Objectives and Introducing NIST and Standards

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary ISSEP course.
00:00
I'm your instructor, Brad Rhodes.
00:00
We have made it to Module 9 of 10,
00:00
and this is key NIST standards.
00:00
Where have we come from and where are we going?
00:00
Well, we have been through the ISSEP domains.
00:00
We have talked about the ISSE process,
00:00
we've talked about the system development lifecycle,
00:00
and now we're going to talk about those key
00:00
National Institute for Standards and Technologies,
00:00
standards documents that are
00:00
critical for you to understand.
00:00
As in ISSE, there are great reference points,
00:00
but also things you should be
00:00
aware of for the ISSEP exam.
00:00
After we're done with this module into
00:00
Module 10 concentration insights,
00:00
and then you'll be done.
00:00
We're almost there. In this video,
00:00
we're going to talk about our module objectives.
00:00
We're going to introduce NIST.
00:00
We're going to talk about those key NIST publications
00:00
you need to know as an ISSE.
00:00
Our module objectives are pretty straightforward.
00:00
We're going to introduce NIST,
00:00
and then we're going to review the NIST publications
00:00
that every ISSE should know.
00:00
By the way, these pictures we're going to
00:00
show you and talk about from
00:00
a process perspective are things you probably
00:00
should know and be aware of for the ISSEP exam.
00:00
Who is NIST? What is NIST?
00:00
Well, they are under the US Department of Commerce.
00:00
They were founded in 1901,
00:00
and the goal here was to provide a construct
00:00
for measurements and standards
00:00
for the entirety of the United States.
00:00
This has become a thing in
00:00
Europe and other places in the world,
00:00
and the United States jumped on the bandwagon
00:00
there. What does NIST do?
00:00
It provides standards and guidance on everything.
00:00
It could be power grid stuff, it could be atomic clocks,
00:00
it could be the computer chips,
00:00
it could be all sorts of things,
00:00
even cybersecurity as one of the things that NIST
00:00
provides to the United States
00:00
and by defacto to the world.
00:00
A lot of countries besides the United States use
00:00
NIST standards because they are
00:00
so well done and so well-written.
00:00
Why NIST? It's really simple.
00:00
You don't have to do everything from scratch.
00:00
If you need a standard,
00:00
if you need to know how to do, say,
00:00
incident response, NIST has got a document for you.
00:00
If you need to know how to do
00:00
information system security engineering,
00:00
NIST has got a document for you.
00:00
If you need to know something about cryptography,
00:00
NIST has got a document for you.
00:00
These documents are freely available.
00:00
They're govs, they're government off-the-shelf.
00:00
If you live in the United States,
00:00
your taxpayer dollars pay for these,
00:00
so why wouldn't you use them.
00:00
I don't like to build things from scratch,
00:00
but I don't have to, and NIST allows me to do just that.
00:00
We're going to talk about the key NIST publications.
00:00
We're going to review these in pretty good detail.
00:00
We're going to talk about system security engineering.
00:00
That's special pub, that's the SP there, 800-160.
00:00
We're going to talk about the controls in 800-53.
00:00
We're going to talk about, here's a surprise,
00:00
media sanitation in 800-88.
00:00
Then continuing on, we're going to talk about a guide.
00:00
If you were going to study
00:00
any NIST publication right
00:00
before you took your ISSEP exam,
00:00
it would be 800-100.
00:00
It is a great summary of
00:00
just about everything you need to know that I
00:00
believe it'd be good to know for the ISSEP exam.
00:00
We're going to talk about
00:00
the NIST cybersecurity framework
00:00
because a lot of organizations
00:00
are moving to that because it's
00:00
clean and it's easy to implement.
00:00
Then we're going to talk about FIPS,140 tech-2
00:00
, and that's cryptography.
00:00
What do we cover in this video?
00:00
We talked about our module objectives.
00:00
We introduced NIST and who they are.
00:00
Then we've talked about the
00:00
NIST publications that are key for an ISSE.
00:00
There's so many of these publications,
00:00
there's so much information from this.
00:00
There's no way that you could actually ever learn it all.
00:00
But if you're prepping for the ISSEP exam,
00:00
these are the ones that you really should have
00:00
a good handle on. We'll see you next time.
Up Next