Security engineering is the field of engineering dealing with the security and integrity of real-world systems.
Technological advances, principally in the field of computers, have now allowed the creation of far more complex systems than before, with new and complex security problems. Because modern systems cut across many areas of human endeavor, security engineers not only need consider the mathematical and physical properties of systems; they also need to consider attacks on the people who use and form parts of those systems using social engineering attacks. Secure systems have to resist not only technical attacks, but also coercion, fraud, and deception by confidence tricksters.
For this reason, as well as physics, chemistry and mathematics, it involves aspects of social science, psychology and economics. Some of the techniques used, such as fault tree analysis, are derived from safety engineering.
Other techniques such as cryptography were previously restricted to military applications.
One of the pioneers of security engineering as a formal field of study is Ross Anderson.
Sub-fields of security engineering
- Computer insecurity
- Defensive programming
- Electronic underground community
- Full disclosure
- Kerckhoffs' principle
- Password policy
- Secure computing
- Secure cryptoprocessor
- Security by obscurity
- Security community
- Security stance
- Social engineering
- Software cracking
- Systems engineering
- Trusted system
- Anderson, Ross - 'Security Engineering', published by Wiley, 2001, ISBN 0471389226
- Anderson, Ross - Why Information Security is Hard - An Economic Perspective
- Schneier, Bruce - 'Applied Cryptography' ISBN 0471117099
- Schneier, Bruce - 'Secrets and Lies: Digital Security in a Networked World' ISBN 0471253111
- Wheeler, David A. - 'Secure Programming for Linux and Unix HOWTO'