Government computer systems potentially provide multiple avenues over which to mount an attack — networks, operating systems, applications, servers, smartphones, and more. Even assets like firewalls and malware detection software, designed to thwart attacks, can be a target.
That’s why effective security must be in depth. That’s security engineered into each layer of the system (from the network to the application layer) and beyond. In fact, all elements that impact system security lie within security engineering’s scope, whether that is penetration tests, software upgrade procedures, staff education, system audits, physical security measures, or anything else.