When we talk about security science, we’re talking about a field of study that includes rules, axioms, and testable hypotheses related to system security. When it comes to a security domain, security science helps us comprehend the upper bounds of what is feasible by giving factual and qualitative or quantitative descriptions of security characteristics and behaviors. Under security science, we will discuss three major concepts, i.e., the build environment, security management, and security principles, in detail.
Insecurity management, assets include people, buildings, equipment, systems, and information. Then policies and practices for safeguarding such assets are developed, documented, and put into action. A company uses these security management processes to classify information and grade system vulnerabilities and detect risks and categorize assets. The concept covers both internal and external forms of risks. Externally it covers strategies whereby we have customers’ demand and competitors, operations deals with contracts, suppliers, and regulations. In terms of hazards, it encompasses cybercrimes and natural disasters (Smith et al., 2012). As a starting point, think about whether or not it’s possible to prevent criminal opportunities from arising in the first place. When new variables or concerns aren’t taken into account as a consequence of this activity, the risk grows. Taking away all the working capital from a retail store, for example, would make it impossible for thieves to make money and make it impossible for the company to function. As soon as the capacity to do business is compromised by avoiding or removing a criminal opportunity, the risk of loss must be reduced as low as possible without jeopardizing the company’s ability to operate (Herley, 2017 p.100). If risk reduction is used in the scenario mentioned above, the company may only maintain one day’s worth of cash on hand.
Risk spreading applies to assets that are still exposed after reduction and avoidance measures have been taken. This concept uses perimeter lights, barred glass, and entry detection systems to expose the offender to the possibility of discovery and arrest before the crime is completed. The goal is to make it harder for criminals to take assets and get away unnoticed. Ensuring assets or raising prices to compensate for the loss of criminal conduct are the two main risk transfer methods (Forca et al., 2020 p.70). When the first stages are followed correctly, the cost of shifting risks is significantly reduced.
Security managers must appreciate the value of safeguarding the personal information of both employees and customers. Network monitoring and vulnerability management are two techniques used in the continuous process of data security. To find exploitable weaknesses in a security company’s computer network, penetration tests, sometimes called pen tests, are conducted. A pen test’s results are sent to the security manager of a security firm so that fixes and remedies may be created (Klosky et al., 2021 p.23-28). Vulnerabilities in a company’s network enable threats like spyware as well as malware to infiltrate the system. The more apps a business uses, the more openings it provides for security vulnerabilities inside the organization. Security management experts must identify companies’ main threat vectors before they can be handled.
The built environment, or constructed world, is a phrase used in social science to describe the sentient surroundings that serve as the backdrop for human activities, from structures to parks. “The human-made place in where people are living, work, and play on a daily basis” is one definition. Buildings, parks, and transit networks all fall within the definition of the “built environment.” Researchers have recently extended the term “constructed environment” to encompass healthy food availability, community gardening, and mental health as well (Okhareiv et al., 2020 p. 1-5). The more we think about the “built environment experience,” the easier it will be to implement cutting-edge technology that will make our built environments safer and more secure in the years to come.
International Space Stations and China’s Tiangong-2 brief space exploration testbed, whose replacement permanent location station is scheduled for flight in the following years, already have constructed habitats in orbit. Several reusable launch technologies are currently being developed. Recognizing the various responsibilities, the equipment used to build a network includes routers, ports, firewalls, and servers, among others (Dakin et al., 2020). The best way to configure and deploy these devices is to know exactly what function each one will play in securely and efficiently connecting users to applications and services as dictated by their personal and group responsibilities. During the deployment phase, user and endpoint responsibilities may be mapped to compliance tactics, identity and access controls, and security audit criteria.
The ecosystem’s participants are linked via data flows and the destinations to which these flows should be sent inside the network. What is the source of the users? It’s necessary to specify the flow of things. Users and services are included, as are administrative processes between the network infrastructure and devices. As a result of advances in building information modeling (bim and the Internet), the built environment is experiencing a major transformation. The security and privacy implications of implementing new, more wireless technology in today’s world are being put in place (Parkinson et al., 2020 p. 1-17). Generally speaking, security professionals are charged with ensuring the safety of both the facility and the people who work there by patrolling the area, keeping an eye on surveillance equipment, doing building inspections, and watching the access points. Professional security personnel has a duty to the corporate or region they are providing security for, afar just making sure no crimes are done or anyone is injured. These duties vary from bodily security to openness to staying low profile.
The fundamental rules that should be followed while developing a secure system are known as security principles. The proper consideration of security concepts has been essential in the design of a safe system, as shown by past experience. Most vulnerabilities and assaults are the result of a failure to apply a fundamental concept. These principles may be categorized in a number of ways. It is important to note that Saltzer and Schroeder’s classic and foundational study outlines the following principles: fail-safe defaults, psychological acceptability, full mediation, least common mechanism, and open design (Brooks et al., 2012).
The concept of least privilege dictates that a user’s permissions in the system should be limited to just those that are necessary for them to perform their job duties. Programs and services may be configured to have different levels of rights by using the same concept. Giving people access to the resources or services should follow the need-to-know principle (Oorschort et al., 2017 p.102). To implement the concept properly, you’ll need a language for expressive authorization that lets you precisely define the access domains for each user and process.
The concept of separate privileges explains that actions may be better protected if separate parties carry them out. As a result, the mechanism is more resistant to attacks on the confidence placed in the concepts deserving of access. This idea is supported by an AC model that incorporates duty separation restrictions (Herley et al., 2017 p 120). Even if the underlying entry model does not natively support the separation of duties concept, PBM can still enable it.
Since protection must be achieved using a system that is as easy as possible, the economy of technique principle dictates that a complex system must be used. Current information schemes, where assets are usually kept in a coated structure, make it more difficult to adhere to this concept. An application can use a credit card number, which is stored in the database, which is accomplished by such an operating scheme, and that can be implemented in a simulated device working in tandem having a large number of additional procedures; every surface may offer the challenger its very own possibilities to evade this same defense provided by a submission (Riser et al., 2021 p. 23-28). As a result, the level of security relies on how well each layer is implemented.
According to the psychological acceptability concept, a security solution must be easily understood by its users at all stages of development and implementation. By providing a means to comprehend contemporary information systems’ diverse security settings, PBM lends explicit support for this concept throughout the design process. Security Control Libraries are guarded by professional security staff. Secure operations are required for defensive coding to be possible. The security measures safeguarding your digital assets must be consistent and harmonized (Papernot, 2018). It is critical to provide developers direction on the security measures to use. Security measures that should be included in the above-stated training should be provided to developers. Controls should be configured and used in all contexts by developers.
Conclusively, it will be possible to construct theories of security based on formal science ideas and principles if we use concepts and principles from the security science field. It will utilize security theories as part of the evaluation process for asset protection applications by comprehending security processes and results via theories that were implemented and tested.
References
Smith, C., & Brooks, D. J. (2012). Security science: The theory and practice of security. Butterworth-Heinemann.
Klosky, J. L., & Riser, B. (2021). Infrastructure engineering: Appreciating the art and science of our built environment. In Teaching and Learning the West Point Way (pp. 23-28). Routledge.
Dakin, K., Xie, W., Parkinson, S., Khan, S., Monchuk, L., & Pease, K. (2020). Built environment attributes and crime: an automated machine learning approach. Crime Science, 9(1), 1-17.
Forca, B., Sekulović, D., & Vukonjanski, I. (2020). ACTUAL CHALLENGES, RISKS AND SECURITY SAFETY. Security Science Journal, 1(1), 65-84.
Papernot, N. (2018). A marauder’s map of security and privacy in machine learning. arXiv preprint arXiv: 1811.01134.
Herley, C., & Van Oorschot, P. C. (2017, May). Sok: Science, security and the elusive goal of security as a scientific pursuit. In 2017 IEEE symposium on security and privacy (SP) (pp. 99-120). IEEE.
Trofymchuk, O., Okhariev, V., & Trysnyuk, V. (2020, February). Environmental security management of geosystems. In 18th International Conference on Geoinformatics-Theoretical and Applied Aspects (Vol. 2019, No. 1, pp. 1-5). European Association of Geoscientists & Engineers.
