An architectural systems engineering methodology for addressing cyber security

Systems Engineering

Volumn 14, Issue 3, 2011, Pages 294-304

  Bayuk, Jennifer L ^a   Horowitz, Barry M ^b  

^a STEVENS INSTITUTE OF TECHNOLOGY   (United States)

^b UNIVERSITY OF VIRGINIA   (United States)

Author keywords

cybersecurity; security architecture; security metrics; systems security

Indexed keywords

ARCHITECTURAL APPROACH; ARCHITECTURAL FRAMEWORKS; ARCHITECTURAL SOLUTIONS; ARCHITECTURAL SYSTEMS; CRITICAL SOLUTION; CYBER SECURITY; DESIGN TRADEOFF; ENGINEERING METHODOLOGY; PERIMETER SECURITY; SECURITY ARCHITECTURE; SECURITY DESIGN; SECURITY METRICS; SYSTEM SECURITY; SYSTEMS SECURITY;

DESIGN; SECURITY SYSTEMS;

ARCHITECTURE;

EID: 79953660412     PISSN: 10981241     EISSN: 15206858     Source Type: Journal    
DOI: 10.1002/sys.20182     Document Type: Article

References (37)

1. B. Acohido, and, J. Swartz, Zero day threat, Sterling, New York, 2008.
2. S. Adair, R. Deibert, R. Rohozinski, and, G. Walton, Shadows in the cloud: Investigating cyber espionage 2.0, A joint report of the Information Warfare Monitor and Shadowserver Foundation, Toronto, 2010.
3. R. Anderson, Security engineering, 2nd edition, Wiley, Hoboken, NJ, 2008.
4. P. Avgeriou, and, N. Harrison, Pattern-driven architectural partitioning, balancing functional and non-functional requirements, Second Int Conf Digital Telecommun, IEEE, 2007.
5. K. Baldwin, Systems security engineering: A critical discipline of systems engineering, INCOSE INSIGHT 12 (2009), 11-13.
6. J. Bayuk, D. Barnabe, J. Goodnight, D. Hamilton, B. Horowitz, C. Newman, and, S. Tarchalski, Systems security engineering roadmap, final technical report, Systems Engineering Research Center (www.sercuarc.org), Stevens Institute of Technology, Hoboken, NJ, 2010.
7. M. Bishop, Computer security, art and science, Pearson Education, Upper Saddle River, NJ, 2003.
8. J. Boardman, and, B. Sauser, Systems thinking: Coping with 21st century problems, Taylor & Francis, New York, 2008.
9. D.M. Buede, The engineering design of systems, models and methods, Wiley, Hoboken, NJ, 2009.
10. R.A. Clarke, and, R.K. Knake, Cyberwar, HarperCollins, New York, 2010.
11. R. Cloutier, and, D. Verma, Applying pattern concepts to systems (enterprise) architecture, J Enterprise Architects 2 (2) (2006), 138-154.
12. Defense Science Board, High performance microchip supply, Department of Defense, Washington, DC, 2005.
13. DoD, MIL-HDBK-1785, System security engineering program management requirements, US Department of Defense, Washington, DC, 1995.
14. DoD, Information assurance workforce improvement program, DoD 8570.01-M, US Department of Defense, Washington, DC, 2005.
15. DoD, The Under Secretary of Defense for Acquisition Technology and Logistics and The Assistant Secretary of Defense for Networks and Information Integration DoD Chief Information Officer, Report on trusted defense systems, Department of Defense, Washington, DC, 2009.
16. R. Dove, and, L. Shirey, On discovery and display of agile security patterns, Conf Syst Eng Res, Stevens Institute of Technology, Hoboken, NJ, 2010.
17. FEMA, National response framework: Overview, US Department of Homeland Security, Washington, DC, 2008.
18. M. Howard, Writing secure code, 2nd edition, Microsoft Press, Seattle, WA, 2002.
19. ISACA (Information Systems Audit and Control Association), Control objectives for information technology (cobit), IT Governance Institute, Rolling Meadows, IL, 2007.
20. ISF (Information Security Forum), The standard of good practice for information security, London, 2007.
21. ISO/IEC (International Organization for Standardization/International Electrotechnical Commission), Information technologyCsystems security engineeringCcapability maturity model, sse-cmm, ISO/IEC 28127, Geneva, Switzerland, 2002.
22. ISO/IEC (International Organization for Standardization/International Electrotechnical Commission), Information technologyCsecurity techniquesCinformation security management systemsCrequirements, ISO/IEC 27001, International Standards Organization, Geneva, Switzerland, 2005a.
23. ISO/IEC (International Organization for Standardization/International Electrotechnical Commission), Information technologyCsecurity techniquesCcode of practice for information security management, ISO/IEC 27002, Geneva, Switzerland, 2005b.
24. ISO/IEC (International Organization for Standardization/International Electrotechnical Commission), Systems and software engineeringCsystems and software assuranceCpart 2: Assurance case, ISO/IEC 15026, Geneva, Switzerland, 2009.
25. A. Jaquith, Security metrics, Pearson Education, Upper Saddle River, NJ, 2007. Table 3-3.
26. W. Larson, D. Kirkpatrick, J. J. Sellers, D. Thomas, and, D. Verma, Applied space systems engineering, McGraw Hill, New York, 2009.
27. J. Markoff, FBI says the military had bogus computer gear, The New York Times, May 9, 2008.
28. T. Mather, S. Kumaraswamy, and, S. Latif, Cloud security and privacy: An enterprise perspective on risks and compliance, O'Reilly, Sebastopol, CA, 2009.
29. J. Menn, Fatal system error, Perseus Books Group, Jackson, TN, 2010.
30. W.P. Mulokey, Using the U.S. Department of Defense architecture framework to build security into the lifecycle, INCOSE Insight, 12 (2009), 27-29.
31. PCI, Payment Card Industry (PCI) Security Standards Council, Payment card industry (pci) data security standard, version 1.2, Wakefield, MA, 2008.
32. R. Ross, S. Katzke, A. Johnson, M. Swanson, G. Stoneburner, and, G. Rogers, Recommended security controls for federal information systems, sp 800-53 rev 2, National Institute of Standards and Technology, Gaithersburg, MD, 2007.
33. M. Schumacher, E. Fernandez-Buglioni, D. Hybertson, F. Buschmann, and, P. Sommerlad, Security patterns, integrating security and systems engineering, Wiley, Hoboken, NJ, 2006.
34. US Comptroller General, Report to Chairman, Committee on Government Operations, House of Representatives of the United States, Washington, DC, May 1981.
35. J. Weiss, Protecting industrial control systems from electronic threats, Momentum Press, Williston, VT, 2010.
36. C. Wilson, ACybercrime,@ Cyberpower and national security, F.D. Kramer, S.H. Starr, and L. Wentz (Editors), Potomac Books, Dulles, VA, 2009, Chap. 18.
37. W. Wulf, and, A. Jones, Reflections on cyber security, Sci Mag 326 (2009), 943-944.