Jump to content

Security engineering

From Wikipedia, the free encyclopedia

Security engineering is the process of incorporating security controls into an information system so that the controls become an integral part of the system's operational capabilities. It is similar to other systems engineering activities in that its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but it has the added dimension of preventing misuse and malicious behavior. Those constraints and restrictions are often asserted as a security policy.

Cybersecurity engineering and privacy engineering focus on information security, computer security, and network security, including protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption to access. Physical security involves deterring attackers from accessing a facility, resource, or information stored on physical media. Security engineering involves aspects of social science, psychology (such as designing a system to "fail well", instead of trying to eliminate all sources of error), economics (see economics of security), mathematics, and architecture. Some of the techniques used, such as fault tree analysis, are derived from safety engineering.

History

[edit]

Early forms of security engineering include the fields of locksmithing, security printing, and cryptography. The concerns for modern security engineering and computer systems were first solidified in a RAND paper from 1967, "Security and Privacy in Computer Systems" by Willis H. Ware.[1] This paper, later expanded in 1979,[2] provided many of the fundamental information security concepts, labelled today as cybersecurity, that impact modern computer systems, from cloud implementations to embedded IoT. One of the pioneers of establishing security engineering as a formal field of study is Ross Anderson.

Standards and regulations

[edit]
Main article: Cyber-security regulation

Various countries establish legislative frameworks that define requirements for the protection of personal data and information security across different sectors. In the United States, specific regulations play a critical role in safeguarding sensitive information. The Health Insurance Portability and Accountability Act (HIPAA) outlines stringent standards for protecting health information, ensuring that healthcare organizations maintain the confidentiality and integrity of patient data.[3][4]

The Sarbanes-Oxley Act (SOX) sets forth compliance requirements aimed at enhancing the accuracy and reliability of financial reporting and corporate governance, thereby securing corporate data.[5] Additionally, the Federal Information Security Management Act (FISMA) mandates comprehensive security standards for federal agencies and their contractors, ensuring a unified approach to information security across the government sector.[6]

Globally, numerous other regulations also address data protection, such as the General Data Protection Regulation (GDPR) in the European Union, which sets a high standard for data privacy and empowers individuals with greater control over their personal information. These frameworks collectively contribute to establishing robust cybersecurity measures and promote best practices across various industries.

Qualifications

[edit]

Professionals in cybersecurity engineering include both people with formal educations in the field and people who have gained their expertise through self-study and work experience.[7] Paths in formal education include a bachelor's degree or master's degree in computer science, computer engineering, or a related field. A study in 2020 found that 60% of jobs in cybersecurity required a college degree in a related field, 25% preferred a graduate degree, and 30% required a certification.[8]

Technologies and tools

[edit]

Firewalls and IDS/IPS

[edit]

Firewalls, whether hardware or software-based, are components of cybersecurity infrastructure, acting as barriers that control incoming and outgoing network traffic according to established security rules. By preventing unauthorized access, firewalls help protect networks from potential threats. Complementing this, Intrusion Detection Systems (IDS) continuously monitor network traffic to detect suspicious activities, alerting administrators to potential breaches. Intrusion Prevention Systems (IPS) enhance these measures by not only detecting threats but also actively blocking them in real-time, creating a more proactive security posture.[9][10]

Encryption

[edit]

Encryption is a cornerstone of data protection, employing sophisticated cryptographic techniques to secure sensitive information. This process ensures that data is rendered unreadable to unauthorized users, safeguarding both data at rest, such as files stored on servers, and data in transit, such as information sent over the internet. By implementing encryption protocols, organizations can maintain confidentiality and integrity, protecting critical assets from cyber threats and data breaches.[11][12]

Security Information and Event Management (SIEM)

[edit]

SIEM systems aggregate and analyze data from various sources across an organization's IT environment. They provide a comprehensive overview of security alerts and events, enabling cybersecurity engineers to detect anomalies and respond to incidents swiftly. By correlating information from different devices and applications, SIEM tools improve situational awareness and support compliance with regulatory requirements.[13][14]

Vulnerability assessment tools

[edit]

Vulnerability assessment tools are essential for identifying and evaluating security weaknesses within systems and applications. These tools conduct thorough scans to detect vulnerabilities, categorizing them based on severity. This prioritization allows cybersecurity engineers to focus on addressing the most critical vulnerabilities first, thus reducing the organization's risk exposure and enhancing overall security effectiveness.[15]

Threat Detection and Response (TDR)

[edit]

TDR solutions utilize advanced analytics to sift through vast amounts of data, identifying patterns that may indicate potential threats. Tools like Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA) provide real-time insights into security incidents, enabling organizations to respond effectively to threats before they escalate.[16]

Traffic control and Quality of Service (QoS)

[edit]

Traffic control measures in cybersecurity engineering are designed to optimize the flow of data within networks, mitigating risks such as Distributed Denial of Service (DDoS) attacks. By utilizing technologies like Web Application Firewalls (WAF) and load balancers, organizations can ensure secure and efficient traffic distribution. Additionally, implementing Quality of Service (QoS) protocols prioritizes critical applications and services, ensuring they maintain operational integrity even in the face of potential security incidents or resource contention.[17][18]

Endpoint detection and response (EDR) and extended detection and response (XDR)

[edit]

EDR tools focus on monitoring and analyzing endpoint activities, such as those on laptops and mobile devices, to detect threats in real time. XDR expands on EDR by integrating multiple security products, such as network analysis tools, providing a more holistic view of an organization's security posture. This comprehensive insight aids in the early detection and mitigation of threats across various points in the network.[citation needed]

Web applications

[edit]
Main article: Web security

According to the Microsoft Developer Network the patterns and practices of security engineering consist of the following activities:[19]

  • Security Objectives
  • Security Design Guidelines
  • Security Modeling
  • Security Architecture and Design Review
  • Security Code Review
  • Security Testing
  • Security Tuning
  • Security Deployment Review

These activities are designed to help meet security objectives in the software life cycle.

Physical

[edit]
Main article: Physical security
Canadian Embassy in Washington, D.C. showing planters being used as vehicle barriers, and barriers and gates along the vehicle entrance
  • Understanding of a typical threat and the usual risks to people and property.
  • Understanding the incentives created both by the threat and the countermeasures.
  • Understanding risk and threat analysis methodology and the benefits of an empirical study of the physical security of a facility.
  • Understanding how to apply the methodology to buildings, critical infrastructure, ports, public transport and other facilities/compounds.
  • Overview of common physical and technological methods of protection and understanding their roles in deterrence, detection and mitigation.
  • Determining and prioritizing security needs and aligning them with the perceived threats and the available budget.

Product

[edit]

Product security engineering is security engineering applied specifically to the products that an organization creates, distributes, and/or sells. Product security engineering is distinct from corporate/enterprise security,[20] which focuses on securing corporate networks and systems that an organization uses to conduct business.

Product security includes security engineering applied to:

  • Hardware devices such as cell phones, computers, Internet of things devices, and cameras.
  • Software such as operating systems, applications, and firmware.

Such security engineers are often employed in separate teams from corporate security teams and work closely with product engineering teams.

See also

[edit]

References

[edit]
  1. ^ Ware, Willis H. (January 1967). "Security and Privacy in Computer Systems".
  2. ^ Ware, Willis H. (January 1979). "Security Controls for Computer Systems: Report of Defense Science Board Task Force on Computer Security".
  3. ^ "Health Information Privacy". U.S. Department of Health and Human Services. Retrieved 2024-10-14.
  4. ^ Marron, Jeffrey A (2024-02-14). Implementing the health insurance portability and accountability act (HIPAA) security rule :: a cybersecurity resource guide (PDF) (Report). Gaithersburg, MD: National Institute of Standards and Technology (U.S.). doi:10.6028/nist.sp.800-66r2.
  5. ^ STULTS, Gregg (2004-07-25). "An Overview of Sarbanes-Oxley for the Information Security Professional". SANS Institute.
  6. ^ "Federal Information Security Modernization Act". CISA. Retrieved 2024-10-14.
  7. ^ Adams, Ed (2024-01-12). "Chapter 1: Introduction and Motivation". See Yourself in Cyber: Security Careers Beyond Hacking. John Wiley & Sons. ISBN 978-1-394-22560-6.
  8. ^ Marquardson, Jim; Elnoshokaty, Ahmed (February 2020). "Skills, Certifications, or Degrees: What Companies Demand for Entry-Level Cybersecurity Jobs". Information Systems Education Journal. 18 (1): 22–28.
  9. ^ "What Is a Firewall?". Cisco. Retrieved 2024-10-14.
  10. ^ "What is IDS and IPS?". Juniper Networks. Retrieved 2024-10-14.
  11. ^ "Difference between Encryption and Cryptography". GeeksforGeeks. 2021-02-05. Retrieved 2024-10-14.
  12. ^ "Principles of encryption". Open Learning. Retrieved 2024-10-14.
  13. ^ "What Is SIEM?". Microsoft. Retrieved 2024-10-14.
  14. ^ "What Is SIEM? Security Information and Event Management Guide - IT Glossary". SolarWinds. Retrieved 2024-10-14.
  15. ^ "What Is Vulnerability Assessment? Benefits, Tools, and Process". HackerOne. Retrieved 2024-10-14.
  16. ^ "What Is Threat Detection and Response (TDR)?". Aqua. Retrieved 2024-10-14.
  17. ^ "What is Network Traffic Analysis (NTA)?". Rapid7. Retrieved 2024-10-14.
  18. ^ "Quality of Service (QoS) - Glossary". CSRC NIST. Retrieved 2024-10-14.
  19. ^ "patterns & practices of Security Engineering".
  20. ^ Watson, Philip (May 20, 2013). "Corporate vs. Product Security". SANS Institute Information Security Reading Room. SANS Institute. Retrieved October 13, 2020.

Further reading

[edit]

Articles and papers

[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Security_engineering&oldid=1359956635"