Security Engineering

This chapter addresses the problems of ensuring the security of complex systems, particularly cyber systems. The introductory section discusses the concepts of trustworthy secure systems, which create the foundation for functioning as intended also under the conditions of disruptions, hazards, and threats, with respect to given constraints, limitations, and uncertainty. The following section presents the idea of the life-cycle-based System Security Engineering, which refers to all processes and activities associated with the system throughout its entire life, with the focus on specific security considerations. Based on these assumptions, the systems security engineering framework was developed, which provides a conceptual view of the key contexts of the systems security engineering activities, both technical and nontechnical. The next section focuses on cyber security as a process for protecting information by preventing, detecting, and responding to attacks. The cyber security concept called CIA triad is discussed, and in conclusion, a general model for securing resources from adversarial attacks through appropriate security policies and selection of appropriate countermeasures is presented.