Security Engineering
Also known as:
Security Engineering
1. Overview
2. Core Principles
3. Key Practices
4. Application Context
5. Implementation
6. Evidence & Impact
7. Cognitive Era Considerations
8. Commons Alignment Assessment
9. Resources & References
Security engineering is a discipline focused on the design and implementation of secure systems. It is the process of building systems to remain dependable in the face of malice, error, or mischance. As a discipline, it focuses on the tools, processes, and methods needed to design, implement, and test complete systems, and to adapt existing systems as their environment evolves. Security engineering is not just about adding security features to a system; it is about building security into the system from the ground up. It is a proactive approach to security that aims to prevent security breaches before they happen, rather than just reacting to them after the fact. [1]
At its core, security engineering is a risk management discipline. It is about identifying, assessing, and mitigating security risks to an acceptable level. This involves understanding the threats to a system, the vulnerabilities that those threats could exploit, and the potential impact of a successful attack. Based on this understanding, security engineers design and implement security controls to reduce the likelihood and/or impact of a security breach. These controls can be technical, such as encryption and access control mechanisms, or they can be procedural, such as security policies and training programs.
Security engineering is guided by a set of core principles that have been developed over time to help organizations build more secure and resilient systems. These principles provide a framework for thinking about security and for making sound security decisions. They are not a set of hard and fast rules, but rather a set of guidelines that can be adapted to the specific needs of an organization.
One of the most fundamental principles of security engineering is Security by Design. This principle states that security should be an integral part of the system design from the very beginning, rather than an afterthought or an add-on. By considering security at every stage of the development lifecycle, from requirements gathering to design, implementation, and testing, organizations can build systems that are more secure and less vulnerable to attack. This proactive approach to security is far more effective than trying to patch security holes after a system has been deployed. [2]
Another key principle is Defense in Depth. This principle is based on the idea that no single security control is perfect, and that a layered approach to security is more effective than relying on a single control. By implementing multiple layers of security controls, organizations can create a more resilient defense that is more difficult for attackers to penetrate. For example, a defense-in-depth strategy might include a combination of firewalls, intrusion detection systems, access control mechanisms, and encryption. If one layer of defense is breached, the other layers can still provide protection. [2]
The Principle of Least Privilege is another cornerstone of security engineering. This principle states that users and processes should only be given the minimum level of access rights that are necessary for them to perform their assigned tasks. This helps to limit the damage that can be done if an account is compromised, as the attacker will only have access to a limited set of resources. This principle should be applied to all aspects of a system, from user accounts to service accounts and system processes. [2]
Separation of Duties is a principle that is closely related to the principle of least privilege. This principle requires that the successful completion of a single task is dependent upon two or more conditions that are insufficient, individually by themselves, for completing the task. This helps to prevent fraud and other malicious acts by ensuring that no single individual has enough power to compromise the system on their own. For example, a separation of duties policy might require that one person is responsible for creating a new user account, while another person is responsible for assigning permissions to that account. [2]
Finally, the principle of Open Design states that the security of a system should not depend on the secrecy of its design or implementation. This is in contrast to the concept of security through obscurity, which is the belief that a system is secure because its inner workings are kept secret. The problem with security through obscurity is that it is a fragile form of security that can be easily broken if the secret is discovered. An open design, on the other hand, allows for public scrutiny and review, which can help to identify and fix security vulnerabilities before they can be exploited. [2]
In addition to the core principles, there are a number of key practices that are essential for effective security engineering. These practices provide a structured approach to security that can help organizations to build more secure and resilient systems. They are not a one-size-fits-all solution, but rather a set of best practices that can be adapted to the specific needs of an organization.
Threat modeling is a key practice in security engineering that involves identifying potential threats to a system and analyzing the potential vulnerabilities that those threats could exploit. The goal of threat modeling is to understand the security risks to a system so that appropriate security controls can be designed and implemented to mitigate those risks. Threat modeling is an iterative process that should be performed throughout the development lifecycle, from requirements gathering to design, implementation, and testing.
Security architecture and design review is another critical practice in security engineering. This practice involves a systematic review of the system’s architecture and design to identify and mitigate security risks. The goal of this review is to ensure that the system is designed in a way that is consistent with the organization’s security policies and standards, and that appropriate security controls are in place to protect the system from attack. This review should be performed by a team of security experts who have a deep understanding of the system and the threats that it faces.
Security code review is the process of manually or automatically reviewing the source code of a system to identify security vulnerabilities. The goal of code review is to find and fix security flaws before they can be exploited by attackers. Code review can be a very effective way to find a wide range of security vulnerabilities, from simple programming errors to complex design flaws. It is an essential practice for any organization that is serious about building secure software.
Security testing is the process of testing a system to identify and fix security vulnerabilities. There are many different types of security testing, including penetration testing, vulnerability scanning, and fuzzing. Penetration testing is a type of testing that simulates an attack on a system to identify vulnerabilities that could be exploited by attackers. Vulnerability scanning is an automated process of scanning a system for known vulnerabilities. Fuzzing is a type of testing that involves providing invalid, unexpected, or random data as input to a system to see how it responds. Security testing is an essential practice for any organization that wants to ensure that its systems are secure.
Security engineering is a universally applicable pattern that is relevant in any context where information or systems need to be protected from unauthorized access, use, disclosure, disruption, modification, or destruction. The principles and practices of security engineering can be applied to a wide range of domains, from large-scale enterprise systems to small-scale embedded devices. The specific application of security engineering will vary depending on the context, but the underlying principles remain the same.
In the enterprise context, security engineering is essential for protecting sensitive corporate data, such as financial records, customer information, and intellectual property. It is also critical for ensuring the availability and integrity of business-critical systems, such as email servers, web servers, and databases. The application of security engineering in the enterprise involves a holistic approach that addresses all aspects of security, from physical security to network security to application security.
In the government and defense context, security engineering is of paramount importance for protecting national security and critical infrastructure. Government and defense systems are often the target of sophisticated and well-funded attackers, so a rigorous and disciplined approach to security is essential. The application of security engineering in this context involves a strong focus on assurance and the use of formal methods to verify the security of systems.
In the industrial control systems (ICS) and critical infrastructure context, security engineering is critical for protecting the systems that control our power grids, water treatment plants, and other critical infrastructure. A security breach in an ICS could have devastating consequences, so a high level of security is required. The application of security engineering in this context involves a strong focus on safety and reliability, as well as security.
In the consumer electronics and Internet of Things (IoT) context, security engineering is becoming increasingly important as more and more devices are connected to the internet. These devices are often a target for attackers, so it is essential that they are designed and built with security in mind. The application of security engineering in this context involves a strong focus on usability and cost-effectiveness, as well as security.
Implementing a robust security engineering practice within an organization is a multifaceted endeavor that requires a strategic and phased approach. It is not a one-time project but a continuous process of improvement and adaptation. The following steps provide a high-level roadmap for organizations looking to establish or enhance their security engineering capabilities.
1. Establish a Security Engineering Function: The first step is to establish a dedicated security engineering function within the organization. This function should be responsible for leading the security engineering effort and for providing security expertise to the rest of the organization. The security engineering team should be staffed with experienced security professionals who have a deep understanding of the organization’s business and technology environment. The team should also have the authority and resources to be effective.
2. Integrate Security into the Development Lifecycle: The next step is to integrate security into the organization’s software development lifecycle (SDLC). This is often referred to as a Secure SDLC or DevSecOps. The goal is to make security an integral part of the development process, rather than a separate activity that is performed at the end of the process. This involves a number of activities, such as threat modeling, security architecture and design review, security code review, and security testing. By integrating security into the SDLC, organizations can identify and fix security vulnerabilities early in the development process, when they are easier and less expensive to fix.
3. Adopt Security Tools and Technologies: There are a wide range of security tools and technologies that can help organizations to automate and improve their security engineering practices. These tools can be used to perform a variety of tasks, such as vulnerability scanning, penetration testing, and code analysis. By adopting the right security tools and technologies, organizations can improve the efficiency and effectiveness of their security engineering efforts.
4. Foster a Culture of Security: Technology alone is not enough to ensure security. It is also essential to foster a culture of security within the organization. This means that everyone in the organization, from the CEO to the janitor, understands the importance of security and is committed to doing their part to protect the organization’s assets. A strong security culture can be a powerful force for good, as it can help to ensure that security is always a top priority.
5. Measure and Improve: Finally, it is important to continuously measure and improve the effectiveness of the organization’s security engineering practices. This involves collecting and analyzing data on security metrics, such as the number of vulnerabilities found and fixed, the time it takes to fix vulnerabilities, and the cost of security breaches. By tracking these metrics over time, organizations can identify areas where they need to improve and can make data-driven decisions about how to allocate their security resources.
The adoption of a robust security engineering practice can have a significant and positive impact on an organization’s security posture. By proactively identifying and mitigating security risks, organizations can reduce the likelihood and impact of security breaches, which can result in significant cost savings and reputational benefits. The evidence for the effectiveness of security engineering can be seen in the numerous studies and reports that have been published on the topic.
One of the most significant impacts of security engineering is a reduction in the number of security vulnerabilities. By integrating security into the development lifecycle, organizations can identify and fix security vulnerabilities early in the development process, when they are easier and less expensive to fix. This can lead to a significant reduction in the number of vulnerabilities that are present in production systems, which in turn can reduce the risk of a security breach.
Anothe key impact is the reduction in the cost of security breaches. The cost of a security breach can be significant, including the cost of remediation, the cost of customer notification, and the cost of reputational damage. By reducing the likelihood and impact of security breaches, security engineering can help organizations to avoid these costs. For example, a study by the Ponemon Institute found that the average cost of a data breach was $3.86 million in 2020. By investing in security engineering, organizations can significantly reduce their risk of a costly data breach.
Security engineering can also lead to improved compliance with industry and government regulations. Many regulations, such as the General Data Protection Regulation (GDPR) and the Health Insurance Portability and Accountability Act (HIPAA), require organizations to implement a robust security program. By adopting a security engineering practice, organizations can demonstrate that they are taking a proactive approach to security and can improve their compliance with these regulations.
Finally, security engineering can have a positive impact on an organization’s reputation. In today’s digital world, a security breach can have a devastating impact on an organization’s reputation. By investing in security engineering, organizations can demonstrate that they are committed to protecting their customers’ data and can build trust with their customers. This can be a significant competitive advantage in a crowded marketplace.
The cognitive era, characterized by the rise of artificial intelligence (AI) and machine learning (ML), presents both new challenges and opportunities for security engineering. As systems become more complex and interconnected, the attack surface expands, and traditional security measures may no longer be sufficient. However, AI and ML can also be leveraged to enhance security, enabling more proactive and intelligent defense mechanisms.
One of the primary challenges in the cognitive era is the security of AI and ML systems themselves. These systems are susceptible to a new class of attacks, such as adversarial attacks, data poisoning, and model stealing. Adversarial attacks involve crafting malicious inputs that are designed to fool an AI system into making an incorrect prediction. Data poisoning involves injecting malicious data into the training set of an AI system to corrupt the model. Model stealing involves an attacker trying to steal a trained model from an organization. Security engineers need to develop new techniques to defend against these attacks and to ensure the integrity and confidentiality of AI and ML systems.
Another challenge is the use of AI and ML by attackers. Attackers can use AI and ML to automate and scale their attacks, making them more effective and more difficult to defend against. For example, attackers can use AI to generate realistic-looking phishing emails or to create malware that can evade detection by traditional security tools. Security engineers need to stay one step ahead of the attackers and to develop new defense mechanisms that can detect and respond to these AI-powered attacks.
Despite these challenges, the cognitive era also presents significant opportunities for security engineering. AI and ML can be used to enhance security in a number of ways. For example, AI can be used to automate the process of threat detection and response, to identify and prioritize vulnerabilities, and to detect and block malicious activity in real-time. By leveraging the power of AI and ML, security engineers can build more intelligent and more effective security systems.
In the cognitive era, security engineering must evolve to address the new challenges and to take advantage of the new opportunities that are presented by AI and ML. This will require a new set of skills and a new way of thinking about security. Security engineers will need to have a deep understanding of AI and ML, as well as a strong foundation in traditional security principles and practices. They will also need to be able to think like an attacker and to anticipate the new and creative ways that attackers will### 8. Commons Alignment Assessment (v2.0)
This assessment evaluates the pattern based on the Commons OS v2.0 framework, which focuses on the pattern’s ability to enable resilient collective value creation.
1. Stakeholder Architecture: Security engineering establishes a clear architecture of responsibilities among stakeholders to ensure system integrity and dependability. It assigns responsibilities to developers for building secure code, to operators for maintaining a secure infrastructure, and to users for following security best practices. The rights of stakeholders, such as their right to data privacy and system availability, are protected by fulfilling these responsibilities, thereby creating a framework of collective accountability for the commons.
2. Value Creation Capability: This pattern is fundamental to value creation as it focuses on preserving the integrity and availability of a system, which is a prerequisite for any other form of value to be generated and sustained. By protecting against value destruction from malice or error, it enables the creation of social, knowledge, and economic value that depends on a trustworthy and resilient infrastructure. Its primary contribution is the creation of resilience and trust, which are essential forms of value in any collective endeavor.
3. Resilience & Adaptability: Resilience and adaptability are at the very core of security engineering, which aims to build systems that remain dependable in the face of malice, error, or mischance. Principles like Defense in Depth and practices like continuous threat modeling and security testing are designed to help systems adapt to an evolving threat landscape and maintain coherence under stress. The pattern enables a system to thrive on change by treating security not as a static state but as a dynamic and continuous process of adaptation.
4. Ownership Architecture: Security engineering reframes ownership as a set of responsibilities for stewardship rather than just a collection of rights. It implies that all stakeholders who benefit from a system also have a responsibility to contribute to its security, whether by writing secure code, reporting vulnerabilities, or using the system responsibly. This defines a form of collective ownership where the value of the commons is protected through distributed responsibilities, moving beyond a purely monetary or equity-based view of ownership.
5. Design for Autonomy: The principles of security engineering, such as Security by Design and the Principle of Least Privilege, are highly compatible with autonomous systems like AI and DAOs. By building security in from the ground up, these systems can operate with a higher degree of trust and require less human intervention for security monitoring and response. This low-coordination-overhead approach is essential for the scalability and effectiveness of distributed and autonomous value creation systems.
6. Composability & Interoperability: Security engineering is a highly composable pattern that is designed to be integrated with other patterns to build larger, more complex systems. It is not a standalone solution but a cross-cutting concern that must be applied at every layer of a system, from the hardware to the application layer. Its principles and practices can be combined with virtually any other technical or organizational pattern to ensure that the resulting system is secure and resilient, making it a foundational element for building robust value-creation ecosystems.
7. Fractal Value Creation: The logic of security engineering is inherently fractal, as its principles apply at all scales of a system. The same concepts of threat modeling, defense in depth, and least privilege can be applied to a single software module, a complex web application, an entire organization, or even a network of collaborating organizations. This allows the value-creation logic of security to be replicated and adapted across different levels of a system, ensuring that security is a consistent property of the whole.
Overall Score: 4 (Value Creation Enabler)
Rationale: Security Engineering is a critical enabler of collective value creation because it provides the foundational resilience and trust upon which any shared resource or system depends. It establishes a clear architecture of rights and responsibilities for protecting the commons from harm, and its principles are fractal and composable, allowing it to be integrated across all scales of a system. While it does not, by itself, define the purpose or governance of a commons, it is an essential prerequisite for any commons to survive and thrive in a complex and often adversarial environment.
Opportunities for Improvement:
- Explicitly frame security responsibilities in the context of commons stewardship to encourage a more proactive and collective approach to security.
- Develop security metrics that measure the resilience and trustworthiness of the commons, not just the absence of vulnerabilities.
- Integrate security engineering more deeply with the governance and economic models of a commons to ensure that the costs and benefits of security are shared equitably among all stakeholders.
| Dimension | Assessment - |
| Openness & Transparency | The principle of “Open Design” directly aligns with this dimension. Security through obscurity is discouraged, and the security of a system should not rely on the secrecy of its implementation. This promotes transparency and allows for peer review, which is a cornerstone of commons-based projects. - |
| Decentralization & Federation | Security engineering can support decentralization by providing the tools and techniques needed to build secure and resilient decentralized systems. For example, cryptographic techniques can be used to secure communications and transactions in a decentralized network. However, security engineering is also used to secure centralized systems, so its alignment with this dimension is context-dependent. - |
| Collaboration & Contribution | The practice of security engineering often involves collaboration between different teams and individuals within an organization. Security engineers work closely with developers, operations teams, and business stakeholders to ensure that security is built into systems from the ground up. In the context of open source projects, security engineering is a highly collaborative activity, with individuals from all over the world contributing to the security of the project. - |
| Stewardship & Governance | Security engineering can be seen as a form of stewardship, as it is about protecting and preserving the value of information and systems. By implementing good security practices, organizations can ensure that their assets are protected from harm and that they are available to those who need them. In a commons context, security engineering can help to ensure the long-term sustainability of the commons by protecting it from attack and misuse. - |
| Inclusivity & Diversity | Security engineering can promote inclusivity by ensuring that systems are accessible and usable by people with a wide range of abilities and backgrounds. For example, by following accessibility guidelines, security engineers can ensure that their systems can be used by people with disabilities. However, the field of security engineering itself has historically not been very diverse, and there is a need to do more to attract and retain a more diverse workforce. - |
| Fairness & Equity | Security engineering can contribute to fairness and equity by ensuring that all users are treated equally and that there is no discrimination in the application of security policies. For example, by using unbiased algorithms, security engineers can help to ensure that their systems do not discriminate against certain groups of people. However, there is also a risk that security measures can be used to reinforce existing inequalities, so it is important to be mindful of this and to design systems that are fair and equitable for all. - |
| Sustainability & Resilience | Security engineering is directly aligned with the dimension of sustainability and resilience. The core purpose of security engineering is to build systems that are resilient to attack and that can continue to operate in the face of adversity. By building more secure and resilient systems, organizations can ensure their long-term sustainability and can reduce their risk of a catastrophic failure. - |
Overall, security engineering has a moderate to high alignment with the principles of a commons-based approach. While it is often applied in proprietary contexts, its core principles of openness, collaboration, and resilience are highly synergistic with the goals of the commons. By embracing a commons-based approach to security, organizations can build more secure, resilient, and equitable systems for all.
[1] “Security engineering - Wikipedia.” [Online]. Available: https://en.wikipedia.org/wiki/Security_engineering [2] “Principles of security - OWASP Developer Guide.” [Online]. Available: https://devguide.owasp.org/en/02-foundations/03-security-principles/