Fundamentals of security engineering and its activities, with emphasis on model-driven approaches for asset identification, threat and risk assessment, security requirements elicitation, security controls selection, security evaluation, and security assurance for software intensive-systems. Examination of challenges for engineering secure software.