Systems Engineering and Information Security Integration in the Development Lifecycle

Systems Engineering and Information Security Integration in the Development Lifecycle

Topic: Systems Engineering and Information Security

Systems Engineering Overview

Systems engineering centers on defining the client's requirements and functionality early in the development cycle. Then one refines and documents the requirements that represent the needs. The method continues into design synthesis, development, system validation, deployment, operation, and retirement while considering the entire problem or also known as the system life cycle (Jacobs, 2016, p. 31). In short systems engineering is an interdisciplinary method to building complex and technologically diverse systems as described by Douglass (2016).

Critical Elements in Systems Engineering

The most critical element is collecting the requirements and functionality for the project in my opinion. The requirements or goals and objects of the projects, or as Jacobs (2016) describes, to identify and quantify the system goals and objectives or design synthesis. If one does not get the critical needs of the client, a great deal of money could be wasted going forward creating a product or function for the client that is not quantified correctly. One could use an Agile methodology which is iterative method and could be more efficient than the waterfall method. The waterfall method collects requirements and goals at the start of the systems engineering process where the Agile system engineering method is a more iterative approach to the Systems Engineering process as described by Douglass (2016). Agile System Engineering provides feedback on progress, completeness, quality, and velocity on a regular basis and the incremental engineering approach improves both project control, as well as product quality as Douglass (2016), points out.

Information Security Considerations

During the system engineering process, information security is the commonly an overlooked elements in my opinion and may or may not be included in the design synthesis, development, system validation, deployment steps of the methodology. Generally, in my experiences, during the system engineering process, security is not a focus but getting the requirements, goals, and objectives finalized and moving on to the design synthesis, system validation, and deployment is most important to the client. Security, as described by Douglass (2016), is part of dependability. Dependability refers to the ability to depend upon a system in the intended environment, with its intended use, as well as when these assumptions are violated. Dependability includes safety, reliability, and security. Dependability concerns are both intrinsic and extrinsic. Intrinsic concerns are present due to the essential nature of the system.

Modern Security Practices and Standards

All the cybersecurity issues that are occurring today are forcing information security to become an critical focus for organizations. As Jacobs (2016) discusses a security management program can be helped by numerous well-known security practices and procedures, namely the international standards ISO 27001 and ISO 27002 (Jacobs, 2016, p. 171). My place of employment is currently progressing through becoming ISO-27001 information security compliant, and the information security team is assisting teams in increasing security posture. The other tool implemented at the organization is a maturity dashboard that is part of the continuous integration and continuous delivery (CI/CD) processes. The dashboard displays metrics on the micro-services going through the CI/CD build pipeline. The code is scanned for security vulnerabilities, and other metrics are collected. If the maturity dashboard finds the score above the needed required value to go live, the development team will need to rework the code until the score is below the acceptable threshold to allow the application code to be deployed to the production environment automatically.

References

Douglass, B. P. (2016). Agile systems engineering. Morgan Kaufmann.

Jacobs, S. (2016). Engineering information security: The application of systems engineering concepts to achieve information assurance (2nd ed.). Hoboken, NJ: John Wiley & Sons.

Peltier, T. R. (2013). Information security fundamentals (2nd ed.). Boca Raton, FL: CRC Press. https://doi.org/10.1201/b15573