Applied Systems Engineering for Security Engineers

  • Overview
  • Course Content
  • Requirements & Materials
Overview

Applied Systems Engineering for Security Engineers

Course Description

This course provides system security engineers the principles of applied systems engineering with a focus on requirements derivation and documentation. You’ll learn the basics of the systems engineering approach and its relationship to security engineering as applied to weapons and weapons systems. The course will focus on the derivation of requirements from the list of security controls documented in NIST SP 800-53 and the translation of those requirements to Platform IT (PIT) systems. Individual and group exercises will reinforce the academics presented in the lectures, moving from basic requirements gathering and documentation to the Risk Management Framework (RMF) specific requirements supporting weapons and weapons system engineering projects.

Course Content

OVERVIEW – IT TO PLATFORM IT

  • Background
  • PIT review/introduction
  • Similarities and differences IT/PIT
  • Requirements translation

SYSTEMS ENGINEERING CONCEPTS

  • Systems and systems lifecycles
  • Interaction with IA and engineering
  • Needs and requirements
  • Requirements derivation from standards and policy
  • Model based systems engineering

REQUIREMENTS WRITING

  • Derivation process – reading, researching, and listening
  • Standard language
  • Organization
  • Testability
  • Terms and structure (words, voice, positive and negative, symbols, vagueness)
  • Good and bad examples

RMF REVIEW

  • Categorization
  • Security controls (PIT context)
  • Authorization

CYBER TRAINING TECHNOLOGIES AND CYBER RISK ANALYTICS RELEVANCE

  • Cyber table top input to requirements
  • Cyber risk assessment input to requirements

APPLICATION OF RMF TO PIT SYSTEMS (CATEGORIZATION AND CONTROLS)

  • Categorization – Working with the System Owner (SO) and Authorizing Official (AO)
  • Selection of controls
  • Using overlays if available
  • Controls translation to suit PIT systems
  • Examples

APPLICATION OF RMF TO PIT SYSTEMS (CCIS AND REQUIREMENTS DERIVATION)

  • Connection to Control Correlation Identifiers (CCIs)
  • CCI Translation to Suit PIT Systems
  • Requirements Derivation from CCIs
  • Examples

INDIVIDUAL EXERCISES

  • Requirements derivation
  • System categorization and controls section

IDENTIFYING CCIS

INTRODUCTION OF GROUP PROJECT

  • Describe project requirements, materials, phases, and expected outcomes
  • Break into groups and assign problem scenarios
  • Identify and completely document requirements and derive additional (project specific) requirements
  • Group out briefs and critique
Requirements & Materials
Materials

Provided

  • Notebooks

Session Details

  • Special Discounts: Georgia Tech Research Institute (GTRI) employees are eligible to receive a discount.  If you are a GTRI employee, please go to the Organizational Development website and look for the coupon code under GT Professional Development. Review coupon instructions for more information.

Who Should Attend

This course is designed for managers and security engineers supporting systems and traditional engineering teams charged with the design and development of secure systems that are subject to the RMF processes.

What You Will Learn

  • An understanding of how IT requirements differ from PIT requirements under the RMF
  • How to translate NIST SP 800-53 requirements from their IT-centric nature to requirements that address PIT system needs
  • How to derive requirements from conversation and documentation
  • How to document using standard language and structure
  • A review of the RMF with a focus on the categorization of a system and the selection of security controls for systems
  • How to categorize a system and select security controls for PIT systems
  • How to select Control Correlation Identifiers (CCIs) appropriate for the system and process for deriving logical, implementation independent engineering requirements from them
  • How to work as part of a group
  • How to apply the techniques and approaches discussed in the course to solve a realistic security systems engineering problem as it relates to your job supporting systems and traditional engineering teams

How You Will Benefit

  • Understand how PIT systems differ from traditional IT systems.
  • Learn the basics of applied systems engineering.
  • Grasp how to derive and document engineering-relevant requirements.
  • Master how to translate NIST SP 800-53 controls to PIT system applicability.
  • Become familiar with writing good requirements using standard, clear, and appropriate language.
  • Become familiar with the application of RMF to PIT systems from a systems engineering perspective.
  • Taught by Experts in the Field icon
    Taught by Experts in the Field
  • Grow Your Professional Network icon
    Grow Your Professional Network

The course schedule was well-structured with a mix of lectures, class discussions, and hands-on exercises led by knowledgeable and engaging instructors.

- Abe Kani
President

TRAIN AT YOUR LOCATION

We enable employers to provide specialized, on-location training on their own timetables. Our world-renowned experts can create unique content that meets your employees' specific needs. We also have the ability to deliver courses via web conferencing or on-demand online videos. For 15 or more students, it is more cost-effective for us to come to you.

  • Save Money
  • Flexible Schedule
  • Group Training
  • Customize Content
  • On-Site Training
  • Earn a Certificate
Learn More

Want to learn more about this course?