Software Requirements Engineerings, 2nd Edition
Software Requirements Engineerings, 2nd Edition
Information system security curricula development
CITC4 '03 Proceedings of the 4th conference on Information technology curriculum
OPERA: An open-source extensible router architecture for adding new network services and protocols
Journal of Systems and Software
Human, organizational, and technological factors of IT security
CHI '08 Extended Abstracts on Human Factors in Computing Systems
Guidelines for designing IT security management tools
Proceedings of the 2nd ACM Symposium on Computer Human Interaction for Management of Information Technology
Discovering vulnerabilities in control system human-machine interface software
Journal of Systems and Software
An analysis of the common body of knowledge of software assurance
Proceedings of the 2010 ACM conference on Information technology education
Hi-index | 0.00 |
This paper presents lessons learned and observations noted about the state of security-engineering practices by three information security practitioners with different perspectives - two in industry and one in academia. All authors have more than 20-years experience in this field and two were former members of the US National Computer Security Center during the early days of the Trusted Computer System Evaluation Criteria and the strong promotion of trusted operating systems that accompanied the release of that document. In the last 20 years, it has been argued that security-engineering practices have not kept pace with the escalating threats to information systems. Much has occurred since that time - new security paradigms, failure of evaluated products to emerge into common use, new systemic threats, and an increased awareness of the risk faced by information systems. This paper presents an empirical view of lessons learned in security-engineering, experiences in applying the trade, and observations made about the successes and failures of security practices and technology. This work was sponsored in part by NSF Grant.