Chapter 1 What is Security Engineering Security Engineering
- Slides: 12
Chapter 1 What is Security Engineering?
Security Engineering l Building systems that remain stable Malice l Error l Mischance l l Focuses on Tool l Processes l Methods l
Expertise for security Engineering l l l l l Cryptography Computer security Hardware tamper resistance Applied Psychology Audit methods Law System engineering Business process analysis Software engineering
Critical assurance requirements l Human life and environment l l l Economic infrastructure l l Medical system Business sectors l l l Bank systems Personal privacy l l Nuclear safety Military Pay TV Internet sale Crime l Burglar and car alarms
Security v software engineering l Software l Ensuring that certain things can happen and happen properly l Security l Ensuring that certain things can not happen
A Secure system needs l User authentication l Transaction integrity l Accountability l Fault-tolerance l Message secrecy l Covertness
Review of 4 systems l Banks have been a driving force in security and accounting controls l Air l force base Military has been motivator of technology l Healthcare l Patient safety and privacy l Home l More and more important
Terms and uses l System l Subject, Principal, Identity l Trust, Trustworthy l Confidentiality, Privacy, Secrecy l Authenticity, Integrity l Vulnerability, Threat, Security failure
Articles for Friday 1/21 l l l What is security engineering Documentation of “system” like in text Confidentiality versus privacy versus secrecy System used for domestic spying (Wiretaps) Find article email to classmates before Thursday noon prepare to lead discussion.
Previous articles l An interesting discussion of the FBI's Carnivore system and its confidentiality. l l A news article on the latest version of i. Tunes; Privacy concerns over the 'Ministore' l l http: //www. scoop. co. nz/stories/HL 0601/S 00047. htm Intelligence info in plain site l l http: //www. msnbc. msn. com/id/9602401/site/newsweek (A lot to do with Echelon) l l http: //www. consumeraffairs. com/news 04/2006/01/scam_marine. html (Sort of a long article, sorry) l l http: //www. purdueexponent. com/index. php/module/Issue/action/Article/article_id/2447 Speaks about a changing threat and people who pose as others. . . l l http: //www. mercurynews. com/mld/mercurynews/business/technology/13662299. htm Talking about tailoring data to specific people. . . l l http: //www. sweetliberty. org/issues/privacy/corporate. htm http: //www. cbsnews. com/stories/2006/01/10/eveningnews/main 1198667. shtml Cell phone Privacy l http: //www. cbsnews. com/stories/2006/01/12/eveningnews/main 1206518. shtml
Links to resources l What is Security Engineering (author links) http: //www. cl. cam. ac. uk/~rja 14/book. html l http: //www. cl. cam. ac. uk/~rja 14/ l l. A few great BLOGS to get started http: //www. lightbluetouchpaper. org/ l http: //www. schneier. com/blog/ l
Links to resources l What l l do secure systems need: http: //en. wikipedia. org/wiki/Computer_security www. sans. org http: //books. slashdot. org/article. pl? sid=02/02/28/163234 Ross Andersons Home page l http: //www. cl. cam. ac. uk/~rja 14/
- Privatesecurity
- Osi architecture in network security
- Security guide to network security fundamentals
- Wireless security in cryptography and network security
- Explain about visa international security mode
- Electronic mail security in network security
- Nstissc security model
- Security policy and integrated security in e-commerce
- Building security software
- Security guide to network security fundamentals
- Security guide to network security fundamentals
- Systems security engineering capability maturity model
- Computer based system engineering in software engineering