Welcome back to Cyber Oasis. Of course I'm your instructor, Brad Roads. Well, we've made it up to Module four of 10, which is Domain three and disip. Security, planning and design
in our is up journey. We're right here. We are continuing forward to the domains ofhis apps. So we're a little over half way through there and we're almost to the halfway point in the course. So keep at it.
Our first lesson is going to look at the module objectives for module four and we're gonna do a brief introduction to security, planning and design.
So in this video, we're going to cover our model objectives. Now, we're gonna look at a real quick graphic. That sort of gives an overview of why we do security, planning and design and why this so important?
So module objectives here, there's seven of them. It's a pretty interesting module. We're gonna talk about stakeholder requirements. We talked about stakeholders previously. Now we're gonna get pretty in depth. You gotta understand your stakeholders. We're gonna talk about one of my favorite subjects threats and resilience. That's always fun to talk about. We're gonna talk about
the system, security principles, things that you should know is an ISI
toe. Actually do good design and planning.
We're gonna talk about where requirements and information comes from context, con ups, requirements, documents. We talk about functional analysis. We're gonna review requirements, traceability and another fun topic to talk about his trade off studies. And so we're going to cover all of those in this module.
So what is security planning and design? Well, really, What it comes down to is, as an ISI, you're going to develop the security plan for a system, and that security plan is going to have a lot of things in it. Things we've kind of already covered before. It's gonna have pieces and parts like configuration management
is going to have a certification and accreditation process. Little old term. But that's where we get our authority to operate. It's gonna look at the fisma. If you're a federal organization, you have to follow the Federal Information Systems Management Act. You've got to do that talks about monitoring that has to be an ongoing and continuous process.
You see risk assessments and poems thereto handle those risk areas,
and finally, uh, NIST Special Publication 853 is all about the security controls that we employ. And all of these fit in here so that we do good security planning and design to create a functional, secure system that gets either put out as a product
or it helps us to manage and do our jobs day today.
So in this lesson, we covered our module objectives and we looked briefly at security, planning and design.
We'll see you next time.