Module Summary

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary's essay course,
00:00
I'm your instructor, Brad Rhodes.
00:00
Well, we have made it to the end of Module 8,
00:00
the system development life cycle.
00:00
Let's jump into our summary.
00:00
In this lesson we're going to review
00:00
briefly the SDLC phases.
00:00
We're also going to review the Risk Management Framework.
00:00
Two important things you need to know
00:00
for the risks or for the ESAP exam.
00:00
So here are our SDLC phases.
00:00
Remember initiation is our requirements.
00:00
Acquisition and development,
00:00
that's our build and buy decision.
00:00
If we're going to develop it, we're building,
00:00
and if we're going to buy it,
00:00
we're going to acquire it.
00:00
So we need to make a decision there.
00:00
If we're doing stuff in the development piece of things,
00:00
if we're actually going to build it ourselves,
00:00
that's where we have to decide
00:00
or look to our organization in terms
00:00
of what development model are we using.
00:00
Are we using waterfall?
00:00
Are we using the system's engineering V?
00:00
Are we using a spiral or are we doing agile?
00:00
Then we get to implementation and assessment.
00:00
That's our deployment and integration.
00:00
That's where we push out
00:00
the system into operations
00:00
initially and we do it in a phased approach,
00:00
we don't just roll it out to an enterprise altogether.
00:00
We also do our assessment work there,
00:00
that's where we talk about things
00:00
like the risk management framework
00:00
and getting an interim authority
00:00
to operate or an authority to operate.
00:00
Operation and maintenance sets are
00:00
continuous monitoring of our security controls
00:00
and then maintenance is,
00:00
and I use the general term of patching here,
00:00
but patching obviously,
00:00
it implies a lot more than just that,
00:00
it's updating all the firmware,
00:00
it's updating all of the hardware,
00:00
it's updating software, it's updating operating systems,
00:00
the list goes on and on and on and obviously
00:00
some systems end up going to
00:00
the next phase which is sunset or
00:00
disposal because guess what?
00:00
They probably can't be updated anymore.
00:00
Then of course, the last phase of
00:00
the system development life cycle is sunset or disposal,
00:00
and that's where we decide to get rid of a system.
00:00
We need to end the life of a system,
00:00
and that is a very complex process
00:00
that is reviewed multiple times,
00:00
requires lots of documentation because from
00:00
depending if you're working on
00:00
government systems or commercial systems,
00:00
there's always going to be
00:00
legal and regulatory requirements
00:00
about the system itself,
00:00
the data that you keep from the system,
00:00
how long you keep records about the system,
00:00
all of that stuff is done in sunset or disposal.
00:00
We also talked about the Risk Management Framework,
00:00
and so the RMS is the replacement
00:00
for debts gap and diet cap, which are dead.
00:00
As we said previously,
00:00
will you see that documentation is still in existence,
00:00
absolutely, especially for legacy systems.
00:00
But from the standpoint of understanding what we do now,
00:00
what is current for an ISI, you need to,
00:00
for the ESAP content itself, memorize this chart.
00:00
This is one of those brain dump things you need to have.
00:00
You need to understand that we categorize system,
00:00
we select controls, we implement them,
00:00
we assess them, we authorize, and then we monitor.
00:00
This is a cyclical process.
00:00
Monitoring is obviously an ongoing thing that we do,
00:00
but if we change out-of-control,
00:00
we go back to the whole process again to implement it,
00:00
assess it, authorize,
00:00
and then ultimately do that monitoring.
00:00
There are multiple NIST,
00:00
National Institute for Standards and Technology
00:00
standards you should be aware of,
00:00
we're going to cover those in the next module.
00:00
So in this video we covered and
00:00
reviewed the system development lifecycle phases,
00:00
which is very important to the ISI.
00:00
We also reviewed the Risk Management Framework,
00:00
which is the standard today
00:00
for doing the accreditation of
00:00
systems to get them that authority to
00:00
operate so that they can be put into operations.
00:00
I look forward to seeing you in Module 9,
00:00
key NIST standards. See you next time.
Up Next