Security engineering

From Wikipedia, the free encyclopedia

Security engineering is the field of engineering dealing with the security and integrity of real-world systems. It is similar to systems engineering in that its motivation is to make a system meet requirements, but with the added dimension of enforcing a security policy. It has existed as an informal field for centuries, in the fields of locksmithing and security printing.

Security Engineering is the discipline of developing detailed engineering designs for security systems. Typical qualifications to be considered when interviewing a security engineer are Chartered Professional Engineer, ASIS CPP, ASIS PSP, BICSI RCDD. There is a need for appropriate licencing for security engineers (this differs from country to country).

Technological advances, principally in the field of computers, have now allowed the creation of far more complex systems, with new and complex security problems. Because modern systems cut across many areas of human endeavor, security engineers not only need consider the mathematical and physical properties of systems; they also need to consider attacks on the people who use and form parts of those systems using social engineering attacks. Secure systems have to resist not only technical attacks, but also coercion, fraud, and deception by confidence tricksters.

For this reason it involves aspects of social science, psychology and economics, as well as physics, chemistry and mathematics. Some of the techniques used, such as fault tree analysis, are derived from safety engineering.

Other techniques such as cryptography were previously restricted to military applications. One of the pioneers of security engineering as a formal field of study is Ross Anderson.

Contents

A security stance is a default position on security matters.

Possible security stances:

"Everything not explicitly permitted is forbidden" (default deny) -- improves security at a cost in functionality. This is a good approach if you have lots of security threats. See secure computing for a discussion of computer security using this approach.

"Everything not explicitly forbidden is permitted" (default permit) -- allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non-existent or negligible. See computer insecurity for an example of the failure of this approach in the real world.

The patterns & practices Security Engineering consists of the following activities:

  • Security Objectives
  • Security Design Guidelines
  • Security Modeling
  • Security Architecture and Design Review
  • Security Code Review
  • Security Testing
  • Security Tuning
  • Security Deployment Review

These activities help meet security objectives in the software life cycle.

Retrieved from "http://en.wikipedia.org../../../s/e/c/Security_engineering.html"
Advanced Search
Included Web Search Engines


Safe Search

close

Top Matching Results

Occasionally Search.com will highlight specialized results that are based on the context of your query. Examples of specialized results include specific links to news, images, or video.

Top Matching Results may highlight information from other Search.com pages, content from the CNET Network of sites, or third party content. The listings are based purely on relevance. Search.com does not receive payment for listings in this section but our partners that provide this data may get paid for listing these products.

Sponsored Links

This section contains paid listings which have been purchased by companies that want to have their sites appear for specific search terms and related content. These listings are administered, sorted and maintained by a third party and are not endorsed by Search.com.

Search Results

Search.com sends your search query to several search engines at one time and integrates the results into one list which has been sorted by relevance using Search.com's proprietary algorithm. You can customize the list of search engines included in your metasearch from the preferences.

The search engines that are used in your metasearch may allow companies to pay to have their Web sites included within the results. To view the Paid Inclusion policy for a specific search engine, please visit their Web site. Search.com does not accept payment or share revenue with any search engine partner for listings in this section.