Organizational Barriers to the Implementation of Security Engineering

The link between security engineering and systems engineering exists at the earliest stage of systems development, and, as a whole, there is sufficient evidence to suggest the discipline of security engineering is sufficiently mature to support its implementation. However, there is little in the literature on the practical application of security engineering and even less empirical work grounded in adoption theory. In contrast, the body of knowledge on quality programs is quite extensive and includes general literature on quality models as well as adoption studies of their implementation. Specific factors related to quality implementations are also well documented and generally well understood. This survey study clearly substantiates a connection between these quality factors and security engineering, provides the opportunity for further research on causal models, and supports the application of lessons learned from quality program efforts to the implementation of a security engineering methodology in system acquisition and development.