Identifying Security Requirements Body of Knowledge for the Security Systems Engineer

Abstract

The interconnected nature of Industry 4.0–driven operations and systems is introducing the use of new digitized and connected industrial systems. These new connected environments impact system security, requirements engineers to include elicitation of security requirements as functional requirements. Academia and industry argue that systems engineers are not adequately prepared for the security- related activities required in the specification of secure systems. This paper utilizes a cybersecurity framework to create the body of knowledge related to Security Requirements Engineering for a module in systems engineering. The determined body of knowledge show Risk Management, Laws and Regulations, and Human Factors related to security must be considered in the changing technological landscape. Although not all systems engineers must have expert knowledge in this field, all systems engineers must have fundamental knowledge in security practice and the ability to apply systems thinking.