Engineering

• Engineering is an approach that involves a set of processes to develop a solution, which can be a system, software, or any deliverable, transformed from stakeholders’ requirements and support the solution throughout its life. (short version)
• Engineering is an approach that involves a set of processes of applying knowledge and skills to understand and manage stakeholders’ requirements, propose and implement a solution to address those requirements, and utilize and support that solution to create value persistently until its retirement. (long version)
• Systems and software engineering are engineering approaches to deliver systems or software as a solution.

Systems Engineering

Systems Engineering is an interdisciplinary approach and means to enable the realization of successful systems.
– It focuses on defining stakeholder needs and required functionality early in the development cycle, documenting requirements, then proceeding with design synthesis and system validation while considering the complete problem.
– It integrates all the disciplines and specialty groups into a team effort forming a structured development process that proceeds from concept to production to operation.
– It considers both the business and the technical needs of all stakeholders with the goal of providing a quality product that meets the needs of users and other applicable stakeholders. This life cycle spans the conception of ideas through to the retirement of a system.
– It provides the processes for acquiring and supplying systems.
– It helps to improve communication and cooperation among the parties that create, utilize and manage modern systems in order that they can work in an integrated, coherent fashion.

Source: ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes

Life Cycle

Every person has his or her own life, so does a system or software. The life cycle of systems or software differs. A system or software life cycle typically comprises a collection of processes (aka life cycle processes) conducted across stages (or phases) from its inception to retirement in engineering.

The term “development” in the system or software development life cycle (SDLC) has been misleading because it implies “building,” “making,” “constructing,” or “implementing” something. However, it’s far from possible nowadays for an organization to “develop” alone without any procurement or acquisition. Procurement means buying something from suppliers, while acquisition is used in a broader sense to refer to getting anything from any parties paid or for free.

Stages

The stages of a life cycle vary. Organizations tend to tailor life cycle stages based on an engineering approach and may iterate the life cycle in a project. ISO/IEC 15288 proposes life cycle processes but doesn’t prescribe six stages in the system life cycle (SLC).

Processes

It’s not uncommon that the processes conducted across life cycles vary from time to time. However, the revised ISO/IEC/IEEE 15288:2015 and ISO/IEC/IEEE 12207:2017 are intended to achieve a fully harmonized view of the system and software life cycle processes.

A process is typically conducted across the life cycle with various degrees. Verification and validation are primary processes conducted in the commonly known “testing” or “test” stage. However, requirements, designs, work products, deliverables, final products, etc., can and should be verified and validated in different stages.

Reference

• ISO/IEC/IEEE 15288:2015 Systems and software engineering — System life cycle processes
• ISO/IEC/IEEE 12207:2017 Systems and software engineering — Software life cycle processes
• ISO/IEC 15288
• What Is Engineering?
• Security Architecture and Engineering
• CISSP PRACTICE QUESTIONS – 20210514
• Experience Report on the Development of a Network Management Application in a Small Mexican IT Firm

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.