Secure Systems Engineering (SSE)
Secure Systems Engineering (SSE) is a systems-engineering based approach to security, where security requirements are focused on system processes and functionality.
SSE encourages you to think about your capability as a whole when deriving security needs for a system, in particular the resilience of systems through-life.
Resources in the NIST 800-160 series provide advice on applying the principles of SSE across capability delivery.
They encourage teams to track key security objectives by creating measures of performance.
SSE needs greater investment upfront, but results in a more secure capability, with a lower through-life cost.
SSE encourages you to think about your capability as a whole when deriving security needs for a system, in particular the resilience of systems through-life.
Resources in the NIST 800-160 series provide advice on applying the principles of SSE across capability delivery.
They encourage teams to track key security objectives by creating measures of performance.
SSE needs greater investment upfront, but results in a more secure capability, with a lower through-life cost.
Benefits
SSE helps capabilities:
- deliver systems designed in a secure and resilient manner
- understand and manage complexity across multiple systems
Outcomes
Outcomes of defining SSE:
- security objectives
- security requirements embedded as key system requirements
- measures of performance
Responsibility
Who is responsible for SSE:
- delivery team lead
- project management office (PMO)
- delivery team security lead
When to carry out secure systems engineering
An SSE approach should be integrated into all stages of a capability’s lifecycle.