Premium
6.1.0 Is System Security Engineering Failing? If So, What Can System Engineering Do About It?
Author(s) -
Dove Rick,
Rhodes Donna,
Snoderly John,
Baldwin Kristen,
Bayuk Jennifer
Publication year - 2011
Publication title -
incose international symposium
Language(s) - English
Resource type - Journals
ISSN - 2334-5837
DOI - 10.1002/j.2334-5837.2011.tb01234.x
Subject(s) - security engineering , computer security , risk analysis (engineering) , computer science , security through obscurity , process (computing) , action (physics) , security service , cloud computing security , business , security information and event management , information security , network security policy , cloud computing , physics , quantum mechanics , operating system
Abstract Security for systems of all kinds has become an urgent global concern in the face of increasing attack effectiveness and decreasing security effectiveness – measured simply by increasing losses and penetrations unchecked by increasing security expenditures. Is this a problem with security engineering, systems engineering, or the customer? Is system security strategy broken? Where does remedial action need be taken, and what would that be? Some say it is an economic tradeoff imposed by the customer. Some say it is reliance on ineffective security standards, technologies, and strategies. And some say it is a shortfall of system engineering process, knowledge, and priority. Regardless, systems engineering is responsible for life cycle effectiveness and must recognize, address, and solve this problem in some way—‐ by doing something different. Where is the gap and how does Systems Engineering begin to close it?