ISSE and SLDC Linkages

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary, ISSE,
00:00
of course, I'm your instructor, Brad Rhodes.
00:00
Let's look at ISSE and SDLC linkages.
00:00
In this lesson, we're going to look at the ISSE process,
00:00
we're going to look at the SDLC process,
00:00
and then we're going to map them together.
00:00
This mapping is very important to
00:00
you when you're studying for the ISSE exam
00:00
because these are linkages that are very
00:00
useful when you're thinking
00:00
about the questions you may be asked.
00:00
Remember, the ISSE process is structured in six sections.
00:00
You have needs, requirements,
00:00
architecture, design, and implementation.
00:00
Then if you were to draw a circle
00:00
around this, you would have assess.
00:00
But I put assess here at
00:00
the end to show that typically we are
00:00
doing a large part of our assessment here
00:00
at the end of implementation.
00:00
But the long story short here is you need
00:00
to remember this diagram.
00:00
This is a good diagram to remember
00:00
as you go into the exam.
00:00
The SDLC process is
00:00
our cyclical process that we've talked about before,
00:00
and this is where we initiate would
00:00
determine what our needs and requirements are.
00:00
We get here to the buy bill decision,
00:00
are we going to develop or acquire?
00:00
We're going to get to implementation where we actually do
00:00
that small scale roll
00:00
out and begin to utilize the system.
00:00
Then we get into full-scale production
00:00
or operation and maintenance,
00:00
and we're actually making sure that we
00:00
are doing continuous monitoring and patching our systems.
00:00
Then of course, the last phase of
00:00
the SDLC is the disposal process
00:00
and that's where we decide if
00:00
we're going to dispose the commission
00:00
and then hopefully we've
00:00
already initiated the replacement system
00:00
for the system we're looking at here.
00:00
I've done some mapping here that's very important.
00:00
You can see three columns in this chart.
00:00
You've got the ISSE phases,
00:00
you have the SDLC phases,
00:00
and then you have the new construct from
00:00
NIST special property 800-160.
00:00
It's very important to walk
00:00
across these different phases and
00:00
understand what they mean when we're
00:00
doing a NIST in the ISSE process,
00:00
that's initiation and concept collectively there.
00:00
In requirements. It's still
00:00
initiation and contract between
00:00
SDLC and NIST 800-160.
00:00
Now we get to architecture and design.
00:00
That's where we double up and we
00:00
have Devin acquisition and
00:00
development for the two, the same thing with design.
00:00
Development/acquisition and development are what we see,
00:00
they're tied to design the ISSE phase.
00:00
In implementation, we have
00:00
an implementation phase in SDLC that's convenient.
00:00
In the NIST 800-160,
00:00
we have a production phase
00:00
and then we get to assess and assess is typically
00:00
done cyclically and collectively in the ISSE phases,
00:00
after each phase actually,
00:00
but we put it at the end here
00:00
because we do assessments and
00:00
operation and maintenance and utilizing
00:00
these support in 800-160.
00:00
Then of course, there isn't truly in
00:00
the ISSE phases a disposal or retirement process,
00:00
and so we don't have anything there.
00:00
You could see that and tie that to implementation,
00:00
I suppose, but it just doesn't make any sense.
00:00
So I've mapped this chart here for you specifically,
00:00
so as you study for the ISSE exam and
00:00
you prepare things like brain dumps
00:00
and stuff like that, if you're going to sit there,
00:00
write down a bunch of stuff that you remember from
00:00
the standpoint of your study processes
00:00
before you actually start answering questions,
00:00
this is a good mapping to remember,
00:00
definitely want to understand
00:00
how the ISSE phases are linked to
00:00
the system development life cycle and then
00:00
the new construct in NIST 800-160.
00:00
In this module, we looked
00:00
again and looked back at the ISSE process.
00:00
We look back at the SDLC process and then
00:00
we map all of those together so
00:00
that you have a good study point for
00:00
the ISSE exam. Will see you next time.
Up Next