Security architects in practice

While security has long been a significant issue in military systems, the spread of the internet has stimulated a growing interest in, and increasing demand for, secure systems. Understanding how architects manage security requirements in practice is a necessary first step in providing repeatable processes using effective techniques, methods, and architectural structures. In this thesis, I present the results of multiple cases of practicing security architects: key aspects in security requirements, critical issues in managing security requirements, essential characteristics of security architects, how architects define security architecture, and how requirements are transformed into architectures and implemented.