Overview: This free online event will introduce Assurance Cases (ACs) as a means to drive critical-thinking about risk management activities and coordinate compliance with diverse standards or regulations.
Abstract: Organizations go to great lengths to secure their critical infrastructure because the cost of security-related incidents in terms of lost revenue, reputation, lawsuits, or physical harm is intolerable. Complex security policies, procedures, and technologies are implemented to reduce risks that arise from threats, and significant efforts are expended to show compliance with a wide range of internal and external standards, each requiring its own unique blend of artifacts. In the rush to demonstrate compliance, the underlying rationale is easily lost, leading to questions from interest holders like: "why do we need mitigation X", and "what is the purpose control Y"? This presentation will introduce Assurance Cases (ACs) as a means to drive critical-thinking about risk management activities and coordinate compliance with diverse standards or regulations. At their core, ACs require analysts to prepare structured arguments to show why compliance artifacts are important for meeting an organization’s cybersecurity objectives. ACs have been successfully used in numerous safety-critical industries, including nuclear power, rail, oil & gas, defense, and automotive, and there is increasing interest in applying them to address cybersecurity challenges.
Presenter Bio: Simon Diemert is the VP Engineering at Critical Systems Labs (CSL). Simon has worked in a range of industries, including medical devices, rail signaling, industrial control, robotics, and automotive (including with autonomous vehicles). Simon is actively involved in CSL’s internal R&D program and leads a team of software developers responsible for CSL’s flagship product, Socrates – Assurance Case Editor. He holds a Bachelor of Software Engineering and Master of Computer Science and is currently pursuing a Ph.D. in Computer Science at the University of Victoria. His research interest is in safety and cybersecurity assurance cases for autonomous and self-adaptive systems. Simon is a registered professional engineer with Engineers and Geoscientists of British Columbia (EGBC). He was an author of EGBC’s Professional Practice Guidelines on Safety-Critical Software Development and currently chairs of EGBC’s Technology Advisory Group. In 2022 Simon won EGBC’s “Young Professional” award and in 2023 the International System Safety Society awarded him the “Engineer of the Year”.