System Assurance by Nikolai Mansourov, Djenana Campara

System stakeholders require understanding of the risks and confidence in systems. System assurance involves making a clear, comprehensive, and defensible case that security safeguards are adequate against the threats to the system. System assurance complements system engineering and risk assessment by focusing on building security arguments to justify the security posture of the system, gathering evidence, and communicating cybersecurity knowledge. This chapter describes the nature of assurance, demonstrates the need of argument in support of complex claims, explains the difference between positive and negative claims and between the process-based and goal-based assurance. Architecture-driven assurance ...