Security is a common business and technology risk that has been elevated in priority and visibility over recent years, as a result of compelling new business need. New technological capabilities have empowered malicious users in ways unanticipated by the architects of personal computers and internet capable technologies. In a race to shore up these deficiencies, whole new industries have been spawned that are focused on addressing information security as a discreet engineering process problem.

As a means of pointing up its uniqueness, security has been called an “emerging property of systems.” However the same can be said for performance, reliability, availability and safety in the face of changing environmental conditions. Fundamentally, security is a quality attribute of systems, different from the others in only one respect: it is the gateway to undermining all the rest.

Faulty security allows a malicious agent to commandeer system resources, causing performance problems; it allows agents to damage or replace working code or data, causing reliability problems; it allows agents to subvert systems, impeding availability; and it allows agents to alter or impede system functions, potentially causing serious safety problems.

While the relative importance of security to business has changed, its fundamental nature has not. The difference between security and other system quality attributes is not one of substance, but one of priority. Therefore, while technology specific knowledge and skills may be necessary to address certain engineering problems, time tested engineering process standards are fully capable of accommodating this 21st century problem if enhanced with appropriate security guidance.

Copyright 2005 Bar Biszick-Lockwood/QualityIT

More Roles & Responsibilities

Home