Mission Assurance Analysis Protocol (MAAP)

Similar documents
Improving the Quality of Patient Care Utilizing Tracer Methodology

Opportunities to Streamline DOD s Milestone Review Process

ASAP-X, Automated Safety Assessment Protocol - Explosives. Mark Peterson Department of Defense Explosives Safety Board

Independent Auditor's Report on the Attestation of the Existence, Completeness, and Rights of the Department of the Navy's Aircraft

White Space and Other Emerging Issues. Conservation Conference 23 August 2004 Savannah, Georgia

The Fully-Burdened Cost of Waste in Contingency Operations

Panel 12 - Issues In Outsourcing Reuben S. Pitts III, NSWCDL

terns Planning and E ik DeBolt ~nts Softwar~ RS) DMSMS Plan Buildt! August 2011 SYSPARS

DDESB Seminar Explosives Safety Training

US Coast Guard Corrosion Program Office

DOING BUSINESS WITH THE OFFICE OF NAVAL RESEARCH. Ms. Vera M. Carroll Acquisition Branch Head ONR BD 251

Social Science Research on Sensitive Topics and the Exemptions. Caroline Miner

Military Health System Conference. Putting it All Together: The DoD/VA Integrated Mental Health Strategy (IMHS)

Integrated Comprehensive Planning for Range Sustainability

United States Army Aviation Technology Center of Excellence (ATCoE) NASA/Army Systems and Software Engineering Forum

Munitions Response Site Prioritization Protocol (MRSPP) Online Training Overview. Environmental, Energy, and Sustainability Symposium Wednesday, 6 May

AFCEA TECHNET LAND FORCES EAST

Wildland Fire Assistance

Laboratory Accreditation Bureau (L-A-B)

Fiscal Year 2011 Department of Homeland Security Assistance to States and Localities

Research to advance the Development of River Information Services (RIS) Technologies

The Coalition Warfare Program (CWP) OUSD(AT&L)/International Cooperation

Shadow 200 TUAV Schoolhouse Training

Electronic Attack/GPS EA Process

Biometrics in US Army Accessions Command

Cerberus Partnership with Industry. Distribution authorized to Public Release

Engineered Resilient Systems - DoD Science and Technology Priority

ALLEGED MISCONDUCT: GENERAL T. MICHAEL MOSELEY FORMER CHIEF OF STAFF, U.S. AIR FORCE

Defense Health Care Issues and Data

Concept Development & Experimentation. COM as Shooter Operational Planning using C2 for Confronting and Collaborating.

The Military Health System How Might It Be Reorganized?

Aviation Logistics Officers: Combining Supply and Maintenance Responsibilities. Captain WA Elliott

SPECIAL REPORT Unsurfaced Road Maintenance Management. Robert A. Eaton and Ronald E. Beaucham December 1992

DOD Native American Regional Consultations in the Southeastern United States. John Cordray NAVFAC, Southern Division Charleston, SC

Software Intensive Acquisition Programs: Productivity and Policy

Office of the Assistant Secretary of Defense (Homeland Defense and Americas Security Affairs)

Representability of METT-TC Factors in JC3IEDM

U.S. ARMY EXPLOSIVES SAFETY TEST MANAGEMENT PROGRAM

CRS prepared this memorandum for distribution to more than one congressional office.

United States Military Casualty Statistics: Operation Iraqi Freedom and Operation Enduring Freedom

Rapid Reaction Technology Office. Rapid Reaction Technology Office. Overview and Objectives. Mr. Benjamin Riley. Director, (RRTO)

712CD. Phone: Fax: Comparison of combat casualty statistics among US Armed Forces during OEF/OIF

Test and Evaluation of Highly Complex Systems

Unexploded Ordnance Safety on Ranges a Draft DoD Instruction

For the Period June 1, 2014 to June 30, 2014 Submitted: 15 July 2014

Infections Complicating the Care of Combat Casualties during Operations Iraqi Freedom and Enduring Freedom

THE GUARDIA CIVIL AND ETA

Army Aviation and Missile Command (AMCOM) Corrosion Program Update. Steven F. Carr Corrosion Program Manager

Systems Engineering Capstone Marketplace Pilot

Contemporary Issues Paper EWS Submitted by K. D. Stevenson to

AFRL-ML-WP-TP

Report Documentation Page

United States Joint Forces Command Comprehensive Approach Community of Interest

Office of Inspector General Department of Defense FY 2012 FY 2017 Strategic Plan

DoD Scientific & Technical Information Program (STIP) 18 November Shari Pitts

Tim Haithcoat Deputy Director Center for Geospatial Intelligence Director Geographic Resources Center / MSDIS

Drinking Water Operator Certification and Certificate to Operate Criteria/Requirements for US Navy Overseas Drinking Water Systems

INSIDER THREATS. DOD Should Strengthen Management and Guidance to Protect Classified Information and Systems

AFRL-VA-WP-TP

The Effects of Multimodal Collaboration Technology on Subjective Workload Profiles of Tactical Air Battle Management Teams

Integrity Assessment of E1-E3 Sailors at Naval Submarine School: FY2007 FY2011

Harnessing the Power of MHS Information Systems to Achieve Meaningful Use of Health Information

Defense Acquisition Review Journal

The Landscape of the DoD Civilian Workforce

User Manual and Source Code for a LAMMPS Implementation of Constant Energy Dissipative Particle Dynamics (DPD-E)

Afloat Electromagnetic Spectrum Operations Program (AESOP) Spectrum Management Challenges for the 21st Century

Applying the Goal-Question-Indicator- Metric (GQIM) Method to Perform Military Situational Analysis

MILITARY MUNITIONS RULE (MR) and DoD EXPLOSIVES SAFETY BOARD (DDESB)

2010 Fall/Winter 2011 Edition A army Space Journal

2011 USN-USMC SPECTRUM MANAGEMENT CONFERENCE COMPACFLT

Report No. DODIG Department of Defense AUGUST 26, 2013

Environmental Trends Course Cultural Resources

at the Missile Defense Agency

Defense Acquisition: Use of Lead System Integrators (LSIs) Background, Oversight Issues, and Options for Congress

Report No. DODIG December 5, TRICARE Managed Care Support Contractor Program Integrity Units Met Contract Requirements

Chief of Staff, United States Army, before the House Committee on Armed Services, Subcommittee on Readiness, 113th Cong., 2nd sess., April 10, 2014.

USAF TECHNICAL TRAINING NAS Pensacola Florida Develop America's Airmen Today --- for Tomorrow

Military Health System Conference. Psychological Health Risk Adjusted Model for Staffing (PHRAMS)

Joint Committee on Tactical Shelters Bi-Annual Meeting with Industry & Exhibition. November 3, 2009

World-Wide Satellite Systems Program

Report No. D May 14, Selected Controls for Information Assurance at the Defense Threat Reduction Agency

Make or Buy: Cost Impacts of Additive Manufacturing, 3D Laser Scanning Technology, and Collaborative Product Lifecycle Management on Ship Maintenance

The Security Plan: Effectively Teaching How To Write One

Information Technology

Presented to: Presented by: February 5, Aviation and Missile Research, Development and Engineering Center

The Effects of Outsourcing on C2

Quantifying Munitions Constituents Loading Rates at Operational Ranges

Water Usage at Forward Operating Bases

Small Business Innovation Research (SBIR) Program

~ NATO STANDARDIZATION ~ 60 YEARS of NORMATIVE SUCCESS. NATO Standardization Agency

Afghanistan Casualties: Military Forces and Civilians

The Need for NMCI. N Bukovac CG February 2009

IMPROVING SPACE TRAINING

The DoD Siting Clearinghouse. Dave Belote Director, Siting Clearinghouse Office of the Secretary of Defense

Navy Ford (CVN-78) Class Aircraft Carrier Program: Background and Issues for Congress

Incomplete Contract Files for Southwest Asia Task Orders on the Warfighter Field Operations Customer Support Contract

Determining and Developing TCM-Live Future Training Requirements. COL Jeffrey Hill TCM-Live Fort Eustis, VA June 2010

Conservation Law Enforcement Program Standardization

Department of Defense DIRECTIVE

Cyber Attack: The Department Of Defense s Inability To Provide Cyber Indications And Warning

Transcription:

Pittsburgh, PA 15213-3890 Mission Assurance Analysis Protocol (MAAP) Sponsored by the U.S. Department of Defense 2004 by Carnegie Mellon University page 1

Report Documentation Page Form Approved OMB No. 0704-0188 Public reporting burden for the collection of information is estimated to average 1 hour per response, including the time for reviewing instructions, searching existing data sources, gathering and maintaining the data needed, and completing and reviewing the collection of information. Send comments regarding this burden estimate or any other aspect of this collection of information, including suggestions for reducing this burden, to Washington Headquarters Services, Directorate for Information Operations and Reports, 1215 Jefferson Davis Highway, Suite 1204, Arlington VA 22202-4302. Respondents should be aware that notwithstanding any other provision of law, no person shall be subject to a penalty for failing to comply with a collection of information if it does not display a currently valid OMB control number. 1. REPORT DATE JAN 2004 2. REPORT TYPE 3. DATES COVERED 00-00-2004 to 00-00-2004 4. TITLE AND SUBTITLE Mission Assurance Analysis Protocol (MAAP) 5a. CONTRACT NUMBER 5b. GRANT NUMBER 5c. PROGRAM ELEMENT NUMBER 6. AUTHOR(S) 5d. PROJECT NUMBER 5e. TASK NUMBER 5f. WORK UNIT NUMBER 7. PERFORMING ORGANIZATION NAME(S) AND ADDRESS(ES) Carnegie Mellon University,Software Engineering Institute,Pittsburgh,PA,15213 8. PERFORMING ORGANIZATION REPORT NUMBER 9. SPONSORING/MONITORING AGENCY NAME(S) AND ADDRESS(ES) 10. SPONSOR/MONITOR S ACRONYM(S) 12. DISTRIBUTION/AVAILABILITY STATEMENT Approved for public release; distribution unlimited 13. SUPPLEMENTARY NOTES 14. ABSTRACT 11. SPONSOR/MONITOR S REPORT NUMBER(S) 15. SUBJECT TERMS 16. SECURITY CLASSIFICATION OF: 17. LIMITATION OF ABSTRACT a. REPORT unclassified b. ABSTRACT unclassified c. THIS PAGE unclassified Same as Report (SAR) 18. NUMBER OF PAGES 19 19a. NAME OF RESPONSIBLE PERSON Standard Form 298 (Rev. 8-98) Prescribed by ANSI Std Z39-18

Example: Single Point of Control Mission Activity 1 Activity 2 Activity 4 Single point of management control oversees execution of all activities. Activity 3 2004 by Carnegie Mellon University page 2

Example: Multiple Points of Control Organization A Mission Organization B Activity 1 Organization C Activity 2 Organization D Activity 3 Organization E Activity 4 2004 by Carnegie Mellon University page 3

Example: Inherited Risk Mission Organization A Organization B Activity 1 Organization C Activity 2 Organization E s risk analysis only considers what happens within its organizational boundaries. However, Activity 4 inherits risk from activities performed earlier in the process. Organization D Activity 3 Organization E Inherited Risk Activity 4 2004 by Carnegie Mellon University page 4

Key Premise Most risk analysis techniques focus on a single entity (e.g., enterprise, system). These techniques are effective at handling environments where management control is centralized do not readily scale to environments where management control is distributed Distributed management of processes and technologies is now commonplace. New techniques are needed to handle the complexity inherent in distributed environments. 2004 by Carnegie Mellon University page 5

Definitions Mission is the set of objectives being pursued by a person or group. Risk is the possibility of suffering harm or loss. Operational risk is the possibility of direct or indirect loss resulting from failed or inadequate internal processes or from failures caused by people, technology, or external events. Operational risk tolerance is the maximum overall exposure to operational risk that will be accepted. 2004 by Carnegie Mellon University page 6

Operational Risk Analysis Issues Analysis of operational risk in distributed environments is often incomplete. Some sources of operational risk are excluded from the analysis. Interrelationships and dependencies among sources of operational risk are not typically established. The potential impact of a risk is often difficult to characterize in complex operational environments. 2004 by Carnegie Mellon University page 7

Operational Risk Management Issues Management of operational risk in distributed environments is often ineffective. Incomplete analysis of operational risk can lead to poor management decisions. Operational risk tolerance is not uniform across functional boundaries. There are insufficient means for communicating operational risks across functional boundaries. Ownership of complex operational risks can be ambiguous. 2004 by Carnegie Mellon University page 8

Mission Assurance Mission assurance is taking due care to reduce operational risk to the mission to an acceptable level. 2004 by Carnegie Mellon University page 9

Analyzing Mission Assurance - 1 Set the scope of the analysis according to the mission being pursued. Define and document an interrelated process model for achieving the mission. Identify the sequence of all value-added activities that must be performed when working toward the mission. Identify the actors responsible for performing each activity. Establish criteria for measuring operational risk. Define the tolerance for operational risk. 2004 by Carnegie Mellon University page 10

Analyzing Mission Assurance - 2 Select tools and techniques for data gathering and analysis. Collect operational risk data. Analyze operational risk to the mission. Take action to reduce operational risk to the mission within the defined tolerance. 2004 by Carnegie Mellon University page 11

Sources of Operational Risk Mission Design Execution Environment Event 2004 by Carnegie Mellon University page 12

Security and Mission Assurance The security attributes for information are derived from the performance attributes of work processes. The tolerance for operational risk establishes the criteria against which security risk must be evaluated. Security processes are work processes. Operational risk to security processes must be managed in the same way it is managed in other work process. 2004 by Carnegie Mellon University page 13

Mission Assurance Analysis Protocol (MAAP) Defines a set of objects, rules, and heuristics used to model and analyze processes and systems Provides an integrated view of operational risk Can be tailored to many different domains Focuses on assuring the completion of defined missions Addresses operational risk analysis issues 2004 by Carnegie Mellon University page 14

Implementing MAAP 2004 by Carnegie Mellon University page 15

A Common Basis for Analysis 2004 by Carnegie Mellon University page 16

Types of Analysis MAAP allows for different types of analysis based on the nature of the problems being solved. gap analysis qualitative analysis quantitative analysis 2004 by Carnegie Mellon University page 17

Proposed Development MAAP Definition and Description MAAP Toolkit 2004 by Carnegie Mellon University page 18

MAAP Project Status First pilot analyzing risk to an incident management capability is underway. The operational model has been developed. Analysis activities are beginning. Currently looking for a second pilot in another domain. software assurance operational security unique problems (e.g., operating weapons systems, critical infrastructure) complex missions requiring a comprehensive risk analysis 2004 by Carnegie Mellon University page 19

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback