Abstract
Who is responsible for systems security? As shown in figure 1, the acquirer (Acq) thinks it is the supplier, the supplier (Sup) delegates that responsibility to systems engineering, who pass it on to system security engineering (SSE), who meet requirements originating with the acquirer. This arrangement results in a finger-pointing circle when security fails. New revisions to the INCOSE Systems Engineering Handbook are integrating responsibility for system security into the systems engineering processes. Placing responsibility on systems engineering is only a first step. A second step requires mutual engagement between systems engineering and security engineering, an engagement that can only be enabled by systems engineering. Systems engineers and program or project managers will be expected to engage effectively throughout the systems engineering processes and activities—beginning with requirements analysis and the concept of operations, and proceeding through the full lifecycle of development, operations, and disposal. The theme articles in this issue of INSIGHT focus on the nature and problems of effective security engineering engagement in critical systems engineering processes. In the end, the acquirer and the supplier must also engage, in a shared responsibility that recognizes and deals with an unpredictable future of security threats. But that is another story, one that cannot be effective until systems and security engineering engagement is achieved.
Paper version not known (
Free)
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call