Jump to content

Cybersecurity engineering

From Wikipedia, the free encyclopedia

Cybersecurity engineering is a software engineering discipline focused on the protection of systems, networks, and data from unauthorized access, cyberattacks, and other malicious activities, including cybercrimes. As part of security engineering, it applies engineering principles to the design, implementation, maintenance, and evaluation of secure systems, ensuring the integrity, confidentiality, and availability of information.[1][2]

History

[edit]

In the 1970s, the introduction of the first public-key cryptosystems, such as the RSA algorithm, was a significant milestone, enabling secure communications between parties that did not share a previously established secret. During the 1980s, the expansion of local area networks (LANs) and the emergence of multi-user operating systems, such as UNIX, highlighted the need for more sophisticated access controls and system audits.[3]

In the 21st century, the field of cybersecurity engineering expanded to tackle sophisticated threats, including state-sponsored attacks, ransomware, and phishing. The integration of frameworks such as the NIST Cybersecurity Framework allowed for a more comprehensive approach that has included technical defense, prevention, response, and incident recovery.[4]

Principles

[edit]

Cybersecurity engineering principles support creating resilient systems capable of withstanding and responding to cyber threats, including:

  • Risk management: involves identifying, assessing, and prioritizing potential risks to inform security decisions. By understanding the likelihood and impact of various threats, organizations can allocate resources effectively, focusing on the most critical vulnerabilities.[5][6]
  • Defense in depth: advocates for a layered security approach, where multiple security measures are implemented at different levels of an organization. By using overlapping controls—such as firewalls, intrusion detection systems, and access controls—an organization can better protect itself against diverse threats.[7]
  • Secure by design: prioritizes building product features that reduce risk, such as requiring multi-factor authentication by default, eliminating default passwords, and providing security-related logging at no additional charge to customers.[8]
  • Secure coding: emphasizes the importance of removing potential vulnerabilities during the development phase.[9] Techniques such as input validation, proper error handling, and the use of secure libraries help minimize vulnerabilities, thereby reducing the risk of exploitation in production environments.[10]
  • Incident response and recovery: effective incident response planning supports managing potential security breaches. Organizations should establish predefined response protocols and recovery strategies to minimize damage, restore systems quickly, and learn from incidents to improve future security measures.[11][12]

Areas of focus

[edit]

Cybersecurity engineering works on several key areas. They start with secure architecture, designing systems and networks that integrate robust security features from the ground up. This proactive approach helps mitigate risks associated with cyber threats. During the design phase, engineers engage in threat modeling to identify potential vulnerabilities and threats, allowing them to develop effective countermeasures tailored to the specific environment. This forward-thinking strategy ensures that security is embedded within the infrastructure rather than bolted on as an afterthought.[13][14]

Penetration testing is another essential component of their work. By simulating cyber attacks, engineers can rigorously evaluate the effectiveness of existing security measures and uncover weaknesses before malicious actors exploit them. This hands-on testing approach not only identifies vulnerabilities but also helps organizations understand their risk landscape more comprehensively.[15][16]

Moreover, cybersecurity engineers ensure that systems comply with regulatory and industry standards, such as ISO 27001 and NIST guidelines. Compliance is vital not only for legal adherence but also for establishing a framework of best practices that enhance the overall security posture.[17][18]

Technologies and tools

[edit]

Firewalls and IDS/IPS

[edit]

Firewalls, whether hardware or software-based, are components of cybersecurity infrastructure, acting as barriers that control incoming and outgoing network traffic according to established security rules. By preventing unauthorized access, firewalls help protect networks from potential threats. Complementing this, Intrusion Detection Systems (IDS) continuously monitor network traffic to detect suspicious activities, alerting administrators to potential breaches. Intrusion Prevention Systems (IPS) enhance these measures by not only detecting threats but also actively blocking them in real-time, creating a more proactive security posture.[19][20]

Encryption

[edit]

Encryption is a cornerstone of data protection, employing sophisticated cryptographic techniques to secure sensitive information. This process ensures that data is rendered unreadable to unauthorized users, safeguarding both data at rest, such as files stored on servers, and data in transit, such as information sent over the internet. By implementing encryption protocols, organizations can maintain confidentiality and integrity, protecting critical assets from cyber threats and data breaches.[21][22]

Security Information and Event Management (SIEM)

[edit]

SIEM systems aggregate and analyze data from various sources across an organization's IT environment. They provide a comprehensive overview of security alerts and events, enabling cybersecurity engineers to detect anomalies and respond to incidents swiftly. By correlating information from different devices and applications, SIEM tools improve situational awareness and support compliance with regulatory requirements.[23][24]

Vulnerability assessment tools

[edit]

Vulnerability assessment tools are essential for identifying and evaluating security weaknesses within systems and applications. These tools conduct thorough scans to detect vulnerabilities, categorizing them based on severity. This prioritization allows cybersecurity engineers to focus on addressing the most critical vulnerabilities first, thus reducing the organization's risk exposure and enhancing overall security effectiveness.[25]

Threat Detection and Response (TDR)

[edit]

TDR solutions utilize advanced analytics to sift through vast amounts of data, identifying patterns that may indicate potential threats. Tools like Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA) provide real-time insights into security incidents, enabling organizations to respond effectively to threats before they escalate.[26]

Traffic control and Quality of Service (QoS)

[edit]

Traffic control measures in cybersecurity engineering are designed to optimize the flow of data within networks, mitigating risks such as Distributed Denial of Service (DDoS) attacks. By utilizing technologies like Web Application Firewalls (WAF) and load balancers, organizations can ensure secure and efficient traffic distribution. Additionally, implementing Quality of Service (QoS) protocols prioritizes critical applications and services, ensuring they maintain operational integrity even in the face of potential security incidents or resource contention.[27][28]

Endpoint detection and response (EDR) and extended detection and response (XDR)

[edit]

EDR tools focus on monitoring and analyzing endpoint activities, such as those on laptops and mobile devices, to detect threats in real time. XDR expands on EDR by integrating multiple security products, such as network analysis tools, providing a more holistic view of an organization's security posture. This comprehensive insight aids in the early detection and mitigation of threats across various points in the network.[citation needed]

Standards and regulations

[edit]
Main article: Cyber-security regulation

Various countries establish legislative frameworks that define requirements for the protection of personal data and information security across different sectors. In the United States, specific regulations play a critical role in safeguarding sensitive information. The Health Insurance Portability and Accountability Act (HIPAA) outlines stringent standards for protecting health information, ensuring that healthcare organizations maintain the confidentiality and integrity of patient data.[29][30]

The Sarbanes-Oxley Act (SOX) sets forth compliance requirements aimed at enhancing the accuracy and reliability of financial reporting and corporate governance, thereby securing corporate data.[31] Additionally, the Federal Information Security Management Act (FISMA) mandates comprehensive security standards for federal agencies and their contractors, ensuring a unified approach to information security across the government sector.[32]

Globally, numerous other regulations also address data protection, such as the General Data Protection Regulation (GDPR) in the European Union, which sets a high standard for data privacy and empowers individuals with greater control over their personal information. These frameworks collectively contribute to establishing robust cybersecurity measures and promote best practices across various industries.

Education

[edit]

Professionals in cybersecurity engineering include both people with formal educations in the field and people who have gained their expertise through self-study and work experience.[33] Paths in formal education include a bachelor's degree or master's degree in computer science, computer engineering, or a related field. A study in 2020 found that 60% of jobs in cybersecurity required a college degree in a related field, 25% preferred a graduate degree, and 30% required a certification.[34] Certifications related to cybersecurity include:

References

[edit]
  1. ^ "Cybersecurity Engineering". DTU Research Database. Retrieved 2024-10-14.
  2. ^ Callen, Jennifer; James, Jason E. (2020). "CYBERSECURITY ENGINEERING: THE GROWING NEED". Issues in Information Systems. 21 (4): 275–284. doi:10.48009/4_iis_2020_275-284.
  3. ^ "The history of cybersecurity pt. 2: 1960s". Percepticon. 2023-12-20. Retrieved 2024-10-14.
  4. ^ "The 21st-century evolution of cyber security". ICAEW. Retrieved 2024-10-14.
  5. ^ "Risk Management". Cybersecurity and Infrastructure Security Agency CISA. Retrieved 2024-10-14.
  6. ^ "What is Cyber Risk Management?". IBM. 2023-05-25. Retrieved 2024-10-14.
  7. ^ "defense-in-depth - Glossary". NIST CSRC. Retrieved 2024-10-14.
  8. ^ "Secure-by-Design - Shifting the Balance of Cybersecurity Risk: Principles and Approaches for Secure by Design Software". U.S. CISA. 2023-10-25. Retrieved 2026-05-04.
  9. ^ Nidiffer, Kenneth; Woody, Carol; Chick, Timothy A. (2018-12-14). "Program Manager's Guidebook for Software Assurance". Carnegie Mellon University Software Engineering Institute. p. 34. Retrieved 2026-05-04.
  10. ^ "OWASP Secure Coding Practices - Quick Reference Guide". OWASP Foundation. Retrieved 2026-05-04.
  11. ^ "What is Incident Response? Definition and Complete Guide". TechTarget. Retrieved 2024-10-14.
  12. ^ "What is Incident Response". Cybersecurity Exchange. 2024-03-07. Retrieved 2024-10-14.
  13. ^ "security architecture - Glossary". CSRC NIST. Retrieved 2024-10-14.
  14. ^ "What Is Security Architecture?". Palo Alto Networks. Retrieved 2024-10-14.
  15. ^ "What is Penetration Testing | Step-By-Step Process & Methods". Imperva. Retrieved 2024-10-14.
  16. ^ EC-Council (2024-02-27). "What Is Penetration Testing or Pentest?| Types, Tools, Steps & Benefits | EC-Council". Cybersecurity Exchange. Retrieved 2024-10-14.
  17. ^ Kosutic, Dejan. "What is ISO 27001? An easy-to-understand explanation". Retrieved 2024-10-14.
  18. ^ "Understanding the NIST cybersecurity framework". Federal Trade Commission. 2018-10-05. Retrieved 2024-10-14.
  19. ^ "What Is a Firewall?". Cisco. Retrieved 2024-10-14.
  20. ^ "What is IDS and IPS?". Juniper Networks. Retrieved 2024-10-14.
  21. ^ "Difference between Encryption and Cryptography". GeeksforGeeks. 2021-02-05. Retrieved 2024-10-14.
  22. ^ "Principles of encryption". Open Learning. Retrieved 2024-10-14.
  23. ^ "What Is SIEM?". Microsoft. Retrieved 2024-10-14.
  24. ^ "What Is SIEM? Security Information and Event Management Guide - IT Glossary". SolarWinds. Retrieved 2024-10-14.
  25. ^ "What Is Vulnerability Assessment? Benefits, Tools, and Process". HackerOne. Retrieved 2024-10-14.
  26. ^ "What Is Threat Detection and Response (TDR)?". Aqua. Retrieved 2024-10-14.
  27. ^ "What is Network Traffic Analysis (NTA)?". Rapid7. Retrieved 2024-10-14.
  28. ^ "Quality of Service (QoS) - Glossary". CSRC NIST. Retrieved 2024-10-14.
  29. ^ "Health Information Privacy". U.S. Department of Health and Human Services. Retrieved 2024-10-14.
  30. ^ Marron, Jeffrey A (2024-02-14). Implementing the health insurance portability and accountability act (HIPAA) security rule :: a cybersecurity resource guide (PDF) (Report). Gaithersburg, MD: National Institute of Standards and Technology (U.S.). doi:10.6028/nist.sp.800-66r2.
  31. ^ STULTS, Gregg (2004-07-25). "An Overview of Sarbanes-Oxley for the Information Security Professional". SANS Institute.
  32. ^ "Federal Information Security Modernization Act". CISA. Retrieved 2024-10-14.
  33. ^ Adams, Ed (2024-01-12). "Chapter 1: Introduction and Motivation". See Yourself in Cyber: Security Careers Beyond Hacking. John Wiley & Sons. ISBN 978-1-394-22560-6.
  34. ^ Marquardson, Jim; Elnoshokaty, Ahmed (February 2020). "Skills, Certifications, or Degrees: What Companies Demand for Entry-Level Cybersecurity Jobs". Information Systems Education Journal. 18 (1): 22–28.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Cybersecurity_engineering&oldid=1356672706"