Engineering secure systems with ISO 26702 and 27001

System engineers are confronted with fast-paced technology developments, complicated contractual relationships, emerging threats and global security requirements, concerns for sustainability and viability of their ventures and a raft of other issues. In this environment, information technology-intensive systems in particular are exposed to risk and recent high-profile incidents have contributed to significant emphasis to be given to security. It is however impossible for systems engineers to become specialists in all areas of concern in order to be able to tackle effectively those issues and thus architecting systems needs to take into account good practice and existing relevant knowledge. When such knowledge is embodied into established and widely accepted standards, not only is there the opportunity to capitalise on their mature content but also to ripe the benefits of compliance, seamless integration and competitive advantage that standardisation provides. In this spirit we investigate in this paper the use of two popular and established standards, the ISO 27000 series and ISO/IEC 26702, as aids in the process of engineering secure systems.