Title :
Risk-based systems security engineering: stopping attacks with intention
Author :
Evans, Shelby ; Heinbuch, David ; Kyle, Elizabeth ; Piorkowski, John ; Wallner, James
Abstract :
In most modern information systems (IS), functionality and security are competing design goals. Therefore, system designers are constantly forced to make security-related trade-off decisions. Systems security engineers must build systems that are secure against real-world attacks without overengineering against any particular one. By understanding which attacks are most likely and which risks are most serious, system designers can make informed security-related trade-off decisions. We describe a systems security engineering methodology designers can use to make these decisions.
Keywords :
computer network management; information systems; risk analysis; security of data; systems engineering; telecommunication security; IS; information systems; real-world attacks; risk-based security engineering; systems security engineering; trade-off decisions; Availability; Computer hacking; Data security; Design engineering; Information security; Information systems; Predictive models; Risk analysis; Space missions; Systems engineering and theory; 65; Mordor; attack intentions; profiles; security systems; threat assessment;
Journal_Title :
Security & Privacy, IEEE
DOI :
10.1109/MSP.2004.109
