Engineering Information Security: The Application of Systems Engineering Concepts to Achieve Information Assurance

From design to deployment to decommissioning: a systems engineering approach to information security

With this book as a guide, readers learn to apply a tested and proven methodology to address the information security concerns of any organization, ensuring that specific classes of information are only accessible to designated users. The methodology is based on systems engineering, a set of concepts that enable the systematic documentation of objectives and set forth the functional and performance capabilities needed to achieve those objectives. Because the book considers the complete life cycle of security systems, it also guides readers through deployment, operations, and eventual decommissioning. Moreover, the book goes well beyond technical requirements, enabling the full account of all aspects of an organization's needs, including:

• Day-to-day operations

• Services and products provided and consumer markets served

• Overall competitive environment and key competitors

• Legal and regulatory requirements

• Vulnerability to criminal activity

The book includes a CD which contains more than 200 color figures and diagrams to help illustrate and simplify complex systems and processes. Numerous examples throughout the book show step by step how to put security concepts and mechanisms into practice. The CD also includes a number of useful appendices, including a listing of individual state privacy laws, a sample enterprise security policy document, and a sample request for proposal.By presenting a systems engineering approach to information security, this book enables security practitioners and students of information security to cope with rapid changes in technology in order to consistently provide the level of information security needed to fully protect the interests of an organization, its personnel, and its customers.