Technology can contribute to undesirable events, or prevention thereof, in many ways. Technology can be a causal factor in floods, weaponized attacks, nuclear incidents, and cybercrime. Dikes, security cameras, nuclear safety systems, and data encryption are technologies aimed at protection against such incidents. The associated events are labeled undesirable because they involve some kind of harm to some (human or non-human) actors or systems.In this context, security is generally understood as different from safety, but there are various interpretations of this distinction. The most common definition appears to be that security is the protection against deliberately caused events (e.g. Burns et al. 1992 ;Piètre-Cambacédès and Chaudet 2009 ). This implies that there are actors (adversaries) that have an interest in causing these events. In the aforementioned examples, this would apply to weaponized attacks and cybercrime, as in both cases harm is caused intentionally. In financial cybercrime, there is monetary benefit for the adversaries associated with the harm caused to others; in weaponized terrorist attacks the benefits to the adversaries are immaterial (although material harm may be caused).Technology and engineering can play at least two different roles in security against such adversarial acts. Firstly, the design and deployment of technologies may have implications for security, in the sense that they may increase (or decrease) the risk of deliberately caused harmful events. Weapons are an obvious example, but also technologies that at first sight seem to benefit society may be used to cause harm. An important example is the impact of computer networks and the Internet ("cyberspace") on new forms of crime and even terrorism ( Koops 2010 ). When security is taken into account in the design of such technologies, engineers may want to think of ways to reduce such undesirable forms of use. Secondly, to prevent security threats such as crime and terrorism, both online and offline, technologies are often designed specifically to mitigate these threats by preventing, detecting, or responding to them. For example, physical fences as well as digital firewalls may be deployed to limit access of adversaries to facilities. Surveillance cameras or Internet monitoring systems may be put in place to detect threats. It may be hard to assess the effectiveness of such technologies against security threats, and they may also have side effects on other values ( Hildebrandt 2013 ), of which privacy is often mentioned, in particular concerning surveillance technologies.In this contribution, we cover the foundational concepts of security risk, and how this materializes (or fails to materialize) in engineering practices. To this end, we draw on literature from philosophy, criminology, and engineering disciplines, with a focus on computer science and cybersecurity.The key philosophical topics that we address are (1) ontologies of security and security risk in relation