Security Engineering: It Is All About Control and Assurance Objectives

Abstract

Information security engineering is the specialized branch of systems engineering that addresses the derivation and fulfillment of a system’s security requirements. For years, security engineering practitioners have claimed that security is easier to build into a system when it is integrated with the system analysis and design. This paper presents some basic tenets of security analysis that can be applied by any systems engineer to ensure early integration of security constraints into the system definition and development process. It sheds light on security requirements interpretation to facilitate the fulfillment of security requirements throughout the system lifecycle.