User:Interiot/Sandbox/Security engineering

Security engineering is an applied science that deals with intentional malicious failure of a real-world systems. It is strongly related to safety engineering which deals with accidental systems failure.

As with safety engineering, security engineering failure can lead to loss of physical life or property, but it can also lead to loss of information integrity, confidentiality, or availability. Perfect security is often impossible, so risk analysis is also an important facet of security engineering.

Although security engineering overlaps with military science, and sometimes borrows from it, security engineering is usually concerned with more prevalent civilian scenarios.

History
Security systems engineering has existed informally for centuries in the fields of locksmithing, security printing, and classical cryptography.

The onset of the Information Age saw a rise in the amount of recorded information, increasing the number of things that needed to be secured. The onset of the Internet greatly increased the interconnection of information systems, expanding the number of people who could potentially cause a security failure in a given system. Advances in computers allowed the creation of remarkably more complex systems than before, increasing the difficulty of securing those systems. (a security failure in any part of a system often leads to total security failure, so higher complexity directly leads to more opportunities for attack)

Expertise
Because modern systems cut across many areas of human endeavor, security engineers need to not only consider the mathematical and physical properties of systems; they also need to consider attacks on the people who use and form parts of those systems using social engineering attacks, including coercion, fraud, and deception by confidence tricksters. Because security systems can span households, corporations, or even nations, the decisions of leaders in setting policy, and the decisions of individuals regarding compliance, can affect the total security of those systems. Other practical considerations include design tradeoffs between security, cost, and usability.

For these reasons, security engineering may require a wide range of expertise, including physics, materials science, mathematics, social science, psychology, and economics. Due to its close relation with safety engineering, some of the techniques are borrowed from it, such as fault tree analysis.

One of the pioneers of security engineering as a formal field of study is Ross Anderson.

As with "safety", the word "security" can mean a broad range of things, from computer network security, to home security, to national security. "Security engineering" can sometimes refer to the broader cases as well, even when the protection measures are largely procedural, political, or militaristic.

Sub-fields of security engineering

 * Physical security
 * Lock picking
 * Safe-cracking
 * Security guard
 * Information security
 * Covert channel
 * Cryptography
 * Cryptanalysis
 * Digital rights management
 * Kerckhoffs' principle
 * Secure channel
 * Steganography

Domain-specific security

 * Electromagnetic security
 * Acoustic cryptanalysis
 * Power analysis
 * TEMPEST
 * Computer security (Category:Computer_security)
 * Buffer overflow
 * Computer insecurity
 * Password
 * Secure computing
 * Secure cryptoprocessor
 * Software cracking
 * Computer network security
 * Backdoor
 * Denial-of-service attack
 * Firewall
 * War dialing
 * Wardriving

Concepts

 * Authentication
 * Authorization
 * Trust
 * Attacks
 * Deception
 * Eavesdropping
 * Fraud
 * Inside job
 * Man in the middle attack
 * Social engineering
 * Timing attack
 * Defenses
 * Canary trap
 * Secrecy
 * Tamper-evident
 * Tamper resistance

Community/Roles

 * Computer forensics
 * Full disclosure
 * Hacker