What is security engineering and what are the major activities in security engineering?
Security engineering is the implementation and integration of the design of security architecture of an organization. Moreover, it is the process of incorporating security controls into the information and information system so that it becomes an interdependent and integral part of the system’s operational capabilities. The objective of security engineering is to protect the confidentiality, integrity, and availability (CIA) of the information and information systems.
Security engineering is about designing and building systems to remain dependable in the face cyberattacks and security threats. As a discipline, it focuses on the tools, procedures, processes, and methods needed to design, implement, and test complete systems, and to adapt existing systems as their environment evolves. Security engineering requires cross-disciplinary expertise, ranging from cryptography and computer security through hardware tamper-resistance and formal methods to a knowledge of economics, applied psychology, organizations and the law. Cybersecurity engineers build, implement, evaluate and monitor security controls to protect an organization’s data from cyberattacks, loss, or unauthorized access to information and information systems. Security engineering focuses on defining customer needs, cybersecurity protection requirements, and expected functionality early in the systems development lifecycle, documenting requirements, and then proceeding with design, synthesis, and system validation while addressing the problem.
The major activities in security engineering include the following:
- Requirement Analysis
- Design
- Implementation
- Testing
- Maintenance
- Decommissioning