The security functions of the system that exhibit security protection behavior and therefore, have functional and performance attributes. These functions explicitly satisfy security requirements that address the behavior, utilization, and interaction of and among technology/machine, environment, human, and physical system elements
Protection Capability and Security
A protection capability represents the “many things that come together” in a planned manner to produce the emergent system security property. The protections must come together properly so as to do what the protections are supposed to do and to do nothing else. Moreover, they must achieve this property despite the conditions mentioned previously that result in asset loss and associated consequences. Accordingly.
Confidentiality – ensuring that the information is not subject to unauthorized disclosure (is not readable to the wiretapper through passive wiretapping or eavesdropping) • Integrity – ensuring that the information is not subject to unauthorized and undetected modification (selective modification by the wiretapper through active wiretapping or tampering) • Inference – ensuring that the wiretapper is not able to deduce anything about the information .
The environment for the execution and construction of all security functions (both active protection and general system functionality). Passive protection includes architecture, design, and the rules that govern behavior, interaction, and utilization.
System security is optimized by engineering design based on a balanced proactive and reactive loss prevention strategy. A proactive loss strategy includes planned measures that are engineered to address what can happen rather than what might happen—to proactively identify and rid the system of weaknesses and defects that lead to security vulnerability; to proactively understand the certainty and uncertainty of threats, both of the adversarial and non-adversarial nature; and to put in place the means and methods to protect against adverse consequences. Proactive systems security engineering also includes planning for failure regardless of whether the failure results . from adversarial or non-adversarial events, and to ensure that the system can be securely resilient to such events, and resilient otherwise