Lecture 1 0 security engineering 2016 module 01
Security engineering is a specialized field of engineering that focuses on the security aspects in the design of systems that need to be able to deal robustly with possible sources of disruption, ranging from natural disasters to malicious acts. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but with the added dimension of preventing misuse and malicious behavior. These constraints and restrictions are often asserted as a security policy.
Contents
- Lecture 1 0 security engineering 2016 module 01
- Security models pt 3 clark wilson brewer and nash graham denning cissp free by skillset com
- Qualifications
- Security stance
- Core practices
- Sub fields
- Methodologies
- Web applications
- Physical
- Target hardening
- Employers of security engineers
- References
In one form or another, security engineering has existed as an informal field of study for several centuries. For example, the fields of locksmithing and security printing have been around for many years.
Due to recent catastrophic events, most notably 9/11, Security Engineering has quickly become a rapidly growing field. In fact, in a recent report completed in 2006, it was estimated that the global security industry was valued at US$150 billion.
Security engineering involves aspects of social science, psychology (such as designing a system to 'fail well' instead of trying to eliminate all sources of error) and economics, as well as physics, chemistry, mathematics, architecture and landscaping. Some of the techniques used, such as fault tree analysis, are derived from safety engineering.
Other techniques such as cryptography were previously restricted to military applications. One of the pioneers of security engineering as a formal field of study is Ross Anderson.
Security models pt 3 clark wilson brewer and nash graham denning cissp free by skillset com
Qualifications
Typical qualifications for a security engineer are:
However, multiple qualifications, or several qualified persons working together, may provide a more complete solution.
Security stance
The two possible default positions on security matters are:
1. Default deny - "Everything, not explicitly permitted, is forbidden"
2. Default permit - "Everything, not explicitly forbidden, is permitted"
Core practices
Sub-fields
Methodologies
Technological advances, principally in the field of computers, have now allowed the creation of far more complex systems, with new and complex security problems. Because modern systems cut across many areas of human endeavor, security engineers not only need consider the mathematical and physical properties of systems; they also need to consider attacks on the people who use and form parts of those systems using social engineering attacks. Secure systems have to resist not only technical attacks, but also coercion, fraud, and deception by confidence tricksters.
Web applications
According to the Microsoft Developer Network the patterns & practices of Security Engineering consists of the following activities:
These activities are designed to help meet security objectives in the software life cycle.
Physical
Target hardening
Whatever the target, there are multiple ways of preventing penetration by unwanted or unauthorised persons. Methods include placing Jersey barriers, stairs or other sturdy obstacles outside tall or politically sensitive buildings to prevent car and truck bombings. Improving the method of visitor management and some new electronic locks take advantage of technologies such as fingerprint scanning, iris or retinal scanning, and voiceprint identification to authenticate users.