ITM 820 Chapter Notes - Chapter 1: Endangerment, Keychain, Business Process

System failures can endanger human life, environment and damage to economic infrastructure, endanger personal privacy, viability of the business sector and facilitate crime. Security is about ensuring that they don"t, while software engineering is about ensuring certain things happen: systems usually need some combination of user authentication, transaction integrity and accountability, fault-tolerance, message secrecy, and covertness. Many systems fails because designers protect the wrong things, or protect the right things but in the wrong way. Phishing is a fascinating security engineering problem mixing elements from authentication, usability, psychology, operations and economics: there are high-value messaging systems which are used to move large sums of money. A attack on such a system is a dream of the sophisticated white collar criminal. In order to defend this system you need to use bookkeeping procedures, access controls and cryptography: cryptography and alarm systems are used to prevent a robber or burglar.