| (I) A plan and set of principles that describe (a) the security
services that a system is required to provide to meet the needs of
its users, (b) the system elements required to implement the
services, and (c) the performance levels required in the elements
to deal with the threat environment. (See: (discussion under)
security policy.)
(C) A security architecture is the result of applying the system
engineering process. A complete system security architecture
includes administrative security, communication security, computer
security, emanations security, personnel security, and physical
security (e.g., see: [R2179]). A complete security architecture
needs to deal with both intentional, intelligent threats and
accidental kinds of threats.
|
