ABSTRACT
System security is a composition of people, processes, and products. People are system users,
administrators, and managers. Processes represent the operational aspects of the system which are
manual or automated. Products are the physical and intangible attributes such as facilities and the
hardware and software components that make up a system. Generally, each of these groups is subject to
the same security requirements; however, each grouping faces its own unique challenge regarding
consistent compliance with established requirements. People may not know, understand, or follow
security rules. Processes sometimes become antiquated or have flaws in them that expose a system to a
threat. Product implementations are challenged by security patch updates and insecure configurations.
Interaction between these groups forms a basis of productivity within an organization. This interaction
creates a complex situation when each group interacts with another aspect.