This 2-day course provides an overview of system security engineering. The course provides an understanding of the principles, concepts and activities needed for the design, implementation, operation and maintenance of a more secure system. It provides the student an awareness of the difficult challenge of securing our complex systems and architectures against a determined adversary.
Real world examples are provided to help understand the impact of failures of system design and implementation.The course is valuable to engineers and computer scientists who are entering the field or as a review for employees who want a comprehensive overview. A complete set of notes and references will be provided to all attendees.
What you will learn:
- How to build and maintain a more secure system
- How to develop cybersecurity requirements for a system
- How to decompose a system from a cybersecurity perspective
- How to manage the security of the system through its lifecycle
- How to perform a security risk assessment
- The difference between cyber security and cyber resilience
- Cyber and Systems Engineering. System Engineering principles and their application to cybersecurity. Cybersecurity objectives, concepts and terminology. NIST Cybersecurity Framework. Chararacteristics and activities of threat actors. NSA/CSS Technical Cyber Threat Framework.
- Cybersecurity Design Principles. Foundational design principles for building a secure system. Software security design principles.
- Cybersecurity Requirements. Development of system cybersecurity requirements. Flow down of high level requirements from regulations and policy. DoD Cybersecurity policy.
- Cybersecurity Decomposition. Identification of system security functions, components, and domains. Identification of information flows needed between those domains.
- Architectures for Security. Defense in depth, Segmentation and Isolation, Multi-level security, Trust and Trustworthy computing.
- Security Management and Risk Assessment. Security management process including risk assessment. NIST Risk Management Framework and its application to DoD and National Security Systems.
- Incident Response and Recovery. Incident reseponse plan and procedures. Incident analysis and reporting. Categorizing incidents. Planning and building for recovery.
- Assurance, Analysis, Test & Evaluation. Analysis, test and evaluation to determine level of confidence in correctness of design, implementation and operations. Software assurance techniques including static analysis, dynamic analysis and formal methods. DoD Cybersecurity Test & Evaluation processes and procedures.
- Cyber Resilience. Goals, objectives and techniques to enable systems to withstand and operate through a cyber attack. Design principles for cyber resiliency.
If this course is not on the current schedule of open enrollment courses and you are interested in attending this or another course as an open enrollment, please contact us at (410)956-8805 or firstname.lastname@example.org. Please indicate the course name, number of students who wish to participate. and a preferred time frame. ATI typically schedules open enrollment courses with a 3-5 month lead time. For on-site pricing, you can use the request an on-site quote form, call us at (410)956-8805, or email us at email@example.com.
Julie Tarr has over 30 years of experience developing, analyzing, testing, and deploying cybersecurity solutions for government computing environments. Ms. Tarr’s experience includes cryptographic systems, cross domain solutions, intrusion detection, security protocols, cyber deception, and security architectures. Ms. Tarr is currently the Program Manager for Cyber Defensive Systems at the Johns Hopkins University Applied Physics Lab. Before joining JHU/APL, she was the head of the Network Security Section of the Center for High Assurance Computing Systems at the Naval Research Lab. Ms. Tarr teaches cybersecurity at the graduate level for the JHU Whiting School of Engineering.