
	Where results make sense

Topic: Security engineering

Related Topics

Systems engineering

Secure cryptoprocessor

List of engineers

Ross Anderson

Physical security

Automotive engineering

Aeronautical engineering

Software engineering

Locksmithing

Cryptography

Automatic teller machine

Electronic underground community

Authentication

Hacking

King Lear

In the News (Fri 25 Dec 09)

Northern Trust

Marvin Harrison

Peter Chernin

Gary Locke

Match Play

Penelope Cruz

Mickey Rourke

AR Rahman

Danny Boyle

Hugh Jackman

	Social engineering (computer security) - Wikipedia, the free encyclopedia
		A social engineer will commonly use the telephone or Internet to trick people into revealing sensitive information or getting them to do something that is against typical policies.
		By this method, social engineers exploit the natural tendency of a person to trust his or her word, rather than exploiting computer security holes.
		A contemporary example of a social engineering attack is the use of e-mail attachments that contain malicious payloads (that, for instance, use the victim's machine to send massive quantities of spam).
	en.wikipedia.org /wiki/Social_engineering_(computer_security) (440 words)

	JOT: Journal of Object Technology - Engineering Security Requirements (Site not responding. Last check: 2007-11-05)
		Most requirements engineers are not trained at all in security, and the few that have been trained have only been given an overview of security architectural mechanisms such as passwords and encryption rather than in actual security requirements.
		Thus, the most common problem with security requirements, when they are specified at all, is that they tend to be accidentally replaced with security-specific architectural constraints that may unnecessarily constrain the security team from using the most appropriate security mechanisms for meeting the true underlying security requirements.
		A security auditing requirement is any security requirement that specifies the extent to which a business, application, component, or center shall enable security personnel to audit the status and use of its security mechanisms.
	www.jot.fm /issues/issue_2003_01/column6 (4235 words)

	U.S. Department of State Careers: Foreign Service Specialist: Security Engineering Officer (Site not responding. Last check: 2007-11-05)
		Foreign Service Security Engineering Officers (SEOs) of the Bureau of Diplomatic Security are responsible throughout the world for the protection of Department of State personnel, facilities, and sensitive information from acts of crime, terrorism, and technical espionage.
		All Security Engineering Officers must complete approximately seven months of specialized training in the Washington, DC area upon their entry on duty with the Department of State.
		Security Engineering Officers are administratively promoted from the FP-06 to the FP-05 level after 12 months of satisfactory performance, and to the FP-04 level after an additional 18 months of satisfactory performance.
	www.careers.state.gov /print/specialist/opportunities/seceng.html (2753 words)

	O'Reilly Network Safari Bookshelf - Security Warrior
		Covering everything from reverse engineering to SQL attacks, and including topics like social engineering, antiforensics, and common attacks against UNIX and Windows systems, this book teaches you to know your enemy and how to be prepared to do battle.
		Security Warrior is the most comprehensive and up-to-date book covering the art of computer war: attacks against computer systems and their defenses.
		While much of the book, and of security writing in general, is directed at UNIX systems there is a decent coverage of the Windows environment, which given its track record is in much more need of security warriors.
	safari.oreilly.com /0596005458 (923 words)

	Network Engineering - Network Security Policy for ORST.EDU (Site not responding. Last check: 2007-11-05)
		Oregon State University Network Security Policy May 26, 2000 Policy: OSU's network shall be run in a secure manner, with reasonable steps taken to protect electronic data assets owned and/or managed by Oregon State University, and the transmission of them.
		Security event Actions taken on the network which jeopardize, or threatens to jeopardize, the integrity of OSU's Network (or other Networks) or actions which violate Federal or State Law.
		Security Events are to be reported to the email alias abuse@orst.edu and to the node and or network administrator originating the event.
	oregonstate.edu /net/info/policy/network_security_policy.html (502 words)

	Career Opportunities
		Security engineering officers are highly skilled professional engineers who serve worldwide.
		Security engineers are responsible for the technical and informational security programs at our diplomatic and consular posts overseas.
		Security technical specialists are assigned throughout the world to develop, implement, and maintain technical security programs at U.S. diplomatic missions.
	www.state.gov /m/ds/career (227 words)

	Portable Security: Michigan Engineering Designs Laptop Security System
		Engineers at the University of Michigan have developed a security framework for mobile computing devices that will automatically encrypt sensitive information when owners stray too far from their machines, or vice-versa.
		Protections schemes like ZIA could help keep national security documents secret by automatically scrambling sensitive information found on these laptops as soon as they are separated from their owners.
		The College is composed of 11 academic departments: aerospace engineering; atmospheric, oceanic and space sciences; biomedical engineering; chemical engineering; civil and environmental engineering; electrical engineering and computer science; industrial and operations engineering; materials science and engineering; mechanical engineering; naval architecture and marine engineering; and nuclear engineering and radiological sciences.
	www.sciencedaily.com /releases/2002/08/020819070155.htm (927 words)

	Security Engineering Officer
		An engineer’s knowledge must extend to the leading edges of electronic technology, physics, and computer science, yet officers must be willing to use their hands to investigate indications of a technical threat.
		Security Engineering Officers attend approximately seven months of specialized training in the Washington, DC area upon entering on duty.
		Security Engineers are members of the Foreign Service and spend a substantial portion of their careers abroad.
	www.state.gov /m/ds/rls/rpt/20216.htm (732 words)

	The National Security Agency's Use of the Systems Security Engineering Capability Maturity Model (SSE-CMM)
		NSA began the effort to develop a CMM for security engineering in 1993, with the hopes that the security engineering community would become involved to help define the criteria against which they might be assessed in the future.
		She is a member of the Chief Information Officers Council Federal Best Security Practices subcommittee and is addressing the concerns outlined in Presidential Decision Directive 63, which calls for a national effort to assure the security of the increasingly vulnerable and interconnected infrastructures of the United States.
		She served as government lead for the development of the Systems Security Engineering Capability Maturity Model (SSE-CMM) which is the product of a voluntary collaboration of 50 government and industry organizations to meet the needs of the security engineering community.
	csrc.nist.gov /nissc/program/ssecmm.htm (1083 words)

	Social Engineering: The Human Side Of Hacking
		What may come as a surprise, according to industry analysts and security experts, is that not every hacker is sitting alone with his computer hacking his way into a corporate VPN or running a program to crack executives' passwords.
		Robertson says for companies with great security technology in place, it's almost always possible to penetrate them using social engineering simply because it preys on the human impulse to be kind and helpful, and because IT executives aren't training employees to wary of it.
		For instance, he says security guards are trained to check on visitors if they go out in the smoking area to make sure they're not handing their admittance badge over to someone else.
	itmanagement.earthweb.com /secu/article.php/1040881 (1083 words)

	CFP: Formal Methods in Security Engineering (Site not responding. Last check: 2007-11-05)
		Formal Methods in Security Engineering: From Specifications to Code (FMSE 2003) Submission deadline is June 10, 2003 The workshop is held on October 30, 2003 in Washington D.C. The web page can be found at http://www.zurich.ibm.com/~mbc/FMSE02 Paper submission is done via the conference web page.
		The deployment of security mechanisms is often done in an ad-hoc manner only, without a formal security specification, often without a thorough security analysis and almost necessarily without a formal security validation of the final product.
		We aim to bring together researchers and practitioners from both the security and the software engineering communities, from academia and industry, who are working on applying formal methods to designing and validating large-scale systems.
	www.cs.utah.edu /flux/cipher/cfps/cfp-FMSE2003.html (155 words)

	Online Security: hacking, cracking, phreaking, intelligence services
		For those seeking to prevent security breaches, the first step is usually to attempt to identify what might motivate an attack on the system, how much the continued operation and information security of the system are worth, and who might be motivated to breach it.
		Malicious individuals have regularly penetrated well-designed, secure computer systems by taking advantage of the carelessness of trusted individuals, or by deliberately deceiving them, for example sending messages that they are the system admin and asking for passwords.
		Social engineering and direct computer access (physical) attacks can only be prevented by non-computer means, which can be difficult to enforce, relative to the sensitivity of the information.
	www.security.teleactivities.net (1704 words)

	Security Requirements Engineering : When Anti-requirements Hit the Fan - Crook, Ince, Lin, Nuseibeh (ResearchIndex) (Site not responding. Last check: 2007-11-05)
		Abstract: Everyone agrees that security is a problem, ranging from Microsoft to the banks that have been recent victims of rogue traders.
		What is paradoxical is that there does not seem to be a wholehearted commitment by both academics and industry to treat this topic systematically at the top level of requirements engineering.
		Our vision is of a future in which we inform the security requirements engineering process by organisational theory.
	citeseer.ist.psu.edu /crook02security.html (518 words)

	Security engineering for the rest of us
		During the requirements phase, the product team makes contact with the central security team to request the assignment of a security advisor (referred to as the "security buddy" in the implementation of the SDL at Microsoft) who serves as point of contact, resource, and guide as planning proceeds.
		During the three days I was up there, I spent about a third of that time chatting with J.D. Meier about his strategies and goals for publishing security advice for the rest of us, many of whom don't happen to have security buddies in their companies, or two months to wait before shipping a product.
		Here you'll learn how to overlay security tasks onto existing processes: requirements, design, implementation, testing, etc. so that no matter where you do these things in your current lifecycle, you'll know what sort of security tasks need to be done in that phase.
	pluralsight.com /blogs/keith/archive/2005/10/01/15185.aspx (1095 words)

	Amazon.ca: Books: Security Engineering: A Guide to Building Dependable Distributed Systems (Site not responding. Last check: 2007-11-05)
		Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorised use and general malice.
		This book covers everything from security of ATM machines, to secure printing; from multi-level security to information warfare; from hardware security to e-commerce; from legal issues to intellectual property protection; from biometrics to tamper resistance.
		What separates this book from every other book on security is that this book is not limited to computer or network security, it gets into the nitty gritty of digital security.
	www.amazon.ca /exec/obidos/ASIN/0471389226 (1151 words)

	ITworld.com - SECURITY.ITWORLD.COM - Security Engineering
		Such security mistakes are, more often than not, a result of poor security engineering.
		I doubt that security administrators or network engineers intend to expose their organizations to undue risk.
		When I question the network engineers about this problem, they quickly explain to me that they have applied the virtual LAN technology (VLAN) of their switch to reduce management and deployment costs.
	www.itworld.com /nl/security_strat/04102002 (759 words)

	Social Engineering for Security
		Social engineering is a scam, it's a con, and whether it's digital or physical, it depends on what the attack is. When I talk about it, I talk about it in the terms of electronic attacks and how it's used to perpetuate those particular kinds of attacks.
		But most people still can't get their basic security issues solved, and there are a lot of people out there who still just need to stick with the basics.
		And then when there's some kind of a potential security incident, the security team is brought in, and they actually look at resolving what the issue is. The security team puts representatives on major projects so that the security needs of the project are dealt with very early on.
	www.eweek.com /article2/0,1759,1593347,00.asp (2318 words)

	Survivable Systems Engineering
		The mission of the CERT Research team is to identify and eliminate shortcomings in security and survivability engineering methods.
		The FSQ project is defining rigorous engineering methods for complex network systems characterized by shifting boundaries and users, uncertain commercial off-the-shelf (COTS) software function and quality, extensive asynchronous operations, unpredictable failures and compromises, and lack of visibility and control.
		Many security engineering methods lead to patchwork designs that are rarely robust under malicious attack.
	www.sei.cmu.edu /organization/programs/nss/surv-net-tech.html (1031 words)

	SPEAR II - The Security Protocol Engineering and Analysis Resource - Saul, Hutchison (ResearchIndex) (Site not responding. Last check: 2007-11-05)
		Abstract: Multi-dimensional security protocol engineering is effective in creating cryptographic protocols since it encompasses a variety of analysis techniques, thereby providing a higher security confidence than individual approaches.
		SPEAR, the Security Protocol Engineering and Analysis Resource, was a protocol engineering tool which focused on cryptographic protocols, with the specific aims of enabling secure and efficient protocol designs and support for the production process of implementing...
		At present we are investigating the integration of other security tools and techniques with the GGSE framework, using SPEAR II as a...
	citeseer.ist.psu.edu /saul99spear.html (745 words)

	August 2003 - Secure Reads ... Ross Anderson's Security Engineering remains one of the most important security texts ... (Site not responding. Last check: 2007-11-05)
		With low expectations, I picked up Security Engineering only to learn that Ross Anderson's text is equivalent to finding the perfect job candidate: grounded in superior education, extensive experience and recognized in the field.
		Security Engineering is the first book to tackle the challenges of secure software and hardware design in a general manner, examining the topic from the perspective of several real-world scenarios.
		Anderson's lessons, recommendations and clever analogies about security designs in systems that seem quite unrelated are the crux of the book.
	infosecuritymag.techtarget.com /ss/0,295796,sid6_iss21_art104,00.html (470 words)

	Security Engineering (Site not responding. Last check: 2007-11-05)
		I-Assure security engineers develop and implement technology related solutions that increase the confidentiality, availability, and integrity of your information resources.
		And a good infrastructure is built upon a solid architecture that integrates those requirements across the organization into a consistent, well thought out design.
		I-Assures' top security architects and technicians have designed security infrastructures for some of the largest organizations in the world.
	www.i-assure.com /services/Security_Engineering.htm (139 words)

	Amazon.co.uk: Books: Security Engineering: A Guide to Building Dependable Distributed Systems (Site not responding. Last check: 2007-11-05)
		Security Engineering combined with Ross's website is a great service to Computer Security professionals and Security researchers.
		What becomes clear is that perfect security doesn't exist in the real world, so you need to create "security in depth", where you secure all aspects of your enterprise.
		In fact, the biggest threat is time itself -- a procedure secure today will become vulnerable in a couple of years if you don't treat security as a living, growing, changing, high-priority part of your enterprise.
	www.amazon.co.uk /exec/obidos/ASIN/0471389226 (1183 words)

	Security Engineering, Inc.
		Security Engineering, Inc. is a full service, low voltage electrical contractor servicing Western Massachusetts, Northern Connecticut, and Southern Vermont.
		When you hire Security Engineering, you have chosen a company that can meet several of your electronic systems needs.
		Our sales people and installation and service technicians are licensed and knowledgeable about security, sound, central vacuum, and many other related low voltage products.
	www.security-engineering.com (217 words)

	Security Engineering - A Guide to Building Dependable Distributed Systems
		There are many books on security tools, such as cryptology, access controls and intrusion detection systems, but so far there has been almost nothing on how to use them in real systems.
		Although the book grew out of notes for security courses I teach at Cambridge, I've rewritten the material to ensure it's accessible to the working programmer, and added lots of case histories and practical advice drawn from fifteen years' experience as an information security consultant.
		Security engineering is about building systems to remain dependable in the face of malice, error or mischance.
	www.cl.cam.ac.uk /~rja14/book.html (1212 words)

	ARC - INFOSEC Security Engineering
		Advanced Research has experienced contractors that develop U.S. Government and industry standardized security risk assessments and security plans in accordance with accepted standards.
		M client team, you will receive real time advisories of the latest observed exploits at our security Bulletin Board.
		Check out some of the more interesting security links we have found.
	www-arc.com /se.shtml (132 words)

	Security Engineering is the UK's leading independent manufacturer of mechanical locks and electronic locking systems (Site not responding. Last check: 2007-11-05)
		Security Engineering is the UK's leading independent manufacturer of mechanical locks and electronic locking systems
		Security Engineering is also the largest manufacturer of own-branded locks in the UK, supplying many leading retailers and merchants with their own packaging
		Security Engineering is the premier UK brand in the mechanical locks market with an impressive, high quality range, that is generally recognized as the very best in terms of reliability and durability, including British and European Standards mortice lock cases.
	www.securityengineering.co.uk /securityintro.htm (165 words)

Try your search on: Qwika (all wikis)