Topic
Security engineering
About: Security engineering is a research topic. Over the lifetime, 3181 publications have been published within this topic receiving 62177 citations.
Papers published on a yearly basis
1 / 2
Papers
Book•
1 Jan 2001
TL;DR: In almost 600 pages of riveting detail, Ross Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables.
Abstract: Gigantically comprehensive and carefully researched, Security Engineering makes it clear just how difficult it is to protect information systems from corruption, eavesdropping, unauthorized use, and general malice. Better, Ross Anderson offers a lot of thoughts on how information can be made more secure (though probably not absolutely secure, at least not forever) with the help of both technologies and management strategies. His work makes fascinating reading and will no doubt inspire considerable doubt--fear is probably a better choice of words--in anyone with information to gather, protect, or make decisions about. Be aware: This is absolutely not a book solely about computers, with yet another explanation of Alice and Bob and how they exchange public keys in order to exchange messages in secret. Anderson explores, for example, the ingenious ways in which European truck drivers defeat their vehicles' speed-logging equipment. In another section, he shows how the end of the cold war brought on a decline in defenses against radio-frequency monitoring (radio frequencies can be used to determine, at a distance, what's going on in systems--bank teller machines, say), and how similar technology can be used to reverse-engineer the calculations that go on inside smart cards. In almost 600 pages of riveting detail, Anderson warns us not to be seduced by the latest defensive technologies, never to underestimate human ingenuity, and always use common sense in defending valuables. A terrific read for security professionals and general readers alike. --David Wall Topics covered: How some people go about protecting valuable things (particularly, but not exclusively, information) and how other people go about getting it anyway. Mostly, this takes the form of essays (about, for example, how the U.S. Air Force keeps its nukes out of the wrong hands) and stories (one of which tells of an art thief who defeated the latest technology by hiding in a closet). Sections deal with technologies, policies, psychology, and legal matters.
2,124 citations
TL;DR: An extended deterrence theory model is presented that combines work from criminology, social psychology, and information systems and suggests that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention.
Abstract: Intentional insider misuse of information systems resources (i.e., IS misuse) represents a significant threat to organizations. For example, industry statistics suggest that between 50%--75% of security incidents originate from within an organization. Because of the large number of misuse incidents, it has become important to understand how to reduce such behavior. General deterrence theory suggests that certain controls can serve as deterrent mechanisms by increasing the perceived threat of punishment for IS misuse. This paper presents an extended deterrence theory model that combines work from criminology, social psychology, and information systems. The model posits that user awareness of security countermeasures directly influences the perceived certainty and severity of organizational sanctions associated with IS misuse, which leads to reduced IS misuse intention. The model is then tested on 269 computer users from eight different companies. The results suggest that three practices deter IS misuse: user awareness of security policies; security education, training, and awareness (SETA) programs; and computer monitoring. The results also suggest that perceived severity of sanctions is more effective in reducing IS misuse than certainty of sanctions. Further, there is evidence that the impact of sanction perceptions vary based on one's level of morality. Implications for the research and practice of IS security are discussed.
1,279 citations
TL;DR: A survey of the evolution of security studies, focusing on recent developments in the field can be found in this article, which provides a guide to the current research agenda and some practical lessons for managing the field in the years ahead.
Abstract: This article examines the evolution of security studies, focusing on recent developments in the field. It provides a survey of the field, a guide to the current research agenda, and some practical lessons for managing the field in the years ahead. Security studies remains an interdisciplinary enterprise, but its earlier preoccupation with nuclear issues has broadened to include topics such as grand strategy, conventional warfare, and the domestic sources of international conflict, among others. Work in the field is increasingly rigorous and theoretically inclined, which reflects the marriage between security studies and social science and its improved standing within the academic world. Because national security will remain a problem for states and because an independent scholarly community contributes to effective public policy in this area, the renaissance of security studies is an important positive development for the field of international relations.
1,105 citations
TL;DR: This article shows that neutralization theory, a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS security policy violations and offers new insight into how employees rationalize this behavior.
Abstract: Employees' failure to comply with information systems security policies is a major concern for information technology security managers. In efforts to understand this problem, IS security researchers have traditionally viewed violations of IS security policies through the lens of deterrence theory. In this article, we show that neutralization theory, a theory prominent in Criminology but not yet applied in the context of IS, provides a compelling explanation for IS
security policy violations and offers new insight into how employees rationalize this behavior. In doing so, we propose a theoretical model in which the effects of neutralization techniques are tested alongside those of sanctions described by deterrence theory. Our empirical results highlight neutralization as an important factor to take into account with regard to developing and implementing organizational security policies and practices.
980 citations
Book•
22 Sep 2011TL;DR: In this article, the theoretical foundations, practical implementation, challenges and benefits of a groundbreaking new model for secure communication are presented, using a bottom-up approach from the link level all the way to end-to-end architectures.
Abstract: This complete guide to physical-layer security presents the theoretical foundations, practical implementation, challenges and benefits of a groundbreaking new model for secure communication. Using a bottom-up approach from the link level all the way to end-to-end architectures, it provides essential practical tools that enable graduate students, industry professionals and researchers to build more secure systems by exploiting the noise inherent to communications channels. The book begins with a self-contained explanation of the information-theoretic limits of secure communications at the physical layer. It then goes on to develop practical coding schemes, building on the theoretical insights and enabling readers to understand the challenges and opportunities related to the design of physical layer security schemes. Finally, applications to multi-user communications and network coding are also included.
860 citations
Related Topics (5)
Performance Metrics
| Year | Papers |
|---|---|
| 2025 | 2 |
| 2024 | 10 |
| 2023 | 13 |
| 2022 | 32 |
| 2021 | 20 |
| 2020 | 24 |