Authors: Scott H. Bell
Addresses: Graduate School of Computer and Information Sciences, Nova Southeastern University, 3301 College Avenue, Fort Lauderdale-Davie, Florida 33314-7796, USA
Abstract: As the Department of Defense (DoD) pursues methods within the systems engineering process to combat potential information assurance (IA) vulnerabilities, a new paradigm is required. This paper introduces the concept of securability as a new ility to be considered within the systems life cycle. Alongside the traditional system ilities (i.e., reliability, maintainability, supportability, etc.), securability will establish a standardised, measurable and rigorous approach to ensuring a system meets its mission objectives in a secure manner. DoD systems security capability analysis continues to mature today with the improvement of information assurance controls (DoD 8500 and NIST 800-53), but it is still conducted in a non-standard ad hoc fashion in various phases of the systems life cycle. This paper provides a foundation for the concept of securability which will focus on the technical performance measures of a systems' security from the beginning stages (e.g., concept development) to the end point (e.g., retirement and disposal). The time has come to establish securability as an integral part of the design and operational criteria for systems and the larger more vexing systems of systems through a formal and rigorous engineering approach instead of the current external and ad hoc approach.
Keywords: system of systems engineering; SoSE; information assurance; vulnerabilities; securability; security capability analysis.
International Journal of System of Systems Engineering, 2012 Vol.3 No.3/4, pp.320 - 336
Received: 17 Dec 2012
Accepted: 17 Dec 2012
Published online: 16 Aug 2014 *