Implementation and Assessment

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary easy course.
00:00
I'm your instructor, Brad Rhodes.
00:00
Let's jump into the third phase
00:00
of the system development life cycle,
00:00
that's implementation and assessment.
00:00
Here's our objectives. We're going to look at
00:00
security activities just like we've done in the past.
00:00
We're going to talk about
00:00
linkages and then we're going to
00:00
define what implementation and assessment really is.
00:00
Security activities here,
00:00
we're going to start from the bottom.
00:00
You've got to complete all of
00:00
the accreditation activities,
00:00
so that's the documentation that gets us
00:00
from we're building a new system
00:00
to interim authority to operate,
00:00
to hopefully eventually authority to operate and go
00:00
into the operation and maintenance phase which is next.
00:00
The next thing we have to do is
00:00
we just synchronize the testing.
00:00
That's important here.
00:00
This is where we test a lot of
00:00
our security controls as an ECM.
00:00
One of the things you get to do is lots of
00:00
documentation as an SE and so you're going to
00:00
actually write up and provide the evidence
00:00
as to whether these security
00:00
controls meet the mail or not.
00:00
Then of course, it's the integration.
00:00
We have to put the system or the controls
00:00
or the capability or the elements or whatever it is,
00:00
as we're trying to get to that system of interests,
00:00
you got to put them into their operating environment
00:00
and see if it actually works.
00:00
It doesn't make any sense to try to launch
00:00
a space rated component on
00:00
a satellite if you've never actually tested it
00:00
in a vacuum environment [LAUGHTER] before.
00:00
That's why we do that in this integration piece.
00:00
Here are the linkages. We've made
00:00
the decision to go into our implementation of assessment.
00:00
We do a lot of detailed planning
00:00
to gather the information to
00:00
authorize the information system
00:00
to actually function or work.
00:00
One of the things you see a lot in this phase is poems,
00:00
have had personal experience working with
00:00
a custom-built system that the US government use.
00:00
Great system, did a great work, but here's some things.
00:00
We were using some older technologies
00:00
because that's what worked.
00:00
It wasn't that we wanted
00:00
to use those technologies specifically.
00:00
It's just that's what we had.
00:00
That's what the remember
00:00
the cost schedule scope, well guess what?
00:00
We had some cost issues,
00:00
so we had to reuse and a bunch of things that we had to
00:00
do but because of using older technology,
00:00
we had a bunch of poems and
00:00
those poems were things that we had to
00:00
show how the we mitigated
00:00
before we got an interim authority to operate.
00:00
Well, guess what? Sometimes you create
00:00
a poem and you do nothing with it.
00:00
Why? Because there is no mitigation that's
00:00
going to help it and the person that's
00:00
going to authorize the system that
00:00
authorizing authority they're going to
00:00
decide whether they're going to accept that poem,
00:00
that risk or not.
00:00
Again, when we talked about documentation on
00:00
the previous slide in
00:00
Phase 3 where we do this implementation/assessment,
00:00
we do a lot of documentation as ESCs.
00:00
What is implementation and assessment?
00:00
Is the deployment of integration of our system.
00:00
I like the parachute analogy or you jump out of a plane,
00:00
you're hurdling towards the earth
00:00
and you deploy the parachute. Well, guess what?
00:00
You imagine that,
00:00
that parachute is your security system
00:00
and you're going to deploy it into the environment.
00:00
Well, it comes open and there it is. It's right there.
00:00
Hopefully, you're rigor packed
00:00
it correctly and you don't go crashing down.
00:00
Implications there. Then the second piece is integration.
00:00
Obviously when we talk about
00:00
individual security controls that
00:00
are being applied to say,
00:00
a larger system in the systems engineering construct,
00:00
that integration piece is very important.
00:00
We're going to talk specifically about
00:00
assessment in detail in a minute.
00:00
What I want you to remember that when we talk about
00:00
implementation assessment is deploying
00:00
a system and then in many cases,
00:00
integrating that system to see
00:00
whether it works in the environment or not.
00:00
In this video, we talked about
00:00
security activities
00:00
in the implementation and assessment phase.
00:00
We talked about those linkages.
00:00
You got to know those linkages for the use of content.
00:00
I'm telling you it's important to know those charts.
00:00
Then of course you have implementation assessment
00:00
is really that deployment and
00:00
integration of capabilities from
00:00
a security perspective. We'll see you next time.
Up Next