Systems engineering is a specialty engineering discipline of engineering that applies scientific, mathematical, engineering, and measurement principles, concepts, and methods to coordinate, orchestrate, and direct the activities of various security engineering specialities and other contributing engineering specialities to provide a fully integrated, system-level perspective of system. Security in Systems Engineering multidisciplinary approach follows and supplements International Standard ISO/IEC/IEEE 15288, Systems and software engineering — System life cycle processes. The system life cycle processes can be used for new systems, system upgrades, or systems that are being repurposed; can be employed at any stage of the system life cycle [NIST 800-160 Vol 1].
The tailor made security activities and tasks within the system engineering life cycle processes will ensure that the specific systems resulting from the application of the security principles and concepts have the level of trustworthiness deemed appropriate and sufficient and/or have limited the effect of loss of assets to acceptable levels by your organisation and/or stakeholders.
The goal of Security in System Engineering will be to provide a framework to address the current and future vulnerabilities in systems under consideration. In collaboration with your team, we will embed security in all facets of system engineering process.
- Agreement and Acquisition Process
- Organisational Enabling Process (Infrastructure, Quality and Knowledge Management)
- Technical Management Process (Security Planning, Project Assessment and Control, Risk and Governance, Information Management and Assurance)
- Technical Process (Concept and Architecture, Design, Development, Integration, Verification & Validation, Transition to Operation, Maintenance and Disposal)
Our experts have extensive experience in helping customers in implementation of Security within ISO/IEEE 15288 process and procedures. Implementation of NIST SP800 or IEC62443 frameworks within System Engineering Processes can and will help your organisation achieve its system engineering targets and goals. Big Infrastructure projects usually are mandated to follow system engineering processes.
If you unsure where to start, Blackpawn can help you from Concept to Delivery and well beyond delivery, into Operation.
Blackpawn has expertise in delivering various security frameworks and requirements (NIST SP800-82, IEC62443, ACSC ISM, CIS) within Systems Engineering processes and create or contribute to necessary documentation such as Information/Risk Security Management Plans, Integration and Configuration Management Plans or Safety and Assurance Management Plans.
We have the capability and experience to advise and help your project or organisation to create, assess, validate and verify cyber security documentation (Management Plans, System Design Documents, Application Design Documents, Design Artifacts, Assurance evidence etc...) based on cyber security best practices and frameworks. Our niche experts are quite familiar with systems that are safety critical (SIL4) within Railway Signalling and Aerospace industry. We have also experience and capability in vulnerability assessment and penetration testing of SIL4 systems.
Whether the project hasn't started or about to finish, it is not too late to assess your input requirements or outcomes against security requirements; we are here to help. Below is small list of services that we do offer in the package of System Security Engineering:
- Governance and Risk Management
- Assurance and Cyber Security Case (In railway signalling, according to TS50701)
- Specify and Design
- Verification and Validations
- Secure Operations and Maintenance
- Independent Cyber Security Assessment (ICSA)