Investigation of Network Enterprise Risk Management Techniques to Support Military Net-Centric Operations

摘要

System security and information assurance requirements and specifications incorporated into the architectural design of a network enterprise must be driven by an adaptable and evolving network enterprise risk management plan. Network Risk Management must start at concept design and relate to the network's Concept of Operations. The purpose of this thesis is to examine some of the essential elements necessary in a network enterprise risk management plan for a complex global networked system similar to the Global Information Grid (GIG). It compares the current Department of Defense (DoD) framework for risk management with other popular network risk management process models. An important but difficult part of the risk management process is determining the value of network assets. Another important, but overlooked element of risk management processes, is evaluating the network for resiliency; the ability to return to normal in time to prevent the compromise of a mission. The contention is that risk management planning must include planning for network survivability and resiliency. Selected elementary network architectures are analyzed for attributes of the architectures that promote information assurance qualities of confidentiality, integrity, and availability. Finally, recommendations are made on applying important elements of network risk management into the conceptual architecture of a global network.