Software engineering is defined as "the application of a systematic,
approach to the development, operation, and maintenance of software,
and the study of these approaches; that is, the application of engineering
- The term software engineering first appeared in the 1968 NATO
Engineering Conference and was meant to provoke thought regarding the
current "software crisis" at the time. Since then, it has continued as
a profession and field of study dedicated to creating software that is
of higher quality, cheaper, more maintainable, and quicker to build.
the field is still relatively young compared to its sister fields of
engineering, there is still much work and debate around what software
engineering actually is, and if it deserves the title
- Software engineering has grown organically out of the
limitations of viewing software as
just programming. Software Development or Application Development are terms sometimes preferred by
practitioners in the industry who view software engineering as too
heavy-handed and constrictive to the malleable process of creating
- Systems engineering is an interdisciplinary field of engineering
that focuses on how complex engineering projects should be designed and
- Systems engineering deals with work-processes and
tools to handle such projects, and it overlaps with both technical and
human-centered disciplines such as control engineering and project
System Engineering vs. Software
- Software engineering is a part of system
engineering deals with all aspects of computer-based system
- System engineering is to identify the roles of hardware,
software, people, database and other system elements involved with that
system which is going to be developed. Software engineering is to tell
the practicalities of developing and delivering useful
- Security engineering is a specialized field of engineering
deals with the development of detailed engineering plans and
for security features, controls and systems. Its primary motivation is
support the delivery of engineering solutions that satisfy pre-defined
functional and user requirements, but with the added dimension of
preventing misuse and malicious behavior. These constraints and
restrictions are often asserted as a security policy.
- Security engineering has existed as an informal field of study
for several centuries. For example, the fields of locksmithing
and security printing have been around for many
years. Due to recent catastrophic events, most notably 9/11, security engineering has quickly become a rapidly growing field.
- Security engineering involves aspects of social
science, psychology, and economics,
as well as physics,
chemistry, mathematics, architecture
and landscaping. In general, it encompasses three
- Physical security: deter
attackers from accessing a facility, resource, or information stored on
- Information security: protecting
data from unauthorized access, use, disclosure, destruction,
modification, or disruption to access.
- Economics of security: the
economic aspects of economics of privacy and computer security.
- Information security means protecting information
and information systems from unauthorized access,
use, disclosure, disruption,
modification or destruction.
- The terms information security, computer
security and information assurance are
frequently used interchangeably. These fields are
interrelated often and share the common goals of protecting the confidentiality,
integrity and availability of
information; however, there are some subtle differences between them.
These differences lie primarily in the approach to the subject, the
methodologies used, and the areas of concentration.
- Information security is concerned with the confidentiality,
integrity and availability of data regardless of the form of
the data (e.g., electronic, print, or others).
- Computer security focuses on ensuring the availability and correct
operation of a computer system without concern for the information
stored or processed by the computer.
- Information assurance is the
practice of managing risks related to the use,
processing, storage, and transmission of information or data and the
systems and processes used for those purposes.
assurance as a field has grown from the practice of information
security which in turn grew out of practices and procedures of computer
Software Requirements Engineering
- Requirements analysis in systems engineering and software
engineering encompasses those tasks that go into determining the needs
or conditions to meet for a new or altered product, taking account of
the possibly conflicting requirements of the various stakeholders,
analyzing, documenting, validating and managing software or system
- Requirements engineering is critical to
the success of a development project. Requirements must be actionable,
measurable, testable, related to identified business needs or
opportunities, and defined to a level of detail sufficient for system
- Requirements can be functional and non-functional.
- Security requirements engineering deals with the systematic
approach to gathering software security requirements.
Application Security vs. Network Security
- Network security attempts to solve issues with the perimeters, the network ports and traffic, and the data-in-transit, while application
security deals with the entire data processing stack including the data-at-rest (data stores), the data-in-process (parameters), and
the applications (modules,
programs, etc.) themselves.
- There are some overlaps as the two
need each other to meet enterprise information processing demands and
share a common goal of protecting enterprise data.
For further reading: