Technical Management
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary's ISSEP of course,
00:00
I'm your instructor, Brad Rhodes.
00:00
Next on our journey through
00:00
Domain 1 of ISSEP is technical management.
00:00
Got a lot to cover here.
00:00
In this video, we're going to talk about
00:00
planning decisions, configuration management,
00:00
information management, quality assurance,
00:00
and automation. Let's get rolling.
00:00
In planning, you need to
00:00
memorize this diagram if you're studying for the ISSEP,
00:00
the cost, scope or performance,
00:00
and time versus quality diagram.
00:00
This is a pretty straightforward thing to grasp.
00:00
If you want to have more scope,
00:00
it's going to cost you more,
00:00
it's going to take more time.
00:00
If you want it faster, it's going to cost you
00:00
a lot more and you're going to have to do less.
00:00
If you want something that's lower-cost,
00:00
it's going to probably be less scope and take more time.
00:00
This is a balanced triangle and
00:00
so if you want high-quality stuff,
00:00
you have to understand this.
00:00
You're going to see this cost, scope,
00:00
and time discussion throughout the domains of ISSEP,
00:00
because it's so very important.
00:00
Memorize this chart.
00:00
Decisions. We make three kinds
00:00
of decisions or support
00:00
three kinds of decisions as ISSEs;
00:00
one, we make people decisions.
00:00
What things do people need
00:00
from a requirements perspective and then ultimately,
00:00
how do we support the customers?
00:00
We have to make recommendations on technology.
00:00
Should we buy the
00:00
latest greatest widget that's going to help
00:00
secure our data and systems or should we not?
00:00
Then we also are very
00:00
much involved in monetary decisions.
00:00
In today's world of complex systems,
00:00
these things cost a lot of money.
00:00
If we are not paying attention to the budget
00:00
and just blow all the budget and the money, guess what?
00:00
Then our organizations potentially go out of business.
00:00
What we're really talking about here is trade-offs.
00:00
We have to make distinct and risk-based trades
00:00
on what we do with people,
00:00
technology, and obviously dollars.
00:00
We'll just talk about trade-off studies much later
00:00
in our discussions together.
00:00
But I want you to know that we
00:00
have to make these trade-offs and
00:00
ISSE recommend those based on our experiences.
00:00
Configuration management.
00:00
We have a whole section coming up
00:00
a configuration management.
00:00
But the bottom line that I want you to take away
00:00
from this super complex chart is
00:00
that if we do not manage systems,
00:00
especially complex systems that include
00:00
multiple pieces and parts from
00:00
a systems engineering perspective,
00:00
a security systems engineering perspective,
00:00
we are bound to create
00:00
vulnerabilities and exploitable problems
00:00
>> for our system.
00:00
>> Configuration management,
00:00
configuration control, change management,
00:00
however you decide to term
00:00
it or however your organization to terms,
00:00
has to be a deliberative,
00:00
well-thought-out process to ensure that
00:00
our systems remain secure as we make changes,
00:00
as we pull out technology,
00:00
as we put new stuff in,
00:00
as we change processes,
00:00
all of that stuff is all fair game
00:00
in the configuration management arena.
00:00
Information management.
00:00
Information is what we're talking
00:00
>> about here as in ISSE.
00:00
>> The information system security engineering,
00:00
professional concentration.
00:00
Obviously, information is a key part of what we do.
00:00
There's the cybersecurity engineering aspect,
00:00
but then there's also
00:00
the information security engineering aspect.
00:00
When it comes to people, do
00:00
they have the right access
00:00
to the stuff they need access to?
00:00
Or do we need to restrict them based on
00:00
something like zero-trust architecture
00:00
we've talked about previously.
00:00
Processes. Processes are incredibly important.
00:00
If we don't have processes in place then we do not
00:00
have consistent execution across your organization.
00:00
ISSEs are well-used in terms of developing
00:00
processes to help manage information systems.
00:00
Technology. We've already
00:00
talked about technology briefly.
00:00
Technology is a huge part of what we do as ISSEs,
00:00
but it also is a huge part of where we have to say,
00:00
maybe we don't need a technology solution.
00:00
Maybe we can do that with
00:00
a process solution or a people or HR solution.
00:00
Those non-technical solutions and
00:00
information management are just as
00:00
effective in many cases as
00:00
are expensive technology solutions.
00:00
Then the last thing and I add this here,
00:00
people process technology is pretty easy.
00:00
We all heard these terms before.
00:00
Another one I like to talk about
00:00
here is data and information.
00:00
What is the data we're protecting?
00:00
What is the information we're protecting?
00:00
We as ISSEs need to understand that piece and part of
00:00
our organization so that we can make
00:00
recommendations on how best to handle that.
00:00
Getting much more complex these days
00:00
when we talk about Cloud-based systems.
00:00
Quality. Quality is something that ISSEs do a lot of.
00:00
We look at both assurance and control.
00:00
Assurance is,
00:00
are we measuring the performance
00:00
of our process or product correctly?
00:00
Basically, we're assessing,
00:00
whether we're actually doing stuff correctly or right.
00:00
Quality control is actually looking at do we have
00:00
an actual program for
00:00
doing quality management and it
00:00
has really nothing to do with assurance.
00:00
Quality control is actually
00:00
making sure the program works,
00:00
quality assurance is actually doing the program.
00:00
We do that quite often as ISSEs so
00:00
you need to remember the difference
00:00
between those two terms.
00:00
Automation, love automation.
00:00
Love this picture here of the automated vacuum.
00:00
If you have pets, I've got a couple
00:00
of pets, pets are fun.
00:00
But if a pet makes a mess on the floor,
00:00
if you've bought the low-end automated vacuum,
00:00
it's not going to sense that
00:00
there's something in the way of its part and it's
00:00
just going to spread that whatever mess all
00:00
over your living room and that's
00:00
probably not the best thing to do.
00:00
That comes down to the fact that when we do
00:00
automation in information security,
00:00
cybersecurity, we have to test it.
00:00
We don't just stick it in operations
00:00
and automate something and hope it works.
00:00
We actually have to test it and integrate it
00:00
properly and we have to make sure it's well-documented.
00:00
Why do we do automation?
00:00
We do it because we want to reduce repetitive processes.
00:00
Human beings are not great at repetitive process.
00:00
It's just the way it is, the way we're built.
00:00
We're really good at seeing that thing that stands out,
00:00
that's not necessarily repetitive.
00:00
When we work through these things,
00:00
we want to make sure that we do also with
00:00
automation is the reporting piece, logging.
00:00
We don't want to put out an automated capability and not
00:00
actually gathered data back from it
00:00
to see if it's actually performing correctly.
00:00
Boy, it would really stink if you were
00:00
doing something with data and that
00:00
automated process failed and you have
00:00
no notification that it actually happened or to fail.
00:00
You need to make sure that's built
00:00
in throughout the course of development,
00:00
especially if you're using automation systems.
00:00
What did we cover in this lesson? A lot.
00:00
We looked at planning,
00:00
decisions, configuration management,
00:00
information management, QA, and automation,
00:00
these are all areas from
00:00
a technical management perspective that
00:00
ISSEs do a lot of work in and
00:00
need to have familiarity with whether they sit for
00:00
the ISSEP concentration or not. We'll see you next time.
Up Next
Similar Content
