Useful Links |
|
Article Details :: |
|
Article Name : | | A MAJOR AND KEY ROLE IN THE MANAGEMENT OF RISK ASSESSMENT FOR INFORMATION SYSTEMS | Author Name : | | DVSS.SUBRAHMANYAM | Publisher : | | Ashok Yakkaldevi | Article Series No. : | | GRT-2799 | Article URL : | | | Author Profile View PDF In browser | Abstract : | | The purpose of this research paper is to illustrate the industrial needs for Information Systems Security Engineering(ISSE) in order to build Information Assurance (IA) into a system rather than the current costly practice of fixing systems after production. Extensive research was performed by collecting information from throughout the World Wide Web to include sites such as the Workshop for Application of Engineering Principles to System Security Design, as well as many others. This research realized the following findings: (1) IA is dangerously left out of systems engineering processes; (2) a consortium from academia, industry and the federal government have formalized ISSE and its processes; (3) federally sponsored and industrially sponsored professional certifications exist for security engineers practicing ISSE; (4) ISSE, however, is not greatly used today due to a lack of understanding and a perceived high cost; (5) end-users are beginning to understand IA and are calling for more secure systems. This paper was written to illustrate a way forward, a method to bring ISSE to the frontlines of systems engineering and bring to life a notional concept of Designing for Security. This paper does not provide quantitative analyses as to the benefits of ISSE vs. the initial up front costs; however, further research should be accomplished in the future to address this. In conclusion, I recommend that ISSE must be identified as a critical component of the systems engineering lifecycle and be properly utilized to ensure that future products meet the IA demands of the end user. To achieve this, academia must build degree programs to educate ISSE and incorporate ISSE into existing degree programs; industry and the federal government must both embrace these principles and apply these techniques to their postproduction, active engineering as well as new program developments. | Keywords : | | |
|
|