AllExperts > Encyclopedia 
Search      
Find out about volunteering to AllExperts

Security engineering: Encyclopedia BETA


Free Encyclopedia
 Home · Index · Browse A-Z  · Questions and Answers ·
Encyclopedia

Contents

Browse A-Z
ABCDEFGHIJKLMNOPQRSTUVWXYZNum


License
Disclaimer

 
 
 
 
Free Online Courses
12 Weeks to Weight Loss
Take Charge of Stress
Learn How to Bake
Budgeting 101
Deeper Faith
DIY Fashion Makeover

       MORE E-COURSES
 
   

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z  Misc

Security engineering

Security engineering is the field of engineering dealing with the security and integrity of real-world systems. It has existed as an informal field for centuries, in the fields of locksmithing and security printing.

Technological advances, principally in the field of computers, have now allowed the creation of far more complex systems, with new and complex security problems. Because modern systems cut across many areas of human endeavor, security engineers not only need consider the mathematical and physical properties of systems; they also need to consider attacks on the people who use and form parts of those systems using social engineering attacks. Secure systems have to resist not only technical attacks, but also coercion, fraud, and deception by confidence tricksters.

For this reason, as well as physics, chemistry and mathematics, it involves aspects of social science, psychology and economics. Some of the techniques used, such as fault tree analysis, are derived from safety engineering.

Other techniques such as cryptography were previously restricted to military applications. One of the pioneers of security engineering as a formal field of study is Ross Anderson.

Security Stance

A security stance is a default position on security matters.

Possible security stances:

"Everything not explicitly permitted is forbidden" (default deny) -- improves security at a cost in functionality. This is a good approach if you have lots of security threats. See secure computing for a discussion of computer security using this approach.

"Everything not explicitly forbidden is permitted" (default permit) -- allows greater functionality by sacrificing security. This is only a good approach in an environment where security threats are non-existent or negligible. See computer insecurity for an example of the failure of this approach in the real world.

Sub-fields of security engineering

* computer security
* physical security
* information security

See also

* Authentication
* Authorization
* Critical Infrastructure Protection
* Computer insecurity
* Cryptography
* Cryptanalysis
* Data remanence
* Deception
* Defensive programming
* Electronic underground community
* Fraud
* Full disclosure
* Hacking
* Kerckhoffs' principle
* Locksmithing
* Password policy
* Secrecy
* Secure computing
* Secure cryptoprocessor
* Security awareness
* Security through obscurity
* Security community
* Social engineering
* Software cracking
*Software Security Assurance
* Steganography
* Systems engineering
* Trusted system

Further reading


* Ross Anderson (2001). "Why Information Security is Hard - An Economic Perspective"



Email this page
About Us | Advertise on This Site | User Agreement | Privacy Policy | Kids' Privacy Policy | Help
About and About.com are registered trademarks of About, Inc. The About logo is a trademark of About, Inc. All rights reserved.
This is the "GNU Free Documentation License" reference article from the English Wikipedia. All text is available under the terms of the GNU Free Documentation License. See also our Disclaimer.