From the course: ISC2 Information Systems Security Engineering Professional (ISSEP) Cert Prep

Objectives and generic systems engineering (SE)

From the course: ISC2 Information Systems Security Engineering Professional (ISSEP) Cert Prep

Start my 1-month free trial Buy for my team

Objectives and generic systems engineering (SE)

- [Brad] Welcome back to Cybrary's ISSEP course. I'm your instructor, Brad Rhodes. Let's jump into Module 7 of 10, Information System Security Engineering Process. So, where are we on the ISSEP journey? Well, we are more than halfway through and we have made it to Module 7. And this is what we're going to talk about what it means to be an ISSE and work through the processes that ISSEs do. And then, we'll move on to Module 8 and talk about the System Development Lifecycle, not the Software Development Lifecycle. So, let's jump on in. We're going to cover our module objectives and Generic Systems Engineering in this particular lesson. And then we're going to look at why ISSE?A And why ISSEs are so very important today when we think about the complexity of systems that we see out in the product space? So, here's our module objectives. We are going to review Systems Engineering. We're going to compare the Systems Engineering efforts to the Information Systems Security Engineering efforts. And then, we're going to investigate the six steps in the ISSE process. And these six steps are framed in something called the IADAP. We're going to talk about that in a little bit because it's very important that you know that document for the ISSEP content and the exam itself. So, here is a view of Generic Systems Engineering. It's pretty straightforward. It is a linear process with a little bit of circular effort to it. You can do some revisits depending on how you decide to do your development model. If you're doing obviously Agile or Spiral, you're going to see this more iterative than not. So, in Generic Systems Engineering, we start by discovering the needs. What's needed? what are we supposed to do? Then, we take those needs and we define system requirements. System requirements then bleed us into the system architecture itself. We have to design that then we develop a detailed design implementation. And most importantly, we then assess effectiveness. And if you see the arrows that come out of each of these, we can assess effectiveness throughout the course of each of these steps in the Generic Systems Engineering process. So, here's another view of Systems Engineering, and this is from Department of Defense 5000.2-R. It's a little bit older reference, but it comes out of the IADAP which we'll talk about. And really, what we're talking about here is what happens? In all of our Systems Engineering processes, we take an input from the customer. We do requirements analysis, we do allocation and functional analysis, we do synthesis, which is taking the architecture and actually determining either the preferred products or building them the external interfaces. And then, we do that outpost process where we say, "Hey, here's what we decided. What were the decisions we made?" And so, this is another way to look at systems engineering from a top level. But you're going to see things and you've seen things we've talked about before. Trade off, risk management, configuration management, all of those things that we talked about in the ISSEP domains leading up to this are here in that Generic Systems Engineering Process. So, we've come up to a really important question as we have progressed through the ISSEP domains and now we're talking about the ISSE process here in Module 7. Why do we do Information System Security Engineering? Well, there's four main reasons. One, we are dealing today with incredibly complex systems. And the more complex these systems get, the more important it is to do that system security engineering upfront. And oh, by the way, these networks and systems and applications and machines, they're not getting any less complex. They're getting more complex. We're adding more and more functionality throughout the process. Early integration. If we are not integrating our security processes and security controls that ISSEs build out and design and develop early in our system, we're going to add a lot more expense. It is a whole heck of a lot more expensive to add or bolt on security as a bandaid after you've deployed a system than it is to do it upfront in our design. ISSEs are focused on the customer. We don't do systems engineering or information system security engineering without a customer. We're focused on them. If we don't do that, we're not doing it right. And then last, ISSEs are super important for risk management. We have to identify that risk as a continuous process throughout the Information System Security Engineering process to ensure that we aren't creating problem sets down the road that we didn't think about. And this is why it's so important to do ISSE throughout and do this process throughout our Systems Engineering and Information Systems Security Engineering work. So, in this lesson we talked about our module objectives. We got a lot to cover here in Module 7. We talked about Generic Systems Engineering, two views of that. And then, we talked about why ISSEs are so very important. We'll see you next time.

Contents