Network-centric information systems are increasingly called upon to support complex tasks and missions that serve multiple communities of interest. As a result, existing capabilities are exposed as services in a service-oriented system, and newer capabilities are derived by discovering and composing available services. While service-orientation enables and facilitates such composition-based system construction, the evolving nature and variety of standards and the varying level of compliance of otherwise feature-rich vendor products has made achieving acceptable level of security and resilience in such systems a daunting and error-prone task. This paper presents a number of factors that contribute to the security of composed service-oriented systems, and outlines ways to avoid common pitfalls and mistakes that stem from these factors and weaken the resiliency and survivability of the composed system.