From the course: ISC2 Information Systems Security Engineering Professional (ISSEP) Cert Prep
Objectives and security planning and design overview
From the course: ISC2 Information Systems Security Engineering Professional (ISSEP) Cert Prep
Objectives and security planning and design overview
- Welcome back to Cybrary's ISSEP course. I'm your instructor, Brad Rhodes. Well, we've made it up to module four of 10, which is domain three in ISSEP, security planning and design. In our ISSEP journey, we're right here. We are continuing forward through the domains of ISSEP, so we're a little over halfway through there. And we're almost to the halfway point in the course, so keep at it. Our first lesson is going to look at the module objectives for module four, and we're going to do a brief introduction to security planning and design. So in this video, we're going to cover our module objectives, and we're going to look at a real quick graphic that sort of gives an overview of why we do security planning and design and why it is so important. So module objectives here, there's seven of them. It's a pretty interesting module. We're going to talk about stakeholder requirements. We talked about stakeholders previously. Now we're going to get pretty in depth. You got to understand your stakeholders. We're going to talk about one of my favorite subjects, threats and resilience. That's always fun to talk about. We're going to talk about the system security principles, things that you should know as an ISSEP to actually do good design and planning. We're going to talk about where requirements and information comes from. Context, CONOPS, requirements documents, talk about functional analysis. We're going to review requirements, traceability. And another fun topic to talk about is trade off studies. And so we're going to cover all of those in this module. So what is security planning and design? Well, really what it comes down to is as an ISSEP, you're going to develop the security plan for a system. And that security plan is going to have a lot of things in it, things we've kind of already covered before. It's going to have pieces and parts like configuration management. It's going to have a certification and accreditation process, a little old term, but that's where we get our authority to operate. It's going to look at the FISMA. If you're a federal organization, you have to follow the Federal Information Systems Management Act. You got to do that. Talks about monitoring. That has to be an ongoing and continuous process. You see risk assessments and POA&Ms, they're to handle those risk areas. And finally, NIST Special Publication 800-53 is all about the security controls that we employ. And all of these fit in here so that we do good security planning and design to create a functional, secure system that gets either put out as a product or it helps us to manage and do our jobs day to day. So in this lesson, we covered our module objectives and we looked briefly at security planning and design. We'll see you next time.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
-
Objectives and security planning and design overview2m 37s
-
(Locked)
Stakeholder requirements3m 55s
-
(Locked)
Threats and resilience6m 1s
-
(Locked)
System security principles2m 26s
-
(Locked)
Context, CONOPS, and requirements documents5m 11s
-
(Locked)
Functional analysis3m 11s
-
(Locked)
Requirements traceability3m 29s
-
(Locked)
Trade-off studies3m 45s
-
(Locked)
Module summary2m 55s
-
-
-
-
-
-
-