A collection of references and working content.

Systems Engineering References

• MBSE Primer [2nd edition] – A good introduction to what Model Based Systems Engineering. This PDF is freely available at ViTech in exchange for your email. You should visit them.
• Embedded System Development with SysML – A tutorial
• MIL-HDBK-198B – The DoD bible on the use and selection of capacitors.
• MIL-HDBK-199C – The DoD bible on the use and selection of resistors.

IT Systems Security References

One of the most comprehensive and approachable resources for modern IT systems security is NIST CRSC Special Publications. The FIPS standards are also very good, but less educational in nature. The special publications listed below are some of my favorites.

• SP800-171 Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations – There are two reasons I consider this critical. The first is that it provides a mapping from the security domain of Federal Systems to non-Federal systems, allowing the NIST guidance to become more pervasive outside the federal context. The second is that I was part of the team that developed this guidance in 2012.
• SP800-164 (draft) DRAFT Guidelines on Hardware-Rooted Security in Mobile Devices – I believe this will be critical since hardware rooted security will likely be key to a secure IoT infrastructure, and guidance from NIST carries sufficient credibility that it will drive interoperability.
• SP800-163 Vetting the Security of Mobile Applications – Mobile and IoT are the growth area (the periphery) of the Internet. Integrity of the apps on the edge is critical to system security.
• SP800-160 DRAFT Systems Security Engineering: An Integrated Approach to Building Trustworthy Resilient Systems – System security needs an integrated approach, and anything that teaches that is goodness.
• SP800-153 Guidelines for Securing Wireless Local Area Networks (WLANs) – Securing the edges of the network
• SP800-146 Cloud Computing Synopsis and Recommendations – Another Internet growth area despite the great risk to security and privacy.
• SP800-115 Technical Guide to Information Security Testing and Assessment – Every system needs validation
• SP800-100 Information Security Handbook: A Guide for Managers – A good introduction to IT system security for the non security engineer. It is very readable and approachable, as security guides go.
• SP800-53 Security and Privacy Controls for Federal Information Systems and Organizations – The authoritative list of security controls for all federal systems. Updated very regularly.
• SP800-39 Managing Information Security Risk: Organization, Mission, and Information System View – The one thing I wish NIST would do with this is update it and generalize it into a Guide on Managing System Security Risk. Lacking that, there are some good lessons in this document.