Security and resilience

These videos support the material in Chapters 13 and 14 in the 10th edition of Software Engineering. Videos marked with (*) have been specially made by the author to support the book. Others have been vetted as relevant to the book and of reasonable quality. Slides to accompany specially made videos can be downloaded from slideshare.

System security

System security (*)

This video explains what system security is and its relationship with other dependability attributes. 

Security is a sociotechnical issue (*)

This video explains why technical approaches are not enough to deal with the problems of cybersecurity and why it is essential to view cybersecurity as a sociotechnical issue.

What Every Engineer Needs to Know About Security and Where to Learn It

A Google video that discusses important software security knowledge. Made in 2007, the principles are still relevant but the 2nd part of the video that discusses where to learn about security is a bit out of date. Best to stop watching around 22 minutes.

Security Testing Fundamentals

A good introduction to software security testing. Quite long.

Resilience engineering

An introduction to cybersecurity (*)

This video explains what is meant by ‘cybersecurity’ and discusses why this has become a serious problem for society.

Cybersecurity costs and causes (*)

This video discusses the difficulties of estimating the costs of breaches of cybersecurity and explains why cybersecurity has become such a major problem .

Improving cybersecurity (*)

This video discusses some of the steps that individuals and organisations should take to improve their cybersecurity and illustrates how to construct relatively secure passwords.

Cyber attacks (*)

This video describes 5 different types of cyber attacks that can occur. Part of the series of videos on cybersecurity.

Dekker – Resilience

A good talk that introduces the idea of resilience from a safety rather than a security perspective. But everything he says about maintaining safety is equally valid for system security.

Abe Gong: Building for Resilience

A really nice short introduction to what hardware/software resilience means.

Cyber-resilience – The New Normal

A webinar aimed at management that discusses some of the problems of cybersecurity and which gives a high level view of cyber-resilience issues.

AERO 2104: Aviation Safety – Swiss Cheese, Anyone?

Reason’s Swiss Cheese Model of Accidents illustrated with real slices of Swiss Cheese.

Case studies

Maroochy water breach (*)

This video describes a cyber attack on a critical infrastructure (sewage system) in Australia. 

Stuxnet worm case study (*)

This video discusses a cyberwarfare case study – the Stuxnet worm which was used to attack Iran’s uranium processing facilities.

Critical national infrastructure

The following videos are not directly related to material in the book but provide background on critical national infrastructure and a technology that is widely used in industrial control systems. Both the Maroochy water breach and the Stuxnet worm cyberattacks made use of vulnerabilities in this technology.

The videos on critical national infrastructure explains why this means, why it is important and why infrastructure dependability and resilience is essential to maintain the services that our societies require. I introduce SCADA technology – Supervisory Control and Data Acquisition – which is the basic control technology used in a wide range of industrial control systems.

Critical national infrastructure (*)

Infrastructure control (*)

Infrastructure dependability (*)

Infrastructure resilience (*)

Introducing Scada (*)

SCADA security (*)