User:Interiot/Sandbox/Security engineering

Security engineering is an applied science that deals with intentional malicious failure of a real-world systems. It is strongly related to safety engineering which deals with accidental systems failure.

As with safety engineering, security engineering failure can lead to loss of physical life or property, but it can also lead to loss of information integrity, confidentiality, or availability. Perfect security is often impossible, so risk analysis is also an important facet of security engineering.

Although security engineering overlaps with military science, and sometimes borrows from it, security engineering is usually concerned with more prevalent civilian scenarios.

History

edit

Security systems engineering has existed informally for centuries in the fields of locksmithing, security printing, and classical cryptography.

The onset of the Information Age saw a rise in the amount of recorded information, increasing the number of things that needed to be secured. The onset of the Internet greatly increased the interconnection of information systems, expanding the number of people who could potentially cause a security failure in a given system. Advances in computers allowed the creation of remarkably more complex systems than before, increasing the difficulty of securing those systems. (a security failure in any part of a system often leads to total security failure, so higher complexity directly leads to more opportunities for attack)

Expertise

edit

Because modern systems cut across many areas of human endeavor, security engineers need to not only consider the mathematical and physical properties of systems; they also need to consider attacks on the people who use and form parts of those systems using social engineering attacks, including coercion, fraud, and deception by confidence tricksters. Because security systems can span households, corporations, or even nations, the decisions of leaders in setting policy, and the decisions of individuals regarding compliance, can affect the total security of those systems. Other practical considerations include design tradeoffs between security, cost, and usability.

For these reasons, security engineering may require a wide range of expertise, including physics, materials science, mathematics, social science, psychology, and economics. Due to its close relation with safety engineering, some of the techniques are borrowed from it, such as fault tree analysis.

One of the pioneers of security engineering as a formal field of study is Ross Anderson.

As with "safety", the word "security" can mean a broad range of things, from computer network security, to home security, to national security. "Security engineering" can sometimes refer to the broader cases as well, even when the protection measures are largely procedural, political, or militaristic.

See also

edit

A partial list of the most important or representative articles in each category.

Sub-fields of security engineering

edit

Domain-specific security

edit

Concepts

edit

Community/Roles

edit

Further reading

edit
  • Anderson,Ross (2001). Security Engineering. Wiley. ISBN 0471389226.
  • Brebbia (2005). Safety And Security Engineering. Wit Pr/Computational Mechanics. ISBN 1845640195.
  • Schneier,Bruce (1995). Applied Cryptography. Wiley. ISBN 0471117099.
  • Schneier,Bruce (2000). Secrets and Lies: Digital Security in a Networked World. John Wiley & Sons. ISBN 0471253111.
  • Anderson, Ross - Why Information Security is Hard - An Economic Perspective
  • Wheeler, David A. - 'Secure Programming for Linux and Unix HOWTO'