Factors Related to the Implementation of ISSE: A Quality Perspective

摘要

'Bolting on' security functionality in Information Technology (IT) systems late in the System Development Life Cycle (SDLC) can be expensive and adversely affect system functionality and usability. Information Systems Security Engineering (ISSE) is a specialized application of systems engineering that addresses the identification of security requirements and their successful translation into IT system design. Yet experience has shown that security is often the "sacrificial lamb" when project managers seek to trade scope to meet cost and schedule requirements despite increasing security and privacy regulation in multiple industries. Given the proper application of ISSE would preclude such choices, overcoming barriers to implementation of ISSE in the SDLC would help project managers provide targeted application of scarce resources; facilitate proper security engineering; reduce overall risk to project scope, cost and schedule; and address the most critical IT security compliance issues affecting their project.