Security engineering
This article needs additional citations for verification. (June 2017) |
Security engineering is the process of incorporating
In one form or another, security engineering has existed as an informal field of study for several centuries. For example, the fields of locksmithing and security printing have been around for many years. The concerns for modern security engineering and computer systems were first solidified in a RAND paper from 1967, "Security and Privacy in Computer Systems" by Willis H. Ware.[2] This paper, later expanded in 1979,[3] provided many of the fundamental information security concepts, labelled today as Cybersecurity, that impact modern computer systems, from cloud implementations to embedded IoT.
Recent catastrophic events, most notably
Security engineering involves aspects of
Other techniques such as cryptography were previously restricted to military applications. One of the pioneers of establishing security engineering as a formal field of study is Ross Anderson.
Qualifications
No single qualification exists to become a security engineer.
However, an undergraduate and/or graduate degree, often in
All of this knowledge must be braced by professional attributes including strong communication skills and high levels of literacy for engineering report writing. Security engineering also goes by the label Security Science.
Related-fields
- See esp. Computer security
- protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption to access.
- deter attackers from accessing a facility, resource, or information stored on physical media.
- Technical surveillance counter-measures
- Economics of security
- the economic aspects of economics of privacy and computer security.
Methodologies
Technological advances, principally in the field of
Web applications
According to the Microsoft Developer Network the patterns and practices of security engineering consist of the following activities:[5]
- Security Objectives
- Security Design Guidelines
- Security Modeling
- Security Architecture and Design Review
- Security Code Review
- Security Testing
- Security Tuning
- Security Deployment Review
These activities are designed to help meet security objectives in the
Physical
- Understanding of a typical threat and the usual risks to people and property.
- Understanding the incentives created both by the threat and the countermeasures.
- Understanding risk and threat analysis methodology and the benefits of an empirical study of the physical security of a facility.
- Understanding how to apply the methodology to buildings, critical infrastructure, ports, public transport and other facilities/compounds.
- Overview of common physical and technological methods of protection and understanding their roles in deterrence, detection and mitigation.
- Determining and prioritizing security needs and aligning them with the perceived threats and the available budget.
Product
Product security engineering is security engineering applied specifically to the products that an organization creates, distributes, and/or sells. Product security engineering is distinct from corporate/enterprise security,[6] which focuses on securing corporate networks and systems that an organization uses to conduct business.
Product security includes security engineering applied to:
- Hardware devices such as cell phones, computers, Internet of things devices, and cameras.
- Software such as operating systems, applications, and firmware.
Such security engineers are often employed in separate teams from corporate security teams and work closely with product engineering teams.
Target hardening
Whatever the target, there are multiple ways of preventing penetration by unwanted or unauthorized persons. Methods include placing
See also
Computer-related
|
Physical
|
Misc. Topics
|
References
- ^ "Security Engineering - an overview | ScienceDirect Topics". www.sciencedirect.com. Retrieved 2020-10-27.
- ^ Ware, Willis H. (January 1967). "Security and Privacy in Computer Systems".
- ^ Ware, Willis H. (January 1979). "Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security".
- ^ "Landscaping for security". Sunset. 1988. Archived from the original on 2012-07-18.
- ^ "patterns & practices of Security Engineering".
- ^ Watson, Philip (May 20, 2013). "Corporate vs. Product Security". SANS Institute Information Security Reading Room. SANS Institute. Retrieved October 13, 2020.
Further reading
- ISBN 0-471-38922-6.
- ISBN 978-0-470-06852-6.
- .
- ISBN 0-471-11709-9.
- Bruce Schneier (2000). ISBN 0-471-25311-1.
- David A. Wheeler (2003). "Secure Programming for Linux and Unix HOWTO". Linux Documentation Project. Archived from the original on 2007-04-28. Retrieved 2005-12-19.
- Ron Ross, Michael McEvilley, Janet Carrier Oren (2016). "Systems Security Engineering" (PDF). )