ISSEP Domains
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary.
00:00
Yes of course, I'm your instructor, Brad Rhodes.
00:00
Let's talk about the ISSEP domains.
00:00
Similar to our last lesson,
00:00
this video is going to cover
00:00
specifically the ISSEP domains.
00:00
We're obviously not going to get too deep,
00:00
but we're going to introduce them
00:00
so you've got a good idea of
00:00
what you're getting yourself into when it comes to ISSEP.
00:00
There are five ISSEP domains,
00:00
but they're very focused on
00:00
the systems engineering aspects,
00:00
specifically information system security engineering.
00:00
That's what this concentration is
00:00
focused on so you'll see that throughout the domains.
00:00
Domain 1 is our foundations.
00:00
This is where we go through and say,
00:00
what is systems engineering?
00:00
What is an SSE, system security engineer?
00:00
How do we do acquisition like by built?
00:00
We're going to go through the things that make
00:00
the most sense for you to understand
00:00
out of this particular domain.
00:00
One of the ones we'll talk about is
00:00
Trusted Systems and Networks,
00:00
if you've not heard of that term before,
00:00
TSN, you'll get that.
00:00
That is something you will definitely want to know.
00:00
Obviously, we talk about processes, methodologies,
00:00
but we're going to do this specifically
00:00
a lot of detail on
00:00
the ISSEP process so we put
00:00
all of the domains together into one.
00:00
That's the systems engineering foundations
00:00
Domain 1 for ISSEP.
00:00
Next we have risk management.
00:00
I promised you we'll do more risk management.
00:00
[LAUGHTER] One of our biggest challenges
00:00
is understanding these different levels of risks,
00:00
enterprise risk, systems risks, and operations risks.
00:00
Each of these levels is incredibly important.
00:00
We start at the enterprise,
00:00
then we go down to the next level to the operations risk.
00:00
There's going to be a chart
00:00
that will help you make this make sense.
00:00
Then we have systems risks.
00:00
ISSEs are very keen on reducing risks.
00:00
But if you ever hear somebody say that,
00:00
"My gosh, we're completely risk-free."
00:00
Just walk away because that's not true.
00:00
You will never get to true risk freedom or zero risk.
00:00
There's always risk and
00:00
that's something that ISSE has helped to
00:00
manage in Domain 2, risk management.
00:00
Next, we have security planning and design
00:00
and this is an important one.
00:00
I'm a huge Star Trek fan.
00:00
I love the new show, Star Trek Discovery.
00:00
Probably the jury's out on that for
00:00
many people, but that's okay.
00:00
But in the first season,
00:00
the captain of the discovery
00:00
who turned out to be not such a great guy,
00:00
actually had a really good quote.
00:00
His quote was context is for kings.
00:00
What he was trying to drive out there as it is
00:00
super important to understand
00:00
contextually or the context
00:00
of the situation you find yourself in,
00:00
so that you can make
00:00
the right decisions on
00:00
what to do to handle that situation.
00:00
In security planning and design contexts is no different.
00:00
When you're designing a system,
00:00
you need to understand
00:00
the environment that it's meant to operate.
00:00
We're going to talk a lot about
00:00
stakeholders because they're very important.
00:00
You're going to need to understand the
00:00
requirements of stakeholders step.
00:00
You need to know what security principles
00:00
that your organization is ascribing to.
00:00
If you don't know those, how do you design a system?
00:00
That's what we do here. That drives
00:00
us to a solid architecture and design.
00:00
In many cases, systems engineering is all
00:00
about building the scaffolding which
00:00
other modules can plug into and you're going to see that.
00:00
That's what we're going to talk about a lot
00:00
in this particular domain,
00:00
Domain 3 for ISSEP.
00:00
Domain 4 ISSEP is system implementation,
00:00
verification, and validation, that's V&V.
00:00
This is a throwback to what we used to call
00:00
the V model in systems engineering
00:00
developed by the US military in the actually
00:00
1980s to frame a way
00:00
to understand how complex systems could be assessed.
00:00
Verify, and validate are the two key words here.
00:00
When we verify something, did we meet the requirements?
00:00
Did we actually built it to spec?
00:00
That's what we're talking about.
00:00
Validation is, did we do a good job?
00:00
You're going to hear me say this three or
00:00
four times because it's super important.
00:00
It's very possible that you could verify
00:00
a system and never validate it if it doesn't
00:00
meet the operational needs well enough or good enough.
00:00
That is Domain 4.
00:00
Domain 5 is secure operations,
00:00
change management, and disposal.
00:00
Obviously, we talked about
00:00
the security operations domain in CISSP.
00:00
This is akin to that, but this is different.
00:00
This is not just monitoring the technical side.
00:00
This is monitoring everything from security controls,
00:00
the technical side of things to
00:00
the non-technical side of thing like
00:00
processes, all of those things.
00:00
We're talking about all the security controls,
00:00
the management, the technical,
00:00
the process, all of those things.
00:00
That's what we're talking about. We're not looking at
00:00
just am I getting information or alerts on my Sim?
00:00
We're talking about everything related to
00:00
controlling and managing a system which is a little
00:00
different than what we've talked about
00:00
previously in CISSP.
00:00
Then of course, we talked about DICOM and disposal.
00:00
Decommissioning and disposal.
00:00
Dumpster diving is the thing, folks.
00:00
If we don't properly get rid of the data
00:00
on these complex systems that
00:00
we have when we just chuck them out in the dumpster.
00:00
I guarantee you somebody is going to dig them up
00:00
and they are going to use them to ill effect.
00:00
That's what is found in Domain 5.
00:00
What did we cover in this video?
00:00
We flew through and looked
00:00
briefly at the a ISSEP domains to get you a feel for
00:00
where this course is going and what we're going to cover
00:00
is related to those areas. We'll see you next time.
Up Next
Similar Content
