QinetiQ Proprietary

    QinetiQ, International Business, Advisory Services

    • Over 150 highly skilled and experienced subject


    matter experts
    • 70%+ Professional Accreditation
    • ACostE, SCAF, APM, Prince2, MSP, ICEAA
    • Based across 5 UK Sites
    • Deployed internationally
    • Average experience of 10 years
    • Over 40% PhD / MSc qualified

    3 QINETIQ/CP18/02042 Unclassified-QinetiQ Proprietary


    QINETIQ PROPRIETARY

    Agenda

    1 Cyber Security – Definitions

    2 Cyber Security – The Problems and Threats


    3 Software Maintenance
    4 Software Maintenance – key Cost Drivers
    5 Software Obsolescence
    6 Software Obsolescence –Key Cost Drivers
    7 Summary

    4 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Cyber Security
    Definitions

    QINETIQ PROPRIETARY
    QINETIQ PROPRIETARY
    QINETIQ PROPRIETARY

    Definitions

    • Cyber Security –These are the techniques of protecting computers, networks,


    programmes and data from unauthorised access or attacks that are aimed for
    exploitations.
    • Information Security –Information security protects information from unauthorised
    access to avoid identity theft and to protect privacy.

    6 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Cyber Security
    The Problem

    QINETIQ PROPRIETARY
    QINETIQ PROPRIETARY
    QINETIQ PROPRIETARY

    The Problem

    Nature of the Threat Threat Actors in Cyber Space


    • Complex, global and constantly changing • Hacktivists – to cause disruption
    • Perpetrated remotely • Criminals – for financial gain
    • Difficult to trace • State Sponsored, Cyber espionage
    • Significant impact • Self taught teenagers
    • Insiders

    - Cyber Crime Unit, South East Regional Organised Crime Unit

    8 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    The Threat

    • Cyber Crime “As-A-Services”


    • Malware
    • Intrusion (Hacking or unauthorised access to systems)
    • DDOS – distributed denial of service
    • APT –advanced persistent attack
    • Malvertising

    - Cyber Crime Unit, South East Regional Organised Crime Unit

    9 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Some Numbers

    • 3.9 Million cyber crimes reported in 12 months(2016)


    • Cost to UK economy - £49bn in 2014
    • 315,000 NEW malicious files a day
    • 3000 DDoS attacks per day
    • 500,000 phishing attempts per day
    • 90% of large organisation reported they had suffered an information breach
    • For companies more than 500 employees the average cost of the most sever breach is now between £1.4m
    and £3.4m

    - Cyber Crime Unit, South East Regional Organised Crime Unit

    10 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    - Cyber Security Breaches Survey 2018 – Dept. for Digital, Culture, Media and Support

    11 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Cyber Security Breaches

    • Two in Five business (43%) identified breaches in the • Business considers the technical control is important.
    last 12 months This includes
    – Updating software and malware protection
    • The most common were
    – Securely backing up data
    – Staff receiving fraudulent emails (75% of Business)
    – Configuring firewalls
    – Others impersonating the organisation online (28%)
    – Providing guidance on the personal cyber protections
    – Viruses and Malware (24%)

    - Cyber Security Breaches Survey 2018 – Dept. for Digital, Culture, Media and Support

    12 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Investment and Preventative Action

    - Cyber Security Breaches Survey 2018 – Dept. for Digital, Culture, Media and Support

    13 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Key Cost Drivers of Cyber Hygiene

    • Software update is key in reducing the cyber breaches. However it is not the only option to reduce
    the threat
    • Further in the presentation I will be discussing
    – Why updates are important and
    – Where does it fit in the Software maintenance cycle and
    – Why just updating the software when breaches happens is not value for money strategy.
    – Having a good proactive software maintenance and Software Obsolescence is key for a good
    cyber hygiene discipline
    – Will be identifying the key cost drivers for software maintenance and software obsolescence

    14 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Software Maintenance

    QINETIQ PROPRIETARY
    QINETIQ PROPRIETARY

    Software Maintenance –Definitions

    Software Maintenance is defined as “ the process of modifying a software systems or component after delivery to
    correct faults, improve performance or other attributes, or adapt to a changed environment”
    -IEEE, 1990

    “ Software Maintenance is the totality of activities required to provide cost-effective support to a software system.
    Activities are performed during the pre-delivery stage as well as the post-delivery stage. Pre-delivery activities
    include planning for post-delivery operations, supportability, and logistics determination. Post-delivery activities
    includes software modification, training and operating a help desk”
    -Thomas Pigoski, “Practical Software Maintenance – Best practice for managing your software Investment”

    16 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Software Maintainability

    It is the ease with


    –The program can be corrected
    –Adapted if the environment changes
    –Enhanced if the customer wants to change

    17 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Types of Software Maintenance

    • Perfective Maintenance – Perfective maintenance is the modification of a software application, after delivery,
    to improve performance or maintainability.
    • Preventative Maintenance – The modification of a software application after delivery to detect and correct
    latent faults in the software product before they became effective faults.
    • Corrective Maintenance – The reactive modification of a software product performed after delivery to correct
    discovered problems.
    • Adaptive Maintenance – Enhancements necessary to accommodate changes in the environment in which a
    software product must operate.

    -ISBSG

    18 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Software Reliability
    • It is the probability of failure free software operation for a specific time
    • Software is not a function of time – so cannot be measured on the time factors
    • Software reliability is an important attribute to software quality
    • Software reliability is hard to achieve as Software complexity might be higher

    19 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Software Maintenance-
    Key Cost Drivers

    QINETIQ PROPRIETARY
    QINETIQ PROPRIETARY

    Why Software Maintenance is a key Cost Drivers (adapted from Bartel et al)
    Software Supply
    Chain

    Technological Functional Logistical

    Purchase Support Compatibility Infrastructure Distributions

    Licence Technical Maintenance Systems Build Network

    Update, Upgrade,
    Copyrights patches and bug Perfective Other Hardware Test
    fixes

    1st Line Support Preventative

    2nd Line Support Corrective

    3rd Line Support Adaptive

    21 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Other key Cost Drivers to consider when estimating Software Maintenance Cost

    Cost Drivers

    Software and
    Level of Types of Testing and Level of
    Systems
    Integration Platforms Requalification Modification
    parameters

    Communication Software Software Number of Development


    Air Land Maritime Commercial Language SDE
    and Systems Complexity Dependencies Applications life cycle

    22 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Software Obsolescence

    QINETIQ PROPRIETARY
    QINETIQ PROPRIETARY

    What is Obsolescence ?

    • There are various definitions for Obsolescence in use however IEC 62402:20071 defines obsolescence as

    “Transition from availability from the original manufacturer to unavailability”

    • Obsolescence Management is the

    “The coordinated activities to direct and control an organisations with regard to Obsolescence”

    24 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Software Obsolescence Definitions

    Software Obsolescence is defined “what happens when the original and authorised third party ceases to provide
    support with regular update, upgrade, fixes or due to the changes in target or operating environment, systems or
    hardware which makes the software unusable”

    -S Rajagopal et al; 2014

    25 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Software Obsolescence vs Software Maintenance


    Software Maintenance Software Obsolescence

    Bug fixes Replacement of entire application if need be to a


    new one
    To address fault/Failures, security patches etc. To address the issue with the application in totality

    Maintenance is the review of of the stored files to Solves unavailability of fixes, licences, permission
    ensure they are still useable and upgrades

    Software maintenance takes care of the current Software Obsolescence management looks forward
    versions to ensure that its up and running and the industry standards and other software to
    meeting the requirements continue supportability of the software

    Maintenance deals with the upgrading the software Obsolescence management deals with enforced
    to enhance capability changes in the environment

    26 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Types of Software Obsolescence

    Software gets obsolete due to one of the following reasons (P Sandborn, et al)

    Functional obsolescence: If there are changes to the hardware, system or other software in the same system.

    Technological Obsolescence: his happens when vendor stops supporting the products or unavailability of the software in
    market etc.

    Logistical Obsolescence: This happens when the media or the hard drive for example does not support the software.

    27 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    What Triggers Software Obsolescence

    • Applications not supported by the developers


    • Changes in
    – Development environment,
    – Integration and test environment,
    – Target environment and adjacent systems

    • Compatibility issues, both backward and foreword


    • Technology insertions
    • Hardware obsolescence
    • Changes in safety and legal requirements

    28 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Software Obsolescence-
    Key Cost Drivers

    QINETIQ PROPRIETARY
    QINETIQ PROPRIETARY

    Cost Drivers- Reactive and Proactive

    • Cost of resources • Resources (SQEP)


    • Updates and upgrades • Sustainment of skills base
    • Testing and re-qualifications • Sustainment of infrastructure
    – Software development environment
    • Security and legal issues
    – Test and integration facilities
    • Forced and unplanned expenditure on – Simulations systems etc
    – New hardware,
    • Internal Project management cost
    – New infrastructure,
    – Resurrection of skill bases, • Resources training and updating the user and
    – Reverse engineering of interface specification maintenance manuals
    – Reverse engineering of design documentations
    • Software Obsolescence Monitoring
    – Legal Claims etc

    30 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Summary

    • Cyber breaches is a reality now and no one is safe !!!


    • Having a good personal cyber hygiene is important to reduce the risk of
    cyber attacks
    • However, managing your software and keeping it up to date plays an
    important role
    • Managing and mitigating cyber threats is very expensive
    • Having a proactive software maintenance and proactive software
    obsolescence management will help protect the company from Cyber
    breaches
    • Identifying key cost drivers will help decision makers to plan for budgetary
    decisions

    31 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    Next workshop

    • Investment Analysis for Cyber Projects


    • Key project Risks of large Cyber projects/ Programme
    • Sensitivity analysis on the key cost drivers

    32 QINETIQ/CP18/02042 QINETIQ PROPRIETARY


    QINETIQ PROPRIETARY

    QinetiQ
    Building 240
    The Close
    Bristol Business Park
    Coldharbour Lane
    Bristol BS16 1FJ
    United Kingdom Thank you –Any Questions ?
    Tel +44 (0)117 3172558
    Mobile +44 (0)738 237 044
    srajagopal@QinetiQ.com
    www.QinetiQ.com

    Sanathanan Rajagopal TMIET


    QinetiQ Fellow
    Estimating Manager –CiT

    QINETIQ PROPRIETARY

    You might also like