5 hours 58 minutes
Welcome back to CyberRays. Yes, of course. I'm your instructor, Brad Roads. Well, we have made it to the end of module four, which is domain three of ESOP. And this is our planning and design section.
So let's get started.
pretty straightforward. Our video objectives or less and objectives here is to review
So we covered a lot in this module. Um, we talked about stakeholders, and what I want you to remember here is that almost anybody could be a stakeholder fact. Really, Anyone could be a stakeholder. Remember that
We talked about threats and resilience. And what I want you to remember as an ISI is that you need toe be aware of and understand. Where do you find information on vulnerabilities? The envy D. The National Vulnerability database is a great place to start
next. We talked about system security principles. It should not surprise anyone that we talked about confidentiality, integrity and availability. When it comes to those basic principles, we do those Aesop's disease on, we do, um, a CSS ps and many other fields subscribes to those basic principles.
We talked about the context, con ups and requirements document that s he needs to know. And we really highlighted there that an environment that you operate in can drive requirements. For example, if you're operating in space, your requirements are probably different than your your operating say, some sort of
flying craft in the air. So
got to be keep those things in mind as you're defining your requirements.
Next, we talked about a functional analysis and that functional analysis takes all of those requirements and bends them appropriately. And Onley ultimately gets us to the work breakdown structure which pretty much frames out the type of work that needs to be done down at the product level. You need to remember that for the S of content
and requirements traceability, we talked about verification and validation again. We've talked about this several times. It's probably important to remember, remember. And when you verify something, you are determining whether you met the requirements as specified. When you're validating something, you're determining whether it meets the mission. Need you can. As you said many times,
you can verify and still not validate and have wasted a lot of money.
And finally we highlighted and talked about trade off studies, which is something is used to a quite a lot of and really, they're focused on cost, schedule on scope. So that triangle of things and then additionally, the risks at those organizational levels that we've talked about previously. The organization, the mission or business function area
and then the system owner or system level.
And that's what we covered here in module for.
So we cover in this video we reviewed Module four.
I'm excited to keep going with you and jump into Module five. Next, where we're going to talk about implementation.
We'll see you next time.
Certified Information Systems Security Professional (CISSP) 2021
CISSP is the basis of advanced information assurance knowledge for information security professionals. Often referred ...
16 CEU/CPE Hours Available
Certificate of Completion Offered
ISC2 CISSP Practice Test: Certified Information Systems Security Professional
There is a growing need for information security leaders who possess the depth of expertise ...