Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6

Video Transcription

00:01
Welcome back to cyber resist. Of course I'm your instructor, Brad Roads.
00:05
Let's talk about the ISS of domains
00:09
so similar to our last lesson. This video is going to cover specifically the Isett domains and so obviously not gonna get too deep, but we're gonna introduce them. So you've got a good idea of what What you're getting yourself into when it comes to visit.
00:23
So there are five disip domains
00:27
and so but they're very focused on the systems engineering aspect. Specifically information systems, security, engineering. So that's what this concentration is focused on. So you'll see that throughout the domains domain one is our foundations. Um, this is where we
00:43
go through and say What is systems engineering? What is an S S C system security engineer?
00:50
How do we do acquisition like by build? And so we're going to go through the things that make the most sense for you to understand out of this particular domain, one of the ones we'll talk about his trusted systems of net systems and networks. If you've not heard of that term before TSN, you'll get that. That is something you will definitely want to know.
01:08
Obviously we talk about processes. Methodologies, Right. But we're gonna do this specifically a lot of detail on the ISI process. So we put all of the domains together into one s. Oh, that's the systems Engineering foundations domain One for easy. For is it
01:23
next we have risk management, I promise you, we do more risk management. Eso um one of our biggest challenges is understanding thes different levels of risk enterprise risk systems, risks and operations risk. And each of these levels is incredibly important. So we started the enterprise,
01:42
and then we have go down next level to the operations risk, and there's gonna be a chart that will help you make this makes sense,
01:49
and then we have systems. Risk species are very keen on on reducing risks. Right? But if you ever hear somebody say that Oh, my gosh, were completely risk free, just walk away because that's not true. You will never get to true risk freedom or zero risk. There's always risk. And that's something that uses help to manage in domain two risk management.
02:09
Next, we have security planning and design. Andi, this is this is an important one. I'm a huge Star Trek fan. I love the new show Star Trek Discovery. Probably the jury's out on that for many people, but that's okay. But,
02:23
uh, in the first season, the captain of the discovery who turned out to be not such a great guy actually had a really good quote. And his quote was, context is for kings
02:30
and what he was trying to drive out there is it is super important to understand contextually or the context of the situation you find yourself in so that you can make the right decisions on what to do to handle that situation in security, planning and design. Context is no different. When you're designing a system,
02:49
you need to understand the environment that it's meant to operate.
02:52
You need to understand the requirements that the stakeholders and we're gonna talk a lot about stakeholders because they're very important. Um, you're gonna need to understand that the requirements of stakeholder step you need to know what security principles that your organization is describing to. If you don't know those, how do you design a system? So that's what we do here on DAT drives us to a solid architecture and design
03:12
in many
03:13
cases. Uh, systems. Engineering is all about building the scaffolding, which other modules can plug into. And you're going to see that? That's what we're gonna talk about. Ah, lot in this particular domain domain. Three for s. A
03:25
domain for recip is system implementation, verification and validation. That's V envy. And this is a throw back to what we used to call the V model in systems engineering developed by the U. S. Military in the 1990 in the 19 eighties.
03:44
Right? Thio sort of frame. Ah, way to understand how complex systems could be
03:49
assessed,
03:50
um, and so verify and validate or the two key words here when we verify something, Did we meet the requirements that we actually build it to spec? That's what we're talking about
04:00
Validation. Um, is did we do a good job,
04:03
right? And so it is very possible to and you're gonna hear me say this like, three or four times because it's super important. It's very possible that you could verify a system and never validated if it doesn't meet
04:14
theon oration. All needs the well enough or good enough.
04:18
And that is domain four
04:20
domain five is secure operations change management and disposal. Obviously, we talked about the security operations
04:30
domain in CSP, so this is akin to that. But this is different.
04:33
This is not just monitoring the technical side. This is monitoring everything from security controls on the technical, the technical side of things to the non technical side of things like processes all of those things. Right? So we're talking about all of security controls, the
04:51
the management, the technical, the process, all of those things. That's what we're talking about. We're not looking at just,
04:57
um I getting information or alerts in my sim we're talking about. We're talking about everything related to controlling and managing a system which is a little different than what we talked about previously in ce SSP on. Then, of course, we talked about Beacom and disposal. So Decommissioning and disposal Dumpster diving is a thing, folks, eso if we don't properly get rid of the data on these
05:16
complex systems that we have and we just chuck them out in the dumpster, I guarantee you, if somebody's gonna dig him up
05:20
and they're going to use them to ill effect, So that's what is found in domain five.
05:30
So what do we cover in this video we flew through and look briefly at Theis. It domains to get you a feel for where this course is going and what we're going to cover related to those areas. We'll see you next time.

Up Next

Information Systems Security Engineering Professional (ISSEP)

This ISSEP course provides students with the foundational knowledge of the concentration area of the CISSP certification that includes a focus on the processes used to develop secure systems. Students will learn key concepts and skills of the five ISSEP domains.

Instructed By

Instructor Profile Image
Brad Rhodes
Head of Cybersecurity, zvelo & Lieutenant Colonel, Cyber Warfare
Instructor