This Paper is Submitted to Fulfill The English 2 Task Study Program Software Engineering 4th Semester Buddhi Dharma University. Tangerang. Lecturer: Dra. Harisa Mardiana, M.Pd.
8th International Conference on Soft Computing, Mathematics and Control (SMC ...
WHAT IS SOFTWARE ENGINEERING (CYBERSECURITY)
1. SOFTWARE ENGINEERING (CYBERSECURITY)
By :
CHRISTOPHER ANTONIUS
20181100007
STUDY PROGRAM SOFTWARE ENGINEERING
FACULTY OF SCIENCE AND TECHNOLOGY
UNIVERSITAS BUDDHI DHARMA
2. SOFTWARE ENGINEERING (CYBERSECURITY)
Software engineering is the study of and practice of engineering to build, design,
develop, maintain, and retire software. There are different areas of software engineering
and it serves many functions throughout the application lifecycle. Effective software
engineering requires software engineers to be educated about good software engineering
best practices, disciplined and cognizant of how your company develops software, the
operation it will fulfill, and how it will be maintained. According to StackOverflow
Survey 2018, software engineers are lifelong learners; almost 90% of all developers say
they have taught themselves a new language, framework, or tool outside of their formal
education.
Businesses are increasingly shifting their operations toward automation. This
means that machines and computer software will handle more types of repetitive tasks,
freeing up people to leverage their creativity. Most companies and organizations rely on
websites, apps, or computer-based software to keep their businesses running and
successful. Responding to constant competition and advancements, software engineers
build programs, make improvements, and adjust code to maintain agility and usefulness.
Software engineering is important because specific software is needed in almost
every industry, in every business, and for every function. It becomes more important as
3. time goes on – if something breaks within your application portfolio, a quick, efficient,
and effective fix needs to happen as soon as possible.
Software engineering is an engineering discipline that is concerned with all
aspects of software production from the early stages of system specification through to
maintaining the system after it has gone into use (Ian Sommerville, 2016). Software
engineering is essential for the functioning of government, society, and national and
international businesses and institutions. We can’t run the modern world without
software.
National infrastructures and utilities are controlled by computer-based systems,
and most electrical products include a computer and controlling software. Industrial
manufacturing and distribution is completely computerized, as is the financial system.
Entertainment, including the music industry, computer games, and film and television,
is software-intensive. Many people think that software is simply another word for
computer programs.
However, when we are talking about software engineering, software is not just
the programs themselves but also all associated documentation, libraries, support
websites, and configuration data that are needed to make these programs useful. A
professionally developed software system is often more than a single program. A
system may consist of several separate programs and configuration files that are used to
set up these programs. It may include system documentation, which describes the
4. structure of the system, user documentation, which explains how to use the system, and
websites for users to download recent product information.
Maintaining the security of our networked infrastructure and government,
business, and personal computer systems is one of the most significant problems facing
our society. The ubiquity of the Internet and our dependence on computer systems have
created new criminal opportunities for theft and social disruption. It is very difficult to
measure the losses due to cybercrime. However, in 2013, it was estimated that losses to
the global economy due to cybercrime were between $100 billion and $500 billion
(InfoSecurity 2013).
Cybersecurity is concerned with all of an organization’s IT assets from networks
through to application systems. The vast majority of these assets are externally
procured, and companies do not understand their detailed operation. Systems such as
web browsers are large and complex programs, and inevitably they contain bugs that
can be a source of vulnerability.
The different systems in an organization are related to each other in many
different ways. They may be stored on the same disk, share data, rely on common
operating systems components, and so on. The organizational “system of systems” is
incredibly complex. It is impossible to ensure that it is free of security vulnerabilities.
Consequently, you should generally assume that your systems are vulnerable to
cyberattack and that, at some stage, a cyberattack is likely to occur.
5. A successful cyberattack can have very serious financial consequences for
businesses, so it is essential that attacks are contained and losses minimized. Effective
resilience engineering at the organizational and systems levels can repel attacks and
bring systems back into operation quickly and so limit the losses incurred.
These are not independent threat classes. An attacker may compromise the
integrity of a user’s system by introducing malware, such as a botnet component. This
may then be invoked remotely as part of a distributed denial-of-service attack on
another system. Other types of malware may be used to capture personal details and so
allow confidential assets to be accessed.
To counter these threats, organizations should put controls in place that make it
difficult for attackers to access or damage assets. It is also important to raise awareness
of cybersecurity issues so that people know why these controls are important and so are
less likely to reveal information to an attacker. Examples of controls that may be used
are authentication, where users of a system have to show that they are authorized to
access the system. The familiar login/password approach to authentication is a
universally used but rather weak control.
However, to deal with problems, a user or system operator may have to take the
initiative and take actions that are normally carried out by someone with a higher level
of privilege. For example, the system manager of a medical system may not normally be
allowed to change the access rights of medical staff to records. For security reasons,
6. access permissions have to be formally authorized, and two people need to be involved
in making the change. This reduces the chances of system managers colluding with
attackers and allowing access to confidential medical information. Now, imagine that
the system manager notices that a logged-in user is accessing a large number of records
outside of normal working hours. The manager suspects that an account has been
compromised and that the user accessing the records is not actually the authorized user.
To limit the damage, the user’s access rights should be removed and a check then made
with the authorized user to see if the accesses were actually illegal.
However, the security procedures limiting the rights of system managers to
change users’ permissions make this impossible. Therefore, the audit trail of emergency
actions can be used to check that a system manager’s actions were justified. Of course,
there is scope for misuse here, and the existence of an emergency mode is itself a
potential vulnerability. Therefore, organizations have to trade off possible losses against
the benefits of adding more features to a system to support resilience.
7. REFERENCES
Aiello, B., and L. Sachs. 2011. Configuration Management Best Practices. Boston: Addison-
Wesley.
Bamford, R., and W. J. Deibler. 2003. “ISO 9001:2000 for Software and Systems Providers: An
Engineering Approach.” Boca Raton, FL: CRC Press.
Loeliger, J., and M. McCullough. 2012. Version Control with Git: Powerful Tools and
Techniques for Collaborative Software Development. Sebastopol, CA: O’Reilly and Associates.
https://sites.google.com/a/pvlearners.net/futuremirzasmail/part-two
https://online.maryville.edu/blog/future-software-engineering/
https://insights.stackoverflow.com/survey/2018/
https://dinus.ac.id/repository/docs/ajar/Sommerville-Software-Engineering-10ed.pdf