Security engineering course

This week sees the start of a course on security engineering that Sam Ainsworth and I are teaching. It’s based on the third edition of my Security Engineering book, and is a first cut at a ‘film of the book’.

Each week we will put two lectures online, and here are the first two. Lecture 1 discusses our adversaries, from nation states through cyber-crooks to personal abuse, and the vulnerability life cycle that underlies the ecosystem of attacks. Lecture 2 abstracts this empirical experience into more formal threat models and security policies.

Although our course is designed for masters students and fourth-year undergrads in Edinburgh, we’re making the lectures available to everyone. I’ll link the rest of the videos in followups here, and eventually on the book’s web page.

9 thoughts on “Security engineering course

  1. Here are the videos for lecture 3 and lecture 4, which cover banking and payment security. Lots of real-world attacks go after the money, so the security engineer needs to understand how payment systems work, and how they get exploited. I cover the mechanisms that underlie ATMs and card payments, online banking, and even the anti-money-laundering system – ending up with the surprising fact that cybercrime patterns have been stable for a decade, despite the move from laptops to phones and from on-premises servers to the cloud. There is one stand-out exception, though: ransomware.

  2. Here are the videos for lecture 5 on security economics and for lecture 6 on security psychology. The last twenty years have seen huge advances in our understanding of both, and the human aspect of security – at both the institutional and personal levels – is vital for understanding many of the things that go wrong in practice. As for Vinícius’ question, we’re not going to turn our online classes into a podcast; those are for Edinburgh students, who have not given consent for their participation to be shared beyond the classroom.

  3. Now here is the guest lecture. This was the final event of the course, and was also an event for the whole security group at Edinburgh. The speaker, Ian Levy, is the CTO at NCSC.

Leave a Reply to Ross Anderson Cancel reply

Your email address will not be published. Required fields are marked *