Premium
8.1.1 People, Policy and Technology: Considerations in Designing a Robust Security Framework
Author(s) -
Reed Michael
Publication year - 2009
Publication title -
incose international symposium
Language(s) - English
Resource type - Journals
ISSN - 2334-5837
DOI - 10.1002/j.2334-5837.2009.tb01010.x
Subject(s) - process (computing) , computer security , order (exchange) , transactional leadership , process management , enforcement , computer science , security policy , product (mathematics) , toll , business , risk analysis (engineering) , psychology , social psychology , geometry , mathematics , finance , political science , law , operating system , biology , genetics
This paper analyses the process which was employed in defining the security architecture for a latest‐generation Electronic Toll Collection (ETC) system. It focuses on one fundamental operational requirement – the non‐repudiation of transactional data and the evidence of travel in support of the enforcement of tolling events – and uses this to highlight the essential integration between technological capability and operational processes in delivering a secure solution. Put simply: in a market of off‐the‐shelf security “solutions”, it is essential at the enterprise level to recognise that security is a process, not a product. The interactions between technical and technological capabilities, operational policies, people and business processes must be tightly aligned in order to demonstrate that the enterprise has achieved the non‐repudiation of transactional data, and has a sound basis for tolling.