Objectives and Generic Systems Engineering (SE)
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary. Yes of course,
00:00
I'm your instructor, Brad Rhodes.
00:00
Let's jump into Module 7 of 10,
00:00
Information System Security Engineering Process.
00:00
Where are we on the ISSEP journey?
00:00
Well, we are more than halfway through and we have
00:00
made it to Module 7
00:00
and this is what we're going to talk about,
00:00
what it means to be an ISSE and
00:00
walk through the processes that ISSEs do.
00:00
Then we'll move on to Module 8 and talk about
00:00
the system development life cycle,
00:00
not the software development lifecycle. Let's jump on in.
00:00
We're going to cover our module objectives and
00:00
generic systems engineering in this particular lesson,
00:00
and then we're going to look at why
00:00
ISSEs are silver important today when we
00:00
think about the complexity of systems that
00:00
we see out in the product space.
00:00
Here's our module objectives.
00:00
We're going to review systems engineering.
00:00
We're going to compare the systems engineering
00:00
efforts to the information
00:00
system security engineering efforts.
00:00
Then we're going to investigate
00:00
the six steps in the ISSE process and
00:00
these six steps are
00:00
framed in something called the Eye ADA.
00:00
We're going to talk about that in a little bit because
00:00
it's very important that you know
00:00
that document for the ISSEP content and the exam itself.
00:00
Here's a view of generic systems engineering.
00:00
It's pretty straightforward.
00:00
It is a linear process with
00:00
a little bit of circular effort to it.
00:00
You can do some revisits depending on
00:00
how you decide to do your development model.
00:00
If you're doing obviously agile or spiral,
00:00
you're going to see this more iterative than not.
00:00
In generic systems engineering,
00:00
we start by discovering the needs. What's needed?
00:00
What are we supposed to do?
00:00
Then we take those needs and
00:00
we define system requirements.
00:00
System requirements then bleed us into
00:00
the system architecture itself. We have to design that.
00:00
Then we develop a detailed design
00:00
implementation and most importantly,
00:00
we then assess effectiveness.
00:00
If you see the errors that come out of each of these,
00:00
we can assess effectiveness throughout the course of
00:00
each of these steps in the
00:00
generic systems engineering process.
00:00
Here's another view of systems engineering,
00:00
and this is from Department of Defense 5000.2.
00:00
A little bit older reference,
00:00
but it comes out of the Eye ADA, which we'll talk about.
00:00
Really what we're talking about here is, what happens?
00:00
In all of our systems engineering
00:00
processes we take an input from the customer.
00:00
We do requirements analysis,
00:00
we do allocation,
00:00
and functional analysis, we do synthesis,
00:00
which is taking the architecture and actually
00:00
determining either the preferred products
00:00
or building them,
00:00
the external and external interfaces.
00:00
Then we do that outpost process where we say,
00:00
here's what we decided,
00:00
what were the decisions we made?
00:00
This is another way to look at
00:00
systems engineering from a top-level.
00:00
But you're going to see things and you've
00:00
seen things we've talked about before,
00:00
trade-off, risk management, configuration management,
00:00
all of those things that we talked
00:00
about in the ISSEP domains leading
00:00
up to this are here in
00:00
that generic systems engineering process.
00:00
We've come up to a really important question
00:00
as we have progressed through the ISSE domains
00:00
and now we're talking about the ISSE process
00:00
here in Module 7.
00:00
Why do we do information system security engineering?
00:00
Well, there's four main reasons.
00:00
One, we're dealing
00:00
today with incredibly complex systems,
00:00
and the more complex the system get,
00:00
the more important it is to do
00:00
that system security engineering upfront.
00:00
By the way, these networks and systems
00:00
and applications and machines,
00:00
they're not getting any less complex.
00:00
They're getting more complex.
00:00
We're adding more and more functionality
00:00
throughout the process.
00:00
It early integration.
00:00
If we're not integrating
00:00
our security processes and
00:00
security controls that ISSEs build-out
00:00
and design and develop early in our system,
00:00
we're going to add a lot more expense.
00:00
It is a whole heck of a lot more expensive
00:00
to add or built-on security as a Band-Aid
00:00
after you've deployed the system than it
00:00
is to do it upfront in our design.
00:00
ISSEs are focused on the customer.
00:00
We don't do systems engineering
00:00
or information system security engineering
00:00
without a customer or focus on them.
00:00
If we don't do that, we're not doing it right.
00:00
Then last, ISSEs are super
00:00
important for risk management.
00:00
We have to identify
00:00
that risk as a continuous process throughout
00:00
the information system security engineering process to
00:00
ensure that we aren't creating
00:00
problems sets down the road that we didn't think about.
00:00
This is why it's so important to
00:00
do ISSE throughout and do this process
00:00
throughout our systems engineering and information
00:00
systems security engineering work.
00:00
In this lesson, we talked about our module objectives.
00:00
We've got a lot to cover here in Module 7.
00:00
We talked about generic systems engineering
00:00
to reviews of that and then we
00:00
talked about why ISSEs are so very
00:00
important. We'll see you next time.
Up Next
Similar Content
