Cybersecurity engineering

Last updated

Cybersecurity engineering is a tech discipline focused on the protection of systems, networks, and data from unauthorized access, cyberattacks, and other malicious activities. It applies engineering principles to the design, implementation, maintenance, and evaluation of secure systems, ensuring the integrity, confidentiality, and availability of information. [1] [2]

Contents

Given the rising costs of cybercrimes, which now amount to trillions of dollars in global economic losses each year, organizations are seeking cybersecurity engineers to safeguard their data, reduce potential damages, and strengthen their defensive security systems. [3]

History

Cybersecurity engineering began to take shape as a distinct field in the 1970s, coinciding with the growth of computer networks and the Internet. Initially, security efforts focused on physical protection, such as safeguarding mainframes and limiting access to sensitive areas. However, as systems became more interconnected, digital security gained prominence.[ citation needed ]

In the 1970s, the introduction of the first public-key cryptosystems, such as the RSA algorithm, was a significant milestone, enabling secure communications between parties that did not share a previously established secret. During the 1980s, the expansion of local area networks (LANs) and the emergence of multi-user operating systems, such as UNIX, highlighted the need for more sophisticated access controls and system audits. [4] [5]

The Internet and the consolidation of security practices

In the 1990s, the rise of the Internet alongside the advent of the World Wide Web (WWW) brought new challenges to cybersecurity. The emergence of viruses, worms, and distributed denial-of-service (DDoS) attacks required the development of new defensive techniques, such as firewalls and antivirus software. This period marked the solidification of the information security concept, which began to include not only technical protections but also organizational policies and practices for risk mitigation. [6]

Modern era and technological advances

In the 21st century, the field of cybersecurity engineering expanded to tackle sophisticated threats, including state-sponsored attacks, ransomware, and phishing. Concepts like layered security architecture and the use of artificial intelligence for threat detection became critical. The integration of frameworks such as the NIST Cybersecurity Framework emphasized the need for a comprehensive approach that includes technical defense, prevention, response, and incident recovery. Cybersecurity engineering has since expanded to encompass technical, legal, and ethical aspects, reflecting the increasing complexity of the threat landscape. [7]

Core principles

Cybersecurity engineering is underpinned by several essential principles that are integral to creating resilient systems capable of withstanding and responding to cyber threats.

Key areas of focus

Cybersecurity engineering works on several key areas. They start with secure architecture, designing systems and networks that integrate robust security features from the ground up. This proactive approach helps mitigate risks associated with cyber threats. During the design phase, engineers engage in threat modeling to identify potential vulnerabilities and threats, allowing them to develop effective countermeasures tailored to the specific environment. This forward-thinking strategy ensures that security is embedded within the infrastructure rather than bolted on as an afterthought. [13] [14]

Penetration testing is another essential component of their work. By simulating cyber attacks, engineers can rigorously evaluate the effectiveness of existing security measures and uncover weaknesses before malicious actors exploit them. This hands-on testing approach not only identifies vulnerabilities but also helps organizations understand their risk landscape more comprehensively. [15] [16]

Moreover, cybersecurity engineers ensure that systems comply with regulatory and industry standards, such as ISO 27001 and NIST guidelines. Compliance is vital not only for legal adherence but also for establishing a framework of best practices that enhance the overall security posture. [17] [18]

Technologies and tools

Firewalls and IDS/IPS

Firewalls, whether hardware or software-based, are vital components of a cybersecurity infrastructure, acting as barriers that control incoming and outgoing network traffic according to established security rules. By preventing unauthorized access, firewalls protect networks from potential threats. Complementing this, Intrusion Detection Systems (IDS) continuously monitor network traffic to detect suspicious activities, alerting administrators to potential breaches. Intrusion Prevention Systems (IPS) enhance these measures by not only detecting threats but also actively blocking them in real-time, creating a more proactive security posture. [19] [20]

Encryption

Encryption is a cornerstone of data protection, employing sophisticated cryptographic techniques to secure sensitive information. This process ensures that data is rendered unreadable to unauthorized users, safeguarding both data at rest—such as files stored on servers—and data in transit—like information sent over the internet. By implementing encryption protocols, organizations can maintain confidentiality and integrity, protecting critical assets from cyber threats and data breaches. [21] [22]

Security Information and Event Management (SIEM)

SIEM systems play a crucial role in modern cybersecurity engineering by aggregating and analyzing data from various sources across an organization's IT environment. They provide a comprehensive overview of security alerts and events, enabling cybersecurity engineers to detect anomalies and respond to incidents swiftly. By correlating information from different devices and applications, SIEM tools enhance situational awareness and support compliance with regulatory requirements. [23] [24]

Vulnerability assessment tools

Vulnerability assessment tools are essential for identifying and evaluating security weaknesses within systems and applications. These tools conduct thorough scans to detect vulnerabilities, categorizing them based on severity. This prioritization allows cybersecurity engineers to focus on addressing the most critical vulnerabilities first, thus reducing the organization's risk exposure and enhancing overall security effectiveness. [25]

Threat Detection and Response (TDR)

TDR solutions utilize advanced analytics to sift through vast amounts of data, identifying patterns that may indicate potential threats. Tools like Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA) provide real-time insights into security incidents, enabling organizations to respond effectively to threats before they escalate. [26]

Traffic control and Quality of Service (QoS)

Traffic control measures in cybersecurity engineering are designed to optimize the flow of data within networks, mitigating risks such as Distributed Denial of Service (DDoS) attacks. By utilizing technologies like Web Application Firewalls (WAF) and load balancers, organizations can ensure secure and efficient traffic distribution. Additionally, implementing Quality of Service (QoS) protocols prioritizes critical applications and services, ensuring they maintain operational integrity even in the face of potential security incidents or resource contention. [27] [28]

Endpoint detection and response (EDR) and extended detection and response (XDR)

EDR tools focus on monitoring and analyzing endpoint activities, such as those on laptops and mobile devices, to detect threats in real time. XDR expands on EDR by integrating multiple security products, such as network analysis tools, providing a more holistic view of an organization's security posture. This comprehensive insight aids in the early detection and mitigation of threats across various points in the network.[ citation needed ]

Standards and regulations

Various countries establish legislative frameworks that define requirements for the protection of personal data and information security across different sectors. In the United States, specific regulations play a critical role in safeguarding sensitive information. The Health Insurance Portability and Accountability Act (HIPAA) outlines stringent standards for protecting health information, ensuring that healthcare organizations maintain the confidentiality and integrity of patient data. [29] [30]

The Sarbanes-Oxley Act (SOX) sets forth compliance requirements aimed at enhancing the accuracy and reliability of financial reporting and corporate governance, thereby securing corporate data. [31] Additionally, the Federal Information Security Management Act (FISMA) mandates comprehensive security standards for federal agencies and their contractors, ensuring a unified approach to information security across the government sector. [32]

Globally, numerous other regulations also address data protection, such as the General Data Protection Regulation (GDPR) in the European Union, which sets a high standard for data privacy and empowers individuals with greater control over their personal information. [33] These frameworks collectively contribute to establishing robust cybersecurity measures and promote best practices across various industries.

Education

A career in cybersecurity engineering typically requires a strong educational foundation in information technology or a related field. Many professionals pursue a bachelor's degree in cybersecurity or computer engineering which covers essential topics such as network security, cryptography, and risk management. [3]

For those seeking advanced knowledge, a master's degree in cybersecurity engineering can provide deeper insights into specialized areas like ethical hacking, secure software development, and incident response strategies. Additionally, hands-on training through internships or lab experiences is highly valuable, as it equips students with practical skills essential for addressing real-world security challenges. [34]

Continuous education is crucial in this field, with many engineers opting for certifications to stay current with industry trends and technologies. Security certifications are important credentials for professionals looking to demonstrate their expertise in cybersecurity practices. [35] Key certifications include:

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that can lead to unauthorized information disclosure, theft or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

Information security standards are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

A cybersecurity regulation comprises directives that safeguard information technology and computer systems with the purpose of forcing companies and organizations to protect their systems and information from cyberattacks like viruses, worms, Trojan horses, phishing, denial of service (DOS) attacks, unauthorized access and control system attacks. While cybersecurity regulations aim to minimize cyber risks and enhance protection, the uncertainty arising from frequent changes or new regulations can significantly impact organizational response strategies.

A chief information security officer (CISO) is a senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing, and maintaining processes across the enterprise to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance. The CISO is also responsible for protecting proprietary information and assets of the company, including the data of clients and consumers. CISO works with other executives to make sure the company is growing in a responsible and ethical manner.

Threat modeling is a process by which potential threats, such as structural vulnerabilities or the absence of appropriate safeguards, can be identified and enumerated, and countermeasures prioritized. The purpose of threat modeling is to provide defenders with a systematic analysis of what controls or defenses need to be included, given the nature of the system, the probable attacker's profile, the most likely attack vectors, and the assets most desired by an attacker. Threat modeling answers questions like "Where am I most vulnerable to attack?", "What are the most relevant threats?", and "What do I need to do to safeguard against these threats?".

Security controls or security measures are safeguards or countermeasures to avoid, detect, counteract, or minimize security risks to physical property, information, computer systems, or other assets. In the field of information security, such controls protect the confidentiality, integrity and availability of information.

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

Computer security software or cybersecurity software is any computer program designed to influence information security. This is often taken in the context of defending computer systems or data, yet can incorporate programs designed specifically for subverting computer systems due to their significant overlap, and the adage that the best defense is a good offense.

Security information and event management (SIEM) is a field within computer security that combines security information management (SIM) and security event management (SEM) to enable real-time analysis of security alerts generated by applications and network hardware. SIEM systems are central to security operations centers (SOCs), where they are employed to detect, investigate, and respond to security incidents. SIEM technology collects and aggregates data from various systems, allowing organizations to meet compliance requirements while safeguarding against threats.

Control system security, or automation and control system (ACS) cybersecurity, is the prevention of interference with the proper operation of industrial automation and control systems. These control systems manage essential services including electricity, petroleum production, water, transportation, manufacturing, and communications. They rely on computers, networks, operating systems, applications, and programmable controllers, each of which could contain security vulnerabilities. The 2010 discovery of the Stuxnet worm demonstrated the vulnerability of these systems to cyber incidents. The United States and other governments have passed cyber-security regulations requiring enhanced protection for control systems operating critical infrastructure.

<span class="mw-page-title-main">Information security operations center</span> Facility where enterprise information systems are monitored, assessed, and defended

An information security operations center is a facility where enterprise information systems are monitored, assessed, and defended.

Kiteworks, formerly known as Accellion, Inc., is an American technology company that secures sensitive content communications over channels such as email, file share, file transfer, managed file transfer, web forms, and application programming interfaces. The company was founded in 1999 in Singapore and is now based in San Mateo, California.

Endpoint security or endpoint protection is an approach to the protection of computer networks that are remotely bridged to client devices. The connection of endpoint devices such as laptops, tablets, mobile phones, and other wireless devices to corporate networks creates attack paths for security threats. Endpoint security attempts to ensure that such devices follow compliance to standards.

Cyber threat intelligence (CTI) is a subfield of cybersecurity that focuses on the structured collection, analysis, and dissemination of data regarding potential or existing cyber threats. It provides organizations with the insights necessary to anticipate, prevent, and respond to cyberattacks by understanding the behavior of threat actors, their tactics, and the vulnerabilities they exploit. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

A blue team is a group of individuals who perform an analysis of information systems to ensure security, identify security flaws, verify the effectiveness of each security measure, and make certain all security measures will continue to be effective after implementation.

A threat actor, bad actor or malicious actor is either a person or a group of people that take part in an action that is intended to cause harm to the cyber realm including: computers, devices, systems, or networks. The term is typically used to describe individuals or groups that perform malicious acts against a person or an organization of any type or size. Threat actors engage in cyber related offenses to exploit open vulnerabilities and disrupt operations. Threat actors have different educational backgrounds, skills, and resources. The frequency and classification of cyber attacks changes rapidly. The background of threat actors helps dictate who they target, how they attack, and what information they seek. There are a number of threat actors including: cyber criminals, nation-state actors, ideologues, thrill seekers/trolls, insiders, and competitors. These threat actors all have distinct motivations, techniques, targets, and uses of stolen data. See Advanced persistent threats for a list of identified threat actors.

The Center for Internet Security (CIS) is a US 501(c)(3) nonprofit organization, formed in October 2000. Its mission statement professes that the function of CIS is to " help people, businesses, and governments protect themselves against pervasive cyber threats."

This is a list of cybersecurity information technology. Cybersecurity is security as it is applied to information technology. This includes all technology that stores, manipulates, or moves data, such as computers, data networks, and all devices connected to or included in networks, such as routers and switches. All information technology devices and facilities need to be secured against intrusion, unauthorized use, and vandalism. Additionally, the users of information technology should be protected from theft of assets, extortion, identity theft, loss of privacy and confidentiality of personal information, malicious mischief, damage to equipment, business process compromise, and the general activity of cybercriminals. The public should be protected against acts of cyberterrorism, such as the compromise or loss of the electric power grid.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

References

  1. "Cybersecurity Engineering". DTU Research Database. Retrieved 2024-10-14.
  2. CALLEN, Jennifer; JAMES, Jason E. (2020). "CYBERSECURITY ENGINEERING: THE GROWING NEED". Issues in Information Systems. 21 (4): 275–284.
  3. 1 2 "How To Become A Cybersecurity Engineer: Salary, Education and Job Outlook". Forbes Advisor. Retrieved 2024-10-14.
  4. "The history of cybersecurity pt. 2: 1960s". Percepticon. 2023-12-20. Retrieved 2024-10-14.
  5. "The Quick and Dirty History of Cybersecurity". CyberExperts. 2021-12-31. Retrieved 2024-10-14.
  6. Davies, Vikki (2021-10-04). "The history of cybersecurity". Cyber Magazine. Retrieved 2024-10-14.
  7. "The 21st-century evolution of cyber security". ICAEW. Retrieved 2024-10-14.
  8. "Risk Management". Cybersecurity and Infrastructure Security Agency CISA. Retrieved 2024-10-14.
  9. "What is Cyber Risk Management?". IBM. 2023-05-25. Retrieved 2024-10-14.
  10. "defense-in-depth - Glossary". NIST CSRC. Retrieved 2024-10-14.
  11. "What is Incident Response? Definition and Complete Guide". TechTarget. Retrieved 2024-10-14.
  12. EC-Council (2024-03-07). "What is Incident Response | Become a Incident Handler | EC-Council". Cybersecurity Exchange. Retrieved 2024-10-14.
  13. "security architecture - Glossary". CSRC NIST. Retrieved 2024-10-14.
  14. "What Is Security Architecture?". Palo Alto Networks. Retrieved 2024-10-14.
  15. "What is Penetration Testing | Step-By-Step Process & Methods". Imperva. Retrieved 2024-10-14.
  16. EC-Council (2024-02-27). "What Is Penetration Testing or Pentest?| Types, Tools, Steps & Benefits | EC-Council". Cybersecurity Exchange. Retrieved 2024-10-14.
  17. Kosutic, Dejan. "What is ISO 27001? An easy-to-understand explanation" . Retrieved 2024-10-14.
  18. "Understanding the NIST cybersecurity framework". Federal Trade Commission. 2018-10-05. Retrieved 2024-10-14.
  19. "What Is a Firewall?". Cisco. Retrieved 2024-10-14.
  20. "What is IDS and IPS?". Juniper Networks. Retrieved 2024-10-14.
  21. "Difference between Encryption and Cryptography". GeeksforGeeks. 2021-02-05. Retrieved 2024-10-14.
  22. "Principles of encryption". Open Learning. Retrieved 2024-10-14.
  23. "What Is SIEM?". Microsoft. Retrieved 2024-10-14.
  24. "What Is SIEM? Security Information and Event Management Guide - IT Glossary". SolarWinds. Retrieved 2024-10-14.
  25. "What Is Vulnerability Assessment? Benefits, Tools, and Process". HackerOne. Retrieved 2024-10-14.
  26. "What Is Threat Detection and Response (TDR)?". Aqua. Retrieved 2024-10-14.
  27. "What is Network Traffic Analysis (NTA)?". Rapid7. Retrieved 2024-10-14.
  28. "Quality of Service (QoS) - Glossary". CSRC NIST. Retrieved 2024-10-14.
  29. "Health Information Privacy". U.S. Department of Health and Human Services. Retrieved 2024-10-14.
  30. Marron, Jeffrey A (2024-02-14). Implementing the health insurance portability and accountability act (HIPAA) security rule :: a cybersecurity resource guide (PDF) (Report). Gaithersburg, MD: National Institute of Standards and Technology (U.S.). doi:10.6028/nist.sp.800-66r2.
  31. STULTS, Gregg (2004-07-25). "An Overview of Sarbanes-Oxley for the Information Security Professional". SANS Institute.
  32. "Federal Information Security Modernization Act". CISA. Retrieved 2024-10-14.
  33. "General Data Protection Regulation (GDPR) – Legal Text". General Data Protection Regulation (GDPR). Retrieved 2024-10-14.
  34. "Everything You Should Know About Earning A Master's In Cybersecurity". Forbes Advisor. Retrieved 2024-10-14.
  35. "How to Become a Cybersecurity Engineer in 2024?". Simplilearn.com. Retrieved 2024-10-14.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.