I know this is quite an old thread but this is my first post on Antionline. Not sure if this is the right place...!

To me a 'system' is the whole thing - it's not just the technology, it's the people that use it, the processes, the organisational structure, its interfaces with its environment, control mechanisms, administration, etc and how it all works together for a particular end result.

The problem (at least where I work) seems to be that cyber security is usually just seen as a technical problem rather than a 'whole system' thing. A real example - they'll spend a 50k on a new firewall but it's still possible for a customer to find their way to the Service Desk to demand a password reset, unchallenged...

A chain is only as strong as it's weakest link - so maybe this thread could usefully be about best practice development of whole systems? Processes, people, technology and how they work together as a coherent 'machine' to deliver whatever the purpose of the system is, securely??

(Sorry, not very concise!)