Application of security principles to integration of enterprise, system and software engineering methods

Weiss, Dawid; Moore, Stanford E.; Robbins, J.

doi:10.1109/iceccs.1996.558413

Cited by 1 publication

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…A review of the literature certainly indicates this position is shared by others, as the use of a security engineering methodology during system development has been advocated for quite some time (Davis, 2004;Grance, Hash, & Stevens, 2004;Jei, Bae, Choi, & Lee, 2006;Levine, 2002;Lim & Carastan, 2004;McAllister, 2002;Singleton, 2007;Snyder, 2002;Stoneburner, Hayden, & Feringa, 2004;Weiss, Moore, & Robbins, 1996). Davis (2004), for example, states the case for ISSE as follows:…”

Section: Isse Processmentioning

confidence: 99%

11.2.1 Factors Related to the Implementation of ISSE: A Quality Perspective

Cline

2008

INCOSE International Symp

View full text Add to dashboard Cite

Bolting on' security functionality in Information Technology (IT) systems late in the System Development Life Cycle (SDLC) can be expensive and adversely affect system functionality and usability. Information Systems Security Engineering (ISSE) is a specialized application of systems engineering that addresses the identification of security requirements and their successful translation into IT system design. Yet experience has shown that security is often the "sacrificial lamb" when project managers seek to trade scope to meet cost and schedule requirements despite increasing security and privacy regulation in multiple industries. Given the proper application of ISSE would preclude such choices, overcoming barriers to implementation of ISSE in the SDLC would help project managers provide targeted application of scarce resources; facilitate proper security engineering; reduce overall risk to project scope, cost and schedule; and address the most critical IT security compliance issues affecting their project. Close NextGiven phishing, pharming, and spyware top the list of threats in 2006, it is probably no surprise the survey categorized identity theft as the "number two IT security hot button … [and] the crime of the 21 st century" (Deloitte et al., 2006, pp. 3, 13). But concern for the loss of personal or private information predates the turn of the century by more than 25 years. The U.S. Congress began legislating requirements for due diligence and due care for this type of information since at least 1974 with passage of the Privacy Act. In the three decades since, we've seen

show abstract