From the course: ISC2 Information Systems Security Engineering Professional (ISSEP) Cert Prep

Objectives and introduction to operations

From the course: ISC2 Information Systems Security Engineering Professional (ISSEP) Cert Prep

Start my 1-month free trial Buy for my team

Objectives and introduction to operations

- [Brad] Welcome back to Cybrary's ISSEP course, I'm your instructor, Brad Rhodes. Well, we've made it up to module 6 of 10, over the halfway point. We're now at the last domain for ISSEP, that's Domain 5: Secure Ops, Change Management, and Disposal. So here's where we are on our journey, plus the halfway point on our downhill slide into module 7, 8, 9, and 10 after we complete this module. Really what we're looking to do here is talk about the operations process in module 6, domain 5. And then we're going to put all of those pieces together in module 7 and module 8, and hopefully get you understanding and ensconced in what it means to be an ISSE. So, let's jump in. In this module and this video, we're going to talk about module objectives. We're going to review a quick introduction to operations and talk about those areas. And get you ready to go for what is going to be a bit of a lengthy module. So we've got seven areas we're going to cover in this module. SecOps, ConMon, and we've talked previously ConMon is not just about monitoring security systems and SIEMs and IDSs, IPSs, all that kind of stuff, ConMon is the holistic look that an ISSE has to do across all security controls. We're going to talk about secure maintenance in the supply chain again, because this is super important for ISSEs. We're going to talk about incident response. Why? Because ISSEs will get pulled into incident response from time to time, not only from an engineering perspective, but especially if their controls are involved in the thing that caused the incident. We're going to review change management. And then we're going to talk about decom and disposal. Two different things, two very, very different things that you've got to understand as an ISSE, because I'm telling you, folks, dumpster diving is a real thing, and if you just throw stuff out and you haven't disposed of it properly, somebody is going to use that against you. So let's talk about operations. Operations is about three things: People, process, technology. And you've probably seen the triangle on the left side of the screen here before. People, that's where we talk about, do you have the skills? Are you ready to go to support an environment and do that security work? That's really what it comes down to. Processes is consistent execution. It is standardized execution. ISSEs, you write a lot of processes, especially if you create your own security controls and you're not buying something, even if you do buy something, you're going to be the person that probably creates the training and creates the processes that are used in your environment. And last is technology itself, and that's the implementation and integration. We've talked about that in the previous module. That's where we take all of those pieces and we've put them together in the puzzle and we make that product or project or system or whatever it is we're doing from a controls perspective to mitigate risk, we're making it saying we're making the technology work. And that's what we see when we think about operations. So in this lesson, we reviewed and jump-started our module objectives, talked about those, what we're going to cover in this particular module. And then we did a brief introduction to operations. Let's jump in. We'll see you next time.

Contents