Harmonizing and Uniting the Key Technical Disciplines for Risk Management of Cyber Security

This paper addresses the need to bridge the cultural, educational, and technical divides that are impeding professionals and organizations engaged in system and software development and associated security problems. In particular, harmonizing and uniting several key technical disciplines (software engineering, computer science, systems engineering) are critical for a sustainable risk management process incorporating the best practices of cyber security and information assurance. We identify the foundations for raising the level of shared culture and technical knowledge for system and software development, and suggest steps toward closing the cultural and technical gaps that divide the disciplines, including the development of joint curricula and other educational initiatives. A fundamental issue is how to link “mission assurance” with “information assurance,” recognizing that more and more missions are being provided with automation support and therefore are more and more information dependent. The paper is in six parts: Introduction, Six Principal Deficiencies of Cyber Security and Information Assurance, The Steps of a Systemic Risk-based Methodological Approach, The Roles of Universities and Other Institutions of Higher Education and Research, The Roles of the Institute for Information Infrastructure Protection, and Epilogue.