Security engineering

Security engineering is the process of incorporating

requirements, but it has the added dimension of preventing misuse and malicious behavior. Those constraints and restrictions are often asserted as a security policy

.

In one form or another, security engineering has existed as an informal field of study for several centuries. For example, the fields of locksmithing and security printing have been around for many years. The concerns for modern security engineering and computer systems were first solidified in a RAND paper from 1967, "Security and Privacy in Computer Systems" by Willis H. Ware.^[2] This paper, later expanded in 1979,^[3] provided many of the fundamental information security concepts, labelled today as Cybersecurity, that impact modern computer systems, from cloud implementations to embedded IoT.

Recent catastrophic events, most notably

9/11

, have made security engineering quickly become a rapidly-growing field. In fact, in a report completed in 2006, it was estimated that the global security industry was valued at US $150 billion.

Security engineering involves aspects of

fail well", instead of trying to eliminate all sources of error), and economics as well as physics, chemistry, mathematics, criminology architecture, and landscaping.^[4]

Some of the techniques used, such as fault tree analysis, are derived from safety engineering.

Other techniques such as cryptography were previously restricted to military applications. One of the pioneers of establishing security engineering as a formal field of study is Ross Anderson.

Qualifications

No single qualification exists to become a security engineer.

However, an undergraduate and/or graduate degree, often in

Certified Information Systems Security Professional

, or Certified Physical Security Professional are available that may demonstrate expertise in the field. Regardless of the qualification, the course must include a knowledge base to diagnose the security system drivers, security theory and principles including defense in depth, protection in depth, situational crime prevention and crime prevention through environmental design to set the protection strategy (professional inference), and technical knowledge including physics and mathematics to design and commission the engineering treatment solution. A security engineer can also benefit from having knowledge in cyber security and information security. Any previous work experience related to privacy and computer science is also valued.

All of this knowledge must be braced by professional attributes including strong communication skills and high levels of literacy for engineering report writing. Security engineering also goes by the label Security Science.

Related-fields

Information security

See esp. Computer security
protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption to access.

Physical security

deter attackers from accessing a facility, resource, or information stored on physical media.

Technical surveillance counter-measures
Economics of security

the economic aspects of economics of privacy and computer security.

Methodologies

Technological advances, principally in the field of

confidence tricksters

.

Web applications

According to the Microsoft Developer Network the patterns and practices of security engineering consist of the following activities:^[5]

Security Objectives
Security Design Guidelines
Security Modeling
Security Architecture and Design Review
Security Code Review
Security Testing
Security Tuning
Security Deployment Review

These activities are designed to help meet security objectives in the

software life cycle

.

Physical

Understanding of a typical threat and the usual risks to people and property.
Understanding the incentives created both by the threat and the countermeasures.
Understanding risk and threat analysis methodology and the benefits of an empirical study of the physical security of a facility.
Understanding how to apply the methodology to buildings, critical infrastructure, ports, public transport and other facilities/compounds.
Overview of common physical and technological methods of protection and understanding their roles in
deterrence
, detection and mitigation.
Determining and prioritizing security needs and aligning them with the perceived threats and the available budget.

Product

Product security engineering is security engineering applied specifically to the products that an organization creates, distributes, and/or sells. Product security engineering is distinct from corporate/enterprise security,^[6] which focuses on securing corporate networks and systems that an organization uses to conduct business.

Product security includes security engineering applied to:

Hardware devices such as cell phones, computers, Internet of things devices, and cameras.
Software such as operating systems, applications, and firmware.

Such security engineers are often employed in separate teams from corporate security teams and work closely with product engineering teams.

Target hardening

Whatever the target, there are multiple ways of preventing penetration by unwanted or unauthorized persons. Methods include placing

voiceprint identification

to authenticate users.

References

^ "Security Engineering - an overview | ScienceDirect Topics". www.sciencedirect.com. Retrieved 2020-10-27.
^ Ware, Willis H. (January 1967). "Security and Privacy in Computer Systems".
^ Ware, Willis H. (January 1979). "Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security".
^ "Landscaping for security". Sunset. 1988. Archived from the original on 2012-07-18.
^ "patterns & practices of Security Engineering".
^ Watson, Philip (May 20, 2013). "Corporate vs. Product Security". SANS Institute Information Security Reading Room. SANS Institute. Retrieved October 13, 2020.

David A. Wheeler (2003). "Secure Programming for Linux and Unix HOWTO". Linux Documentation Project. Archived from the original on 2007-04-28. Retrieved 2005-12-19.

Ron Ross, Michael McEvilley, Janet Carrier Oren (2016). "Systems Security Engineering" (PDF).
Internet of Things. Retrieved 2016-11-22.{{cite web}}: CS1 maint: multiple names: authors list (link
)

Articles and papers

patterns & practices Security Engineering on Channel9

patterns & practices Security Engineering on MSDN

patterns & practices Security Engineering Explained

Basic Target Hardening from the Government of South Australia

v
t
e
Engineering

History

Outline

List of engineering branches

Specialties
and
Interdisciplinarity
Civil

Architectural

Coastal

Construction

Earthquake

Environmental
Ecological

Sanitary

Geological

Geotechnical

Hydraulic

Mining

Offshore

River

Structural

Transportation

Mechanical

Acoustical

Aerospace

Automotive

Energy

HVAC

Manufacturing

Marine

Naval architecture

Railway

Sports

Tribology

Electrical

Broadcast

Computer
outline

Control

Electromechanics

Electronics
Avionics

Microwaves

Optical

Photonics

Power

Radio frequency

Telecommunications

Chemical

Biochemical

Biological
Biomaterial

Bioresource

Genetic

Synthetic biology

Tissue

Electrochemical

Food

Molecular

Paper

Petroleum

Process

Reaction

Other

Agricultural

Audio

Biomedical
Bioinformatics

Clinical

Health technology

Pharmaceutical

Prosthesis

Rehabilitation

Building services
MEP

Geoengineering

Corrosion

Design

Engineering management

Engineering mathematics

Engineering physics

Explosives

Facilities

Fire

Geomatics

Industrial

Information

Logistics

Materials
Ceramics

Metals

Plastics

Polymers

Surface

Mechatronics
Robotics

Military

Nanotechnology

Nuclear

Ontology

Packaging

Piping

Privacy

Safety

Survey

Security

Software

Systems

Textile

Engineering education

Bachelor of Engineering

Master of Engineering

Doctor of Engineering

Engineer's degree

Engineering studies

Related topics

Engineer

Glossaries

Engineering
A–L

M–Z

Aerospace engineering

Civil engineering

Electrical and electronics engineering

Mechanical engineering

Structural engineering

Category

Commons

Wikiproject

Portal

Retrieved from "https://en.wikipedia.org/w/index.php?title=Security_engineering&oldid=1172213303"

[1] "Security Engineering - an overview | ScienceDirect Topics". www.sciencedirect.com. Retrieved 2020-10-27.

[2] Ware, Willis H. (January 1967). "Security and Privacy in Computer Systems".

[3] Ware, Willis H. (January 1979). "Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security".

[4] "Landscaping for security". Sunset. 1988. Archived from the original on 2012-07-18.

[5] "patterns & practices of Security Engineering".

[6] Watson, Philip (May 20, 2013). "Corporate vs. Product Security". SANS Institute Information Security Reading Room. SANS Institute. Retrieved October 13, 2020.

[2]

[3]

[4]

[5]

[6]