Security Engineering

Security engineering is, in the broadest sense, the development of secure systems. A secure system is a system that can be depended upon despite the occurance of faults, errors and concentrated efforts that could potentially cause failure.

As a discipline, then, security engineering includes the development and management of:

• safety critical systems — for example, medical equipment and aircraft control systems where failure can potentially lead to injury or death.
• business critical systems — where failure, whilst not necessarily life-threatening, could represent a significant economic or financial risk.

As a result, security engineering requires expertise across a number of different technical areas including: business process analysis, software engineering, cryptography, computer security, formal methods and in some cases, psychology and law.

Security engineering is distinct from the more widely held perception of computer security which, through popularisation, has primarily been concerned with securing individual machines, networks and gateways against unauthorised access. Instead, the role of the security engineer is to try to build systems that are inherently secure; systems that are resistant to technical faults, errors and malicious intent yet remain secure.

With experience in security engineering, we can help you to secure your business with:

• the development of an appropriate security policy comprising an asset analysis, and a threat model appropriate to your business, as described in our white paper on Internet Security;
• the development of an appropriate disaster recovery plan, and contingencies;
• security recommendations and policy documents relating to specific systems, applications and network infrastructure including servers, workstations, hubs, switches, routers, firewalls and proxy servers;
• security recommendations and policy documents relating to software development projects;
• secure software development.