Premium
1 Information Security Risk Management for Systems Engineers
Author(s) -
Gauvain Tony
Publication year - 1999
Publication title -
incose international symposium
Language(s) - English
Resource type - Journals
ISSN - 2334-5837
DOI - 10.1002/j.2334-5837.1999.tb00238.x
Subject(s) - risk analysis (engineering) , computer security , computer science , order (exchange) , risk management , security information and event management , security management , information security management , security testing , security service , information security , business , cloud computing security , cloud computing , finance , operating system
Designing security in at the start of system definition and design, rather than adding it later, has long been accepted wisdom. Sadly system security has often been found to be deficient, and attempts to add improvements later have often proved to be disastrous. Systems engineers see security as a contribution to a system's value to be managed throughout the system's life‐cycle. Increasingly networked systems produce increased benefit, but also increased risk. Standards such as BS7799 are emerging as a necessary way of promoting trust between networked and inter‐dependent systems. Information Security Risk Management is an essential part of the good health of a system's life‐cycle. Managing Risk requires its measurement. This paper shows how the complexity and urgency of the relationship between Assets, Threats and Vulnerabilities in order to calculate Risk and then determine Safeguards, can only be met by sophisticated computer aided algorithmic software applications.