Security Engineering

Information about Security Engineering

Security engineering is the field of engineering dealing in developing detailed engineering designs for security systems and for security of spaces. It is similar to systems engineering in that its motivation is to make a system meet requirements, but with the added dimension of enforcing a security policy. It has existed as an informal field for centuries, in the fields of locksmithing and security printing.

For this reason it involves aspects of social science, psychology and economics, as well as physics, chemistry, mathematics and Landscaping.[1] Some of the techniques used, such as fault tree analysis, are derived from safety engineering.

Other techniques such as cryptography were previously restricted to military applications. One of the pioneers of security engineering as a formal field of study is Ross Anderson.

Qualifications

Typical qualifications for a security engineer are:

Chartered Professional Engineer
CPP
PSP
BICSI RCDD
CISSP

However, multiple qualifications, or several qualified persons working together, may provide a more complete solution.[2]

Security Stance

Possible default positions on security matters:

Default deny - "Everything not explicitly permitted is forbidden"

-- Improves security at a cost in functionality. This is a good approach if you have lots of security threats. See secure computing for a discussion of computer security using this approach.

Default permit - "Everything not explicitly forbidden is permitted"

-- Allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non-existent or negligible. See computer insecurity for an example of the failure of this approach in the real world.

Sub-fields

Physical security - measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media.
Information security - protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption to access. (See esp. Computer security)
Economics of security - addressing the economic aspects of economics of privacy and computer security.

Methodologies

Technological advances, principally in the field of computers, have now allowed the creation of far more complex systems, with new and complex security problems. Because modern systems cut across many areas of human endeavor, security engineers not only need consider the mathematical and physical properties of systems; they also need to consider attacks on the people who use and form parts of those systems using social engineering attacks. Secure systems have to resist not only technical attacks, but also coercion, fraud, and deception by confidence tricksters.

Computer - Patterns & Practices

According to the Microsoft Developer Network the patterns & practices of Security Engineering consists of the following activities:

Security Objectives
Security Design Guidelines
Security Modeling
Security Architecture and Design Review
Security Code Review
Security Testing
Security Tuning
Security Deployment Review

These activities are designed to help meet security objectives in the software life cycle.

Physical - Patterns & Practices

Understanding of a typical threat and the usual risks to people and property.
Understanding risk and threat analysis methodology and the benefits of an empirical study of the physical security of a facility.
Understanding how to apply the methodology to buildings, critical infrastructure, ports, public transport and other facilities/compounds.
Overview of common physical and technological methods of protection and understanding their roles in deterrence, detection and mitigation.
Determining and prioritizing security needs and aligning them with the perceived threats and the available budget.

Target Hardening

Whatever the target, there are multiple ways of preventing penetration by unwanted or unauthorised persons. Methods include placing Jersey barriers, stairs or other sturdy obstacles outside tall or politically sensitive buildings to prevent car and truck bombings. Improving the method of Visitor management and some new electronic locks take advantage of technologies such as fingerprint scanning, iris or retinal scanning, and voiceprint identification to authenticate users.

Companies and Governments Employing Security Engineers

US Department of State, Bureau of Diplomatic Security (ABET certified institution degree in engineering or physics required)

Criticisms

This template is deprecated. Please replace with {{|Controversies over the term Engineer}} .

Main article: Controversies over the term Engineer

Gallery

Airport Pre-screening Station: allowing the maximum accesss of foottraffic while still providing basic security to the facility

Canadian Embassy in Washington, D.C. Notice the planters being used as vehicle barriers, and barriers and gates allong the vehicle entrance.

Systems Engineering (SE) is an interdisciplinary field of engineering, that focuses on the development and organization of complex artificial systems. Systems Engineering integrates other disciplines and specialty groups into a team effort, forming a structured development
..... Click the link for more information.

Business Requirements describe in business terms what must be delivered or accomplished to provide value. Product Requirements describe the system or product which is one of several possible ways to accomplish the business requirements.
..... Click the link for more information.

A security policy is a definition of what it means to be secure for a system, organization or other entity. For an organization, it addresses the constraints on behavior of its members as well as constraints imposed on adversaries by mechanisms such as doors, locks, keys
..... Click the link for more information.

Locksmithing began as the science and art of making and locks. A lock is a mechanism that secures buildings, rooms, cabinets, food, or other storage facilities. A key is often used to open a lock.
..... Click the link for more information.

Security printing is the field of the printing industry that deals with the printing of items such as banknotes, passports, tamper-evident labels, stock certificates, postage stamps and identity cards.
..... Click the link for more information.

The social sciences are a group of academic disciplines that study human aspects of the world. They diverge from the arts and humanities in that the social sciences tend to emphasize the use of the scientific method in the study of humanity, including quantitative and qualitative
..... Click the link for more information.

Psychology (from Greek: Literally "talk about the soul" (from logos)) is both an academic and applied discipline involving the scientific study of mental processes and behavior.
..... Click the link for more information.

Economics is the social science that studies the production, distribution, and consumption of goods and services. The term economics comes from the Greek for oikos (house) and nomos (custom or law), hence "rules of the house(hold).
..... Click the link for more information.

Physics is the science of matter^[1] and its motion^[2]^[3], as well as space and time^[4]^[5] —the science that deals with concepts such as force, energy, mass, and charge.
..... Click the link for more information.

Editing of this page by unregistered or newly registered users is currently disabled due to vandalism.
If you are prevented from editing this page, and you wish to make a change, please discuss changes on the talk page, request unprotection, log in, or .
..... Click the link for more information.

Mathematics (colloquially, maths or math) is the body of knowledge centered on such concepts as quantity, structure, space, and change, and also the academic discipline that studies them. Benjamin Peirce called it "the science that draws necessary conclusions".
..... Click the link for more information.

Landscaping refers to any activity that modifies the visible features of an area of land, including but not limited to:

living elements, such as flora or fauna; or what is commonly referred to as Gardening, the art and craft of growing plants with a goal of creating a

..... Click the link for more information.

Safety engineering is an applied science strongly related to systems engineering and the subset System Safety Engineering. Safety engineering assures that a life-critical system behaves as needed even when pieces fail.
..... Click the link for more information.

Cryptography (or cryptology; derived from Greek κρυπτός kryptós "hidden," and the verb γράφω gráfo "write" or λεγειν legein
..... Click the link for more information.

Ross J. Anderson is a researcher, writer, and industry consultant in security engineering. He is a professor in security engineering at Cambridge University where he leads the computer security group.
..... Click the link for more information.

The introduction to this article provides insufficient context for those unfamiliar with the subject matter.
Please help [ improve the introduction] to meet Wikipedia's layout standards.

..... Click the link for more information.

A Physical Security Professional (PSP) is a certification process for individuals involved in the physical security of organizations. This certification process is offered by ASIS International.
..... Click the link for more information.

Since the official break-up of AT&T in 1984 in the United States, BICSI (pr. "BIK SEE") (Building Industry Consulting Service International) has assumed the role that AT&T's free service, BICS, fulfilled in helping with the development and design for information
..... Click the link for more information.

Secure Computing Corporation

Public (NASDAQ: SCUR )
Founded 1989 (spun off from Honeywell)
Headquarters San Jose, California

Key people John McNulty, President, Chairman, and CEO
Industry Security software and services
Products Security software
..... Click the link for more information.

Computer security is a branch of information security applied to both theoretical and actual computer systems. Computer security is a branch of computer science that addresses enforcement of 'secure' behavior on the operation of computers.
..... Click the link for more information.

This article is written like a personal reflection or and may require .
Please [ improve this article] by rewriting this article in an . (, talk)

Many current computer systems have only limited security precautions in place.
..... Click the link for more information.

Physical security describes measures that prevent or deter attackers from accessing a facility, resource, or information stored on physical media. It can be as simple as a locked door or as elaborate as multiple layers of armed guardposts.
..... Click the link for more information.

Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction.^[1] The terms information security
..... Click the link for more information.

The economics of information security addresses the economic aspects of economics of privacy and computer security. Economics of information security includes models of the strictly rational homo economicus as well as behavioral economics.
..... Click the link for more information.

computer is a machine which manipulates data according to a list of instructions.

Computers take numerous physical forms. The first devices that resemble modern computers date to the mid-20th century (around 1940 - 1941), although the computer concept and various machines
..... Click the link for more information.

Social engineering is a collection of techniques used to manipulate people into performing actions or divulging confidential information.^[1] While similar to a confidence trick or simple fraud, the term typically applies to trickery for information gathering or computer
..... Click the link for more information.

Coercion is the practice of compelling a person to behave in an involuntary way (whether through action or inaction) by use of threats, intimidation or some other form of pressure or force.
..... Click the link for more information.

Criminal law
Part of the common law series
Elements of crimes
Actus reus · Causation · Concurrence
Mens rea · Intention (general)
Intention in English law · Recklessness
..... Click the link for more information.

This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.

Herod_Archelaus

iPedia Free Information Center