Enterprise Level Security 1 & 2

This is a set, comprising of Enterprise Level Security and Enterprise Level Security 2. Enterprise Level Security: Securing Information Systems in an Uncertain World provides a modern alternative to the fortress approach to security. The new approach is more distributed and has no need for passwords or accounts. Global attacks become much more difficult, and losses are localized, should they occur. The security approach is derived from a set of tenets that form the basic security model requirements. Many of the changes in authorization within the enterprise model happen automatically. Identities and claims for access occur during each step of the computing process. Many of the techniques in this book have been piloted. These techniques have been proven to be resilient, secure, extensible, and scalable. The operational model of a distributed computer environment defense is currently being implemented on a broad scale for a particular enterprise. The first section of the book comprises seven chapters that cover basics and philosophy, including discussions on identity, attributes, access and privilege, cryptography, the cloud, and the network. These chapters contain an evolved set of principles and philosophies that were not apparent at the beginning of the project. The second section, consisting of chapters eight through twenty-two, contains technical information and details obtained by making painful mistakes and reworking processes until a workable formulation was derived. Topics covered in this section include claims-based authentication, credentials for access claims, claims creation, invoking an application, cascading authorization, federation, and content access control. This section also covers delegation, the enterprise attribute ecosystem, database access, building enterprise software, vulnerability analyses, the enterprise support desk, and network defense. Enterprise Level Security 2: Advanced Topics in an Uncertain World follows on from the authors’ first book on Enterprise Level Security (ELS), which covered the basic concepts of ELS and the discoveries made during the first eight years of its development. This book follows on from this to give a discussion of advanced topics and solutions, derived from 16 years of research, pilots, and operational trials in putting an enterprise system together. The chapters cover specific advanced topics derived from painful mistakes and numerous revisions of processes. This book covers many of the topics omitted from the first book including multi-factor authentication, cloud key management, enterprise change management, entity veracity, homomorphic computing, device management, mobile ad hoc, big data, mediation, and several other topics. The ELS model of enterprise security is endorsed by the Secretary of the Air Force for Air Force computing systems and is a candidate for DoD systems under the Joint Information Environment Program. The book is intended for enterprise IT architecture developers, application developers, and IT security professionals. This is a unique approach to end-to-end security and fills a niche in the market. Dr. Kevin E. Foltz, Institute for Defense Analyses, has over a decade of experience working to improve security in information systems. He has presented and published research on different aspects of enterprise security, security modeling, and high assurance systems. He also has degrees in Mathematics, Computer Science, Electrical Engineering, and Strategic Security Studies. Dr. William R. Simpson, Institute for Defense Analyses, has over two decades of experience working to improve systems security. He has degrees in Aeronautical Engineering and Business Administration, as well as undergoing military and government training. He spent many years as an expert in aeronautics before delving into the field of electronic and system testing, and he has spent the last 20 years on IT-related themes (mostly security, including processes, damage assessments of cyber intrusions, IT security standards, IT security evaluation, and IT architecture).

Table of Contents:
Enterprise Level Security (1) 1 Introduction 1.1 Problem Description 1.1.1 Success beyond Anticipation 1.1.2 But, It Started Long before ­at 1.1.2.1 A Brief History of the Development of the WWW 1 1.1.3 Fast-Forward to Today 1.2 What Is Enterprise Level Security? 1.3 Distributed versus Centralized Security 1.3.1 Case Study: Boat Design 1.3.2 Case Study Enterprise Information Technology Environment 1.3.3 Security Aspects 1.3.3.1 Confidentiality 1.3.3.2 Integrity 1.3.3.3 Availability 1.3.3.4 Authenticity 1.3.3.5 Nonrepudiation 1.4 Crafting a Security Model 1.4.1 ­e Assumptions 1.4.2 Tenets: Digging beneath the Security Aspects 1.5 Entities and Claims 1.5.1 Credentialing 1.6 Robust Assured Information Sharing 1.6.1 Security Requirements 1.6.2 Security Mechanisms 1.6.3 Goals and Assumptions of IA Architecture 1.6.4 Assumptions 1.6.5 A Framework for Entities in Distributed Systems 1.7 Key Concepts 1.7.1 ELS-Specific Concepts 1.7.2 Mapping between Tenets and Key Concepts 1.7.3 Enterprise-Level Derived Requirements 1.7.4 Mapping between Key Concepts and Derived Requirements 1.8 Two Steps Forward and One Step Back 1.9 ­e Approximate Time-Based Crafting 1.10 Summary SECTION I BASICS AND PHILOSOPHY 2 Identity 2.1 Who Are You? 2.2 Naming 2.3 Identity and Naming: Case Study 2.4 Implications for Information Security 2.5 Personas 2.6 Identity Summary 3 Attributes 3.1 Facts and Descriptors 3.2 An Attribute Ecosystem 3.3 Data Sanitization 3.3.1 Guarded and Filtered Inputs 3.3.2 Guard Administrator Web Interface 3.3.3 Integrity in Attribute Stores 3.3.4 Secure Data Acquisition 3.3.5 Integrity at the Source 3.4 Temporal Data 3.5 Credential Data 3.6 Distributed Stores 4 Access and Privilege 4.1 Access Control 4.2 Authorization and Access in General 4.3 Access Control List 4.3.1 Group Requirements 4.3.2 Role Requirements 4.3.3 ACRs and ACLs 4.3.4 Discretionary Access Control and Mandatory Access Control 4.4 Complex Access Control Schemas 4.5 Privilege 4.6 Concept of Least Privilege 4.6.1 Least Privilege Case Study 5 Cryptography 5.1 Introduction 5.2 Cryptographic Keys and Key Management 5.2.1 Asymmetric Key Pairs 5.2.1.1 RSA Key Generation 5.3 Symmetric Keys 5.3.1 TLS Mutual Authentication Key Production 5.3.2 Other Key Production 5.4 Store Keys 5.5 Delete Keys 5.6 Encryption 5.7 Symmetric versus Asymmetric Encryption Algorithms 5.7.1 Asymmetric Encryption 5.7.2 RSA Asymmetric Encryption 5.7.3 Combination of Symmetric and Asymmetric Encryption 5.7.4 Symmetric Encryption 5.7.4.1 Stream Ciphers 5.7.4.2 Block Ciphers 5.7.5 AES/Rijndael Encryption 5.7.5.1 Description of the AES Cipher 5.7.6 Data Encryption Standard 5.7.6.1 Triple DES 5.7.6.2 Description of the Triple DES Cipher 5.8 Decryption 5.8.1 Asymmetric Decryption 5.8.2 Symmetric Decryption 5.9 Hash Function 5.9.1 Hash Function Algorithms 5.9.2 Hashing with Cryptographic Hash Function 5.9.2.1 MD-5 5.9.2.2 SHA-3-Defined SHA-512 5.10 Signatures 5.10.1 XML Signature 5.10.2 S/MIME Signature 5.10.3 E-Content Signature 5.11 A Note on Cryptographic Key Lengths 5.11.1 Encryption Key Discovery 5.11.2 ­e High-Performance Dilemma 5.11.3 Parallel Decomposition of Key Discovery 5.12 Internet Protocol Security 5.13 Other Cryptographic Services 5.14 ­e Java Cryptography Extension 5.15 Data at Rest 5.16 Data in Motion 6 The Cloud 6.1 ­e Promise of Cloud Computing 6.2 Benefits of the Cloud 6.3 Drawbacks of Cloud Usage 6.3.1 Differences from Traditional Data Centers 6.3.2 Some Changes in the ­reat Scenario 6.4 Challenges for the Cloud and High Assurance 6.5 Cloud Accountability, Monitoring, and Forensics 6.5.1 Accountability 6.5.2 Monitoring 6.5.3 Knowledge Repository 6.5.4 Forensic Tools 6.6 Standard Requirements for Cloud Forensics 7 The Network 7.1 ­e Network Entities 7.1.1 Most Passive Elements 7.1.2 Issues of the Most Passive Devices 7.1.3 ­e Convenience Functions 7.1.4 Issues for the Convenience Functions 7.1.5 Content Analyzers 7.1.6 Issues for Content Analyzers SECTION II TECHNICAL DETAILS 8 Claims-Based Authentication 8.1 Authentication and Identity 8.2 Credentials in the Enterprise 8.3 Authentication in the Enterprise 8.3.1 Certificate Credentials 8.3.2 Registration 8.3.3 Authentication 8.4 Infrastructure Security Component Interactions 8.4.1 Interactions Triggered by a User Request for Service 8.4.2 Interaction Triggered by a Service Request 8.5 Compliance Testing 8.6 Federated Authentication 8.6.1 Naming and Identity 8.6.2 Translation of Claims or Identities 8.6.3 Data Requirements 8.6.4 Other Issues 9 Credentials for Access Claims 9.1 Security Assertion Markup Language 9.2 Access Control Implemented in the Web Service 9.3 Establishing Least Privilege 9.4 Default Values 9.5 Creating an SAML Token 9.6 Scaling of the STS for High Assurance Architectures 9.7 Rules for Maintaining High Assurance during Scale-Up 10 Claims Creation 10.1 Access Control Requirements at the Services 10.1.1 Discretionary Access Control List 10.1.2 Mandatory Access Control 10.1.3 Access Control Logic 10.2 Access Control Requirement 10.3 Enterprise Service Registry 10.4 Claims Engine 10.5 Computed Claims Record 11 Invoking an Application 11.1 Active Entities 11.2 Claims-Based Access Control 11.2.1 Authorization in the Enterprise Context 11.3 Establishing Least Privilege 11.4 Authorizing the User to the Web Application 11.5 Authorizing a Web Service to a Web Service 11.6 Interaction between Security Components 11.6.1 Access from within the Enterprise 11.6.2 Disconnected, Intermittent, or Limited Environments 11.6.2.1 Prioritization of Communications 11.6.2.2 Reduction of the Need for Capacity 11.6.2.3 Asset Requirements 12 Cascading Authorization 12.1 Basic Use Case 12.2 Standard Communication 12.3 Pruning Attributes, Groups, and Roles 12.4 Required Escalation of Privilege 12.5 Data Requirements for the Pruning of Elements 12.6 Saving of the SAML Assertion 12.7 SAML Token Modifications for Further Calls 12.8 An Annotated Notional Example 12.9 Additional Requirements 12.10 Service Use Case Summary 13 Federation 13.1 Federation 13.2 Elements of Federated Communication 13.2.1 Naming and Identity 13.2.2 Credentials 13.2.3 PKI—X.509 Certificates 13.2.4 Certificate Services 13.2.5 Bilateral Authentication 13.2.6 Authorization Using SAML Packages 13.2.7 Registration of the STS 13.2.8 Recognizing STS Signatures 13.2.9 Translation of Properties, Roles, and Groups 13.2.10 Other Issues 13.3 Example Federation Agreement 13.4 Access from Outside the Enterprise 13.5 Trusted STS Store 13.6 Trusted STS Governance 14 Content Access Control 14.1 Authoritative and Nonauthoritative Content 14.2 Content Delivery Digital Rights Management 14.3 Mandatory Access Control 14.4 Access Control Content Management System 14.5 Enforcing Access Control 14.6 Labeling of Content and Information Assets 14.7 Conveying Restrictions to the Requester 14.8 Enforcing/Obtaining Acknowledgment of Restrictions 14.9 Metadata 14.10 Content Management Function 14.11 Components of a Stored Information Asset 14.11.1 Information Asset, Section A: ACL, MAC, and Data 14.11.2 Information Asset, Section B: Information Asset as Labeled 14.11.3 Information Asset, Section C: Information Asset Signature(s) 14.11.4 Information Asset, Section D: MDE Metacard 14.12 Additional Elements for Stored Information Assets 14.12.1 Key Words 14.12.2 Storage Location(s) of Key Word Metadata 14.12.3 Reference Identity and Information Asset Description 14.12.4 Information Asset Name 14.12.5 Information Asset Description 14.13 Key Management Simplication 14.13.1 Information Asset 14.14 Import or Export of Information Assets 15 Delegation 15.1 Delegation Service 15.2 Service Description for Delegation 15.3 Form of Extended Claims Record 15.4 Special Delegation Service 16 The Enterprise Attribute Ecosystem 16.1 User and Data Owner Convenience Functions 16.1.1 Self-Registration (Partial) 16.1.2 User Attribute Service 16.1.3 Service Discovery 16.1.4 User Claim Query Service 16.1.5 Direct Service/Application Invocation 16.1.6 Trusted Delegation Service 16.1.7 Special Delegation Service 16.2 Attribute Ecosystems Use Cases 16.2.1 Process Flows Related to Security for Each Service 16.2.2 Updating Claims 16.2.3 Adding a New Identity 16.2.4 Adding a Service 16.2.5 Accessing Services 16.2.6 Providing Delegation 16.2.7 Providing Special Delegation 16.3 Attribute Ecosystem Services 16.3.1 Authoritative Content Import Service(s) 16.3.2 Manage Import and Aggregation Web Application 16.3.3 Manual Entry Web Application for Attributes 16.3.4 AE Import Service 16.3.5 Enterprise Service Registry Web Application 16.3.6 Manage Claims Engine Web Application 16.3.7 Claims Engine 16.3.8 Manage Claims Web Application 16.3.9 Manage Delegation Web Application and Service 16.3.10 Claims Exposure and Editor Web Service 16.3.11 Provide Claims Web Service 16.3.12 Delegation Web Application and Web Service 16.3.13 Manage Groups and Roles Web App 16.3.14 Autoregistration Web App 16.3.15 Write Attribute List 16.3.16 User Query Attributes 16.3.17 User Query Claims 16.3.18 Special Delegation Web Application and Web Service 17 Database Access 17.1 Database Models 17.2 Database Interfaces and Protocols 17.2.1 SQL Databases 17.2.2 XML Databases 17.2.3 Large-Scale Databases 17.2.4 Geospatial Databases 17.3 Overall Database Considerations 17.4 Enterprise Resource Planning Business Software 17.5 ERP as a Legacy System 17.5.1 ERP Attribute System Synchronization 17.5.2 ERP Border System 17.6 Hardening of ERP Database Systems 17.6.1 Hardening Stage One: Encryption of Data at Rest 17.6.2 Hardening Stage Two: Encryption of Data in Transit 17.6.3 Hardening Stage Th­ree: Claims Identity, Access, and Privilege 17.6.4 Hardening Stage Four: Least Privilege for Application 17.6.4.1 Financial Roles 17.6.4.2 Application-Driven Database Operations 17.6.4.3 Application-Driven Annotated Example 17.6.4.4 Data-Driven Database Operations 17.6.4.5 Data-Driven Annotated Example 17.6.5 Hardening Stage Five: Homomorphic Encryption 18 Building Enterprise Software 18.1 Services Types 18.2 Functionality of All Services 18.2.1 Evaluating Inputs 18.2.1.1 Extensible Markup Language 18.2.2 Credentials 18.2.3 PKI Required: X.509 Certificates 18.2.4 PKI Bilateral Authentication 18.2.5 Authorization Using Authorization Handlers 18.2.6 Agents in the Enterprise 18.2.6.1 Self-Help Agents 18.2.6.2 Embedded Agents 18.2.6.3 Monitor Sweep Agents 18.2.6.4 Import Agents 18.2.6.5 Self-Protection Agents 18.2.7 Data Keeping and Correlation 18.3 Service Model 18.4 Enterprise Services Checklist 18.5 Enterprise Service Registry 18.6 Service Discovery: Manual and Automated 18.7 Additional Considerations 18.7.1 Agents in the Enterprise Environment 18.7.2 Code Elements of a Service 18.7.3 Anatomy of a Service 18.7.3.1 Commercial Of-the-Shelf and Legacy Software 18.7.3.2 Load Balancing Applications 18.7.3.3 Web Service Monitor Activities 18.8 Orchestration 18.9 ELS Interface 18.10 Access Control List 19 Vulnerability Analyses 19.1 Vulnerability Causes 19.2 Related Work 19.2.1 Static Code Analysis 19.2.2 Dynamic Code Analysis 19.2.3 Penetration Testing 19.2.4 Code Analysis and Penetration Testing Summary 19.3 Vulnerability Analysis 19.3.1 Vulnerability Analysis Objective 19.3.2 Vulnerability Analysis Information 19.3.3 Obtaining Vulnerabilities 19.3.4 Deriving Penetration Tests 19.3.5 Continuous Updating 19.3.6 Review and Approve 19.4 Flaw Remediation 19.4.1 Flaw Remediation Objectives 19.4.2 Flaw Remediation Information 19.4.3 A Flaw Remediation Process 19.4.4 Flaw Remediation Quality System 19.4.5 Flaw Remediation Reporting 19.4.6 Review and Approve 19.5 Summary 20 An Enterprise Support Desk 20.1 Monitoring 20.2 Data Repository System 20.3 Information for Service Monitoring 20.4 Centralized Repository 20.5 Services by Type 20.6 Data Keeping Requirements 20.7 Naming Schema 20.8 Monitor Activities 20.8.1 Data Generation 20.8.2 Log 4j Specification 20.8.3 Alerts and Automatic Response 20.8.4 SMTP Format for Alerts 20.8.5 Requirements for Java and Service Exception Errors 20.8.6 Record Storage 20.9 Help Desk Breakdown 20.10 Customer Support and Help Desk 20.11 Levels of Service 20.11.1 Level 0: Client Self-Help 20.11.2 Level 1: Basic Information 20.11.3 Level 2: Interactive Support 20.11.4 Level 3: Security, Serious Bugs, and Vendor Support 20.12 Using the Knowledge Repository 20.12.1 Information for Help Desk Operations 20.13 ESD Summary 21 Network Defense 21.1 Expected Behavior 21.2 Introduction 21.3 Current Protection Approaches 21.3.1 Current: Unencrypted Traffic 21.3.2 Current: Encrypted Traffic 21.4 An Alternative to Private Key Passing 21.5 A Distributed Protection System 21.5.1 Appliance Functionality In-Line 21.5.2 Appliance Functionality as a Service 21.6 Next Steps for Appliances 21.6.1 Real Demilitarized Zone 21.6.2 Security Issue 21.6.3 Taking Advantage of Software-Only Functionality 21.6.4 Protecting the Server 21.6.5 Handlers in the Server 21.7 Appliances ­at Change Content 21.7.1 Wide Area Network Acceleration 21.7.2 An Introduction to WAN Acceleration 21.7.3 Current WAN Accelerator Approaches 21.7.4 An Alternative to Private Key Passing 21.7.5 Integrity in a TLS Session 21.7.6 Flows in a High Integrity System 21.7.7 Summary of WAN Acceleration 21.8 Appliances: A Work in Progress 22 Concluding Remarks 22.1 Where We Have Been and Where We Are Going 22.2 Understanding the Approach 22.3 About Th­ose Takeaways Appendix Bibliography Enterprise Level Security 2 Chapter 1. The First 16 Years. 1.1 The Beginning of Enterprise Level Security (ELS) 1.2 Design Principles. 1.3 Key Concepts. 1.4 Implementation. Chapter 2. A Brief Review of the Initial Book. 2.1 Security Principles. 2.2 ELS Framework. Chapter 3. Minimal Requirements for the Advanced Topics. 3.1 Needed Capabilities. 3.2 Creating an Attribute Store. 3.3 Registering a Service. 3.4 Computing Claims. 3.5 User Convenience Services. 3.6 The Enterprise Attribute Ecosystem. 3.7 Summary. Identity and Access Advanced Topics. Chapter 4. Identity Claims in High Assurance. 4.1 Who Are You?. 4.2 Entity Vetting. 4.3 Naming. 4.4 Key and Credential Generation. 4.5 Key and Credential Access Control. 4.6 Key and Credential Management. 4.7 Key and Credential Use. 4.8 Some Other Considerations. Chapter 5. Cloud Key Management. 5.1 Clouds. 5.2 ELS in a Private Cloud. 5.3 The Public Cloud Challenge. 5.4 Potential Hybrid Cloud Solutions. 5.5 Proposed Secure Solutions. 5.6 Implementation. 5.7 Cloud Key Management Summary. Chapter 6. Enhanced Assurance Needs. 6.1 Enhanced Identity Issues. 6.2 Scale of Identity Assurance. 6.3 Implementing the Identity Assurance Requirement. 6.4 Additional Requirements. 6.5 Enhanced Assurance Summary. Chapter 7. Temporary Certificates. 7.1 Users That Do Not Have a PIV. 7.2 Non-PIV STS/CA-Issued Certificate. 7.3 Required Additional Elements. 7.4 Precluding the Use of Temporary Certificates. 7.5 Temporary Certificate Summary. Chapter 8. Derived Certificates on Mobile Devices. 8.1 Derived Credentials. 8.2 Authentication with the Derived Credential. 8.3 Encryption with the Derived Credential. 8.4 Security Considerations. 8.5 Certificate Management. Chapter 9. Veracity and Counter Claims. 9.1 The Insider Threat. 9.2 Integrity, Reputation, and Veracity. 9.3 Measuring Veracity. 9.4 Creating a Model & Counter-Claims. 9.5 Veracity and Counter-Claims Summary. Chapter 10. Delegation of Access and Privilege. 10.1 Access and Privilege. 10.2 Delegation Principles. 10.3 ELS Delegation. 10.4 Delegation Summary. Chapter 11. Escalation of Privilege. 11.1 Context for Escalation. 11.2 Access and Privilege Escalation. 11.3 Planning for Escalation. 11.4 Invoking Escalation. 11.5 Escalation Implementation within ELS. 11.6 Accountability. 11.7 Escalation Summary. Chapter 12. Federation. 12.1 Federation Technical Considerations. 12.2 Federation Trust Considerations. 12.3 Federation Conclusions. ELS Extensions – Content Management. Chapter 13. Content Object Uniqueness for Forensics. 13.1 Exfiltration in Complex Systems. 13.2 Product Identifiers. 13.3 Hidden Messages. 13.4 Content Management. 13.5 Content Object Summary. Chapter 14. Homomorphic Encryption. 14.1 Full Homomorphic Encryption (FHE). 14.2 Partial Homomorphic Encryption (PHE). 14.3 PHE Performance Evaluation. 14.4 Homomorphic Encryption Conclusions. ELS Extensions – Data Aggregation. Chapter 15. Access and Privilege in Big Data Analysis. 15.1 Big Data Access. 15.2 Big Data Related Work. 15.3 Big Data with ELS. 15.4 Big Data Summary. Chapter 16. Data Mediation. 16.1 Maintaining Security with Data Mediation. 16.2 The Mediation Issue. 16.3 Approaches. 16.4 Choosing a Solution. 16.5 Mediation Summary. ELS Extensions – Mobile Devices. Chapter 17. Mobile Ad Hoc. 17.1 Mobile Ad Hoc Implementations. 17.2 Network Service Descriptions. 17.3 Other Considerations. 17.4 Mobile Ad Hoc Summary. Chapter 18. Endpoint Device Management. 18.1 Endpoint Device Choices. 18.2 Endpoint Device Management. ELS Extensions – Other Topics. Chapter 19. Endpoint Agent Architecture. 19.1 Agent Architecture. 19.2 Related Work. 19.3 ELS Agent Methods. 19.4 Endpoint Agent Results. 19.5 Endpoint Agent Conclusions. 19.6 Endpoint Agent Extensions. Chapter 20. Ports and Protocols. 20.1 Introduction. 20.2 Communication Models. 20.3 Ports in Transport Protocols. 20.4 Threats Considered. 20.5 Assigning Ports and Protocols. 20.6 Server Configurations. 20.7 Firewalls and Port Blocking. 20.8 Application Firewalls. 20.9 Network Firewalls in ELS. 20.10 Endpoint Protection in ELS. 20.11 Handling and Inspection of Traffic. 20.12 Additional Security Hardening. Chapter 21. Asynchronous Messaging. 21.1 Why Asynchronous Messaging?. 21.2 Prior Work. 21.3 Asynchronous Messaging Security. 21.4 PSS Rock and Jewel. 21.5 Summary. Chapter 22. Virtual Application Data Center. 22.1 Introduction. 22.2 Enterprise Level Security and VADC Concepts. 22.3 VADC Implementation. 22.4 Resource Utilization. 22.5 Distributed Benefits and Challenges. 22.6 Virtual Application Conclusions. Chapter 23. Managing System Changes. 23.1 System Change. 23.2 Current Approaches. 23.3 The Vision. 23.4 Realizing the Vision. 23.5 Moving into the Future. 23.6 Managing Information Technology Changes. Chapter 24. Concluding Remarks. 24.1 Staying Secure in an Uncertain World. 24.2 The Model is Important 24.3 Zero Trust Architecture. 24.4 Computing Efficiencies. 24.5 Current Full ELS System. 24.6 Future Directions. References and Bibliography. Acronyms 419

About the Author :
Dr. Kevin E. Foltz, Institute for Defense Analyses, has over a decade of experience working to improve security in information systems. He has presented and published research on different aspects of enterprise security, security modeling, and high assurance systems. He also has degrees in Mathematics, Computer Science, Electrical Engineering, and Strategic Security Studies. Dr. William R. Simpson, Institute for Defense Analyses, has over two decades of experience working to improve systems security. He has degrees in Aeronautical Engineering and Business Administration, as well as undergoing military and government training. He spent many years as an expert in aeronautics before delving into the field of electronic and system testing, and he has spent the last 20 years on IT-related themes (mostly security, including processes, damage assessments of cyber intrusions, IT security standards, IT security evaluation, and IT architecture).