ABSTRACT
System security is a composition of people, processes, and
products. People are system users, administrators, and
managers. Processes represent the operational aspects of
the system which are manual or automated. Products are
the physical and intangible attributes such as facilities and
the hardware and software components that make up a
system. Generally, each of these groups is subject to the
same security requirements; however, each grouping faces
its own unique challenge regarding consistent compliance
with established requirements. People may not know,
understand, or follow security rules. Processes sometimes
become antiquated or have flaws in them that expose a
system to a threat. Product implementations are challenged
by security patch updates and insecure configurations.
Interaction between these groups forms a basis of produc-
tivity within an organization. This interaction creates a
complex situation when each group interacts with another
aspect.