Verification
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary's ISSEP course.
00:00
I'm your instructor Brad Rhodes.
00:00
Let's jump into verification.
00:00
In this video, we're going to look
00:00
at the definition of verification.
00:00
We're going to talk about the system
00:00
security outcomes as related,
00:00
and then we're going to apply verification.
00:00
When we look at verification and
00:00
we've talked about verification before,
00:00
less specifically define it here,
00:00
it is all about requirements and evidence.
00:00
We create a series of requirements as ISSEs.
00:00
We have to verify that those requirements are met.
00:00
Then we have to have the evidence
00:00
that shows they are met.
00:00
In the case of,
00:00
say, an intrusion detection system,
00:00
the evidence might be the readout of
00:00
the logs that shows all of the rules that were matched.
00:00
That might be how we verify the system works.
00:00
Or in the case of a piece of hardware,
00:00
perhaps it's how long does that hardware operate,
00:00
say, like a smartphone?
00:00
We want that smartphone to operate 24/7, 365,
00:00
so maybe we test
00:00
the battery that way to see if it meets that we're
00:00
verifying the requirements are satisfied.
00:00
When we think about system
00:00
security engineering outcomes related to this,
00:00
there's three things I want you to remember.
00:00
One is, it's not just the systems itself,
00:00
in ISSEs, we tend to work with enabling systems.
00:00
We have to look at that as
00:00
well because the enabling systems
00:00
make or break sometimes our security systems.
00:00
We have to look at that from
00:00
a verification perspective, very important.
00:00
The second piece I want you to remember is traceability.
00:00
We have to have traceable requirements.
00:00
Earlier in our previous lesson,
00:00
we talked about a
00:00
requirements traceability matrix and the fact that
00:00
every requirement needs to
00:00
be traceable from beginning to end,
00:00
all the way up from the baseline bottom things
00:00
to that systems engineering of starting requirement.
00:00
That traceability is very important.
00:00
Then last, we touched on this,
00:00
the previous slide, but I want to hit it
00:00
here again is evidence.
00:00
I trust, but verify.
00:00
If you tell me something works and you
00:00
can't show me how it works or why it
00:00
worked or what worked from
00:00
a requirements perspective as an ISSE I don't believe it.
00:00
Systems engineers and information
00:00
system security engineers,
00:00
we need to see the evidence incredibly important for us.
00:00
Let's apply verification to an IDS system.
00:00
In this case here we have
00:00
five requirements this system needs to meet.
00:00
Those requirements are not
00:00
defined here as threshold, minimum,
00:00
or objective, nice to have,
00:00
longer down the road things we want to have.
00:00
We're just going to assume that all of these are
00:00
threshold or minimum requirements.
00:00
Well, obviously it can
00:00
do what it needs to do and detecting multiple ISSEs.
00:00
It works on all sorts of platforms, which is great.
00:00
They can detect those denial of service attacks.
00:00
But here's the problem, we get down
00:00
to requirement number 4 and it doesn't meet it.
00:00
It doesn't detect
00:00
that content-based information, problematic.
00:00
Because when we're talking about
00:00
an intrusion detection system that's
00:00
supposed to be next-gen 21st century,
00:00
all that stuff, it's not working.
00:00
One of our requirements has not been verified.
00:00
In this case here, if we built this system,
00:00
we send it back to the drawing board,
00:00
we send it back to the previous step to get things fixed.
00:00
Or alternatively, if we're buying this,
00:00
this may be the system that we
00:00
decide not to buy because it can't meet
00:00
one of our five requirements we've
00:00
specified as necessary for the system,
00:00
and that's an application of verification.
00:00
In this lesson, we defined verification,
00:00
we talked about related system security outcomes,
00:00
you should be aware of, I said ISSE.
00:00
Then we apply verification as
00:00
a practical example. We'll see you next time.
Up Next
Similar Content
