Engineering is a detailed form of research, and the skills required to conduct an in depth security analysis are similar to those of an investigator. More often than not, the security problem at this stage is still unclear. The purpose of this critical stage is to research and define the problems by precisely specifying the security requirements that exist and turning them into useful information to be applied in the design and development step. In order to determine the "exact nature" of the specific security needs, a multidimensional engineering assessment approach is used; this assessment will make use of all the established investigative research techniques such as surveys, evaluation, analysis, and design planning.

The security program design step is the "blueprint" which guides the creation of all aspects of the security program, training requirements and implementation strategies. The design includes the security objectives, test specifications, product/material specification, educational strategy and reevaluation processes of the over all approach.