Print

The Discipline

Software Engineering

Software engineering is defined as "the application of a systematic, disciplined, quantifiable approach to the development, operation, and maintenance of software, and the study of these approaches; that is, the application of engineering to software."
  • The term software engineering first appeared in the 1968 NATO Software Engineering Conference and was meant to provoke thought regarding the current "software crisis" at the time. Since then, it has continued as a profession and field of study dedicated to creating software that is of higher quality, cheaper, more maintainable, and quicker to build
  • Since the field is still relatively young compared to its sister fields of engineering, there is still much work and debate around what software engineering actually is, and if it deserves the title engineering. 
  • Software engineering has grown organically out of the limitations of viewing software as just programming. Software Development or Application Development are terms sometimes preferred by practitioners in the industry who view software engineering as too heavy-handed and constrictive to the malleable process of creating software.

System Engineering

  • Systems engineering is an interdisciplinary field of engineering that focuses on how complex engineering projects should be designed and managed. 
  • Systems engineering deals with work-processes and tools to handle such projects, and it overlaps with both technical and human-centered disciplines such as control engineering and project management.

System Engineering vs. Software Engineering

  • Software engineering is a part of system engineering. System engineering deals with all aspects of computer-based system development.  
  • System engineering is to identify the roles of hardware, software, people, database and other system elements involved with that system which is going to be developed. Software engineering is to tell the practicalities of developing and delivering useful software. 

Security Engineering

  • Security engineering is a specialized field of engineering that deals with the development of detailed engineering plans and designs for security features, controls and systems. Its primary motivation is to support the delivery of engineering solutions that satisfy pre-defined functional and user requirements, but with the added dimension of preventing misuse and malicious behavior. These constraints and restrictions are often asserted as a security policy.
  • Security engineering has existed as an informal field of study for several centuries. For example, the fields of locksmithing and security printing have been around for many years. Due to recent catastrophic events, most notably 9/11, security engineering has quickly become a rapidly growing field.
  • Security engineering involves aspects of social science, psychology, and economics, as well as physics, chemistry, mathematics, architecture and landscaping. In general, it encompasses three sub-fields:
    • Physical security: deter attackers from accessing a facility, resource, or information stored on physical media.
    • Information security: protecting data from unauthorized access, use, disclosure, destruction, modification, or disruption to access.
    • Economics of security: the economic aspects of economics of privacy and computer security.

Information Security

  • Information security means protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction.
  • The terms information security, computer security and information assurance are frequently  used interchangeably. These fields are interrelated often and share the common goals of protecting the confidentiality, integrity and availability of information; however, there are some subtle differences between them. These differences lie primarily in the approach to the subject, the methodologies used, and the areas of concentration. 
    • Information security is concerned with the confidentiality, integrity and availability of data regardless of the form of the data (e.g., electronic, print, or others).
    • Computer security focuses on ensuring the availability and correct operation of a computer system without concern for the information stored or processed by the computer. 
    • Information assurance is the practice of managing risks related to the use, processing, storage, and transmission of information or data and the systems and processes used for those purposes. 
  • Information assurance as a field has grown from the practice of information security which in turn grew out of practices and procedures of computer security.

Software Requirements Engineering 

  • Requirements analysis in systems engineering and software engineering encompasses those tasks that go into determining the needs or conditions to meet for a new or altered product, taking account of the possibly conflicting requirements of the various stakeholders, analyzing, documenting, validating and managing software or system requirements.
  • Requirements engineering is critical to the success of a development project. Requirements must be actionable, measurable, testable, related to identified business needs or opportunities, and defined to a level of detail sufficient for system design. 
  • Requirements can be functional and non-functional.
  • Security requirements engineering deals with the systematic approach to gathering software security requirements.

Application Security vs. Network Security

  • Network security attempts to solve issues with the perimeters, the network ports and traffic, and the data-in-transit, while application security deals with the entire data processing stack including the data-at-rest (data stores), the data-in-process (parameters), and the applications (modules, programs, etc.) themselves.  
  • There are some overlaps as the two need each other to meet enterprise information processing demands and share a common goal of protecting enterprise data.

For further reading: