IEEE Access (Jan 2017)
System-Agnostic Security Domains for Understanding and Prioritizing Systems Security Engineering Efforts
Abstract
As modern systems continue to increase in size and complexity, current systems security practices lack an effective approach to prioritize and tailor systems security efforts to successfully develop and field systems in challenging operational environments. This paper uniquely proposes seven system-agnostic security domains, which assist in understanding and prioritizing systems security engineering (SSE) efforts. To familiarize the reader with the state-of-the-art in SSE practices, we first provide a comprehensive discussion of foundational SSE concepts, methodologies, and frameworks. Next, the seven system-agnostic security domains are presented for consideration by researchers and practitioners. The domains are intended to be representative of a holistic SSE approach, which is universally applicable to multiple systems classes and not just a single-system implementation. Finally, three examples are explored to illustrate the utility of the system-agnostic domains for understanding and prioritizing SSE efforts in information technology systems, Department of Defense weapon systems, and cyber-physical systems.
Keywords
