Objectives and Security Planning and Design Overview

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary.
00:00
This, of course, I'm your instructor, Brad Rhodes.
00:00
Well, we've made it up to module 4 of 10,
00:00
which is domain 3,
00:00
and a sub security planning and design.
00:00
In our ISSEP journey,
00:00
we're right here,
00:00
we are continuing forward to the domains of ISSEP,
00:00
so we're a little over halfway through there,
00:00
and we're almost to the halfway point
00:00
in the course, so keep at it.
00:00
Our first lesson is going to look at
00:00
the module objectives for module 4,
00:00
and we're going to do a brief introduction
00:00
to security planning and design.
00:00
In this video,
00:00
we're going to cover our module objectives,
00:00
and we're going to look at a real
00:00
quick graphic that gives
00:00
an overview of why we do security planning and design,
00:00
and why it is so important.
00:00
Module objectives here, there are seven of them.
00:00
It's a pretty interesting module.
00:00
We're going to talk about stakeholder requirements.
00:00
We talked about stakeholders previously,
00:00
now we're going to get pretty in-depth.
00:00
You got to understand your stakeholders.
00:00
We're going to talk about one of my favorite subjects
00:00
; threats and resilience.
00:00
That's always fun to talk about.
00:00
We're going to talk about the system security principles,
00:00
things that you should know as an ISSE to
00:00
actually do good design, and planning.
00:00
We're going to talk about where
00:00
requirements and information comes from.
00:00
Contexts, CONOPS, requirements documents.
00:00
Talk about functional analysis,
00:00
we're going to review requirements traceability,
00:00
and another fun topic to talk about is tradeoff studies.
00:00
We're going to cover all of those in this module.
00:00
What is security planning, and design?
00:00
Well, really what it comes down to is as an ISSE,
00:00
you're going to develop the security plan for a system.
00:00
That security plan is going
00:00
to have a lot of things in it,
00:00
things we've already covered before.
00:00
It's going to have pieces and parts
00:00
like configuration management.
00:00
Is going to have a certification
00:00
and accreditation process,
00:00
a little old term, but that's
00:00
where we get our authority to operate.
00:00
It's going to look at the FISMA.
00:00
If you're a federal organization,
00:00
you have to follow
00:00
the Federal Information Systems Management Act.
00:00
You got to do that.
00:00
Talks about monitoring that has to be
00:00
an ongoing and continuous process.
00:00
You see risk assessments and POA&Ms.
00:00
There to handle those risk areas.
00:00
Finally, NIST Special Publication 853
00:00
is all about the security controls that we employ.
00:00
All of these fit in here so
00:00
that we do good security planning,
00:00
and design to create
00:00
a functional secure system that gets either
00:00
put out as a product or it helps
00:00
us to manage and do our jobs day to day.
00:00
In this lesson, we
00:00
covered our module objectives and we looked
00:00
briefly at security planning
00:00
and design. We'll see you next time.
Up Next