From the course: ISC2 Information Systems Security Engineering Professional (ISSEP) Cert Prep

Objectives and introduction to systems security engineering

From the course: ISC2 Information Systems Security Engineering Professional (ISSEP) Cert Prep

Start my 1-month free trial Buy for my team

Objectives and introduction to systems security engineering

- [Brad] Welcome back to Cybrary's ISSEP course. I'm your instructor, Brad Rhodes. We're starting with Domain 1: Systems Security Engineering Foundations for ISSEP. This is Module 2 of 10. Where are we in our course outline? Well, we've completed Module 1, the overview, to level-set you as to where we're going with the ISSEP course. And now we're going to jump into pretty good detail, Domain 1 of ISSEP, which is our foundations. So our first lesson is going to cover the objectives of the module, and we're going to introduce systems security engineering. So what are we going to cover here? We're going to look at the module objectives for ISSEP Domain 1, our foundations. Then we're going to do a brief overview of systems security engineering, and that's going to come directly out of NIST, the National Institute for Standards and Technology. That is going to give you a good feel for what systems security engineering kind of looks like. All right, so what are our objectives for ISSEP Domain 1? Well, we're going to cover the fundamentals. You can't, you know, jump into a complex thing like systems engineering or systems security engineering without some of the fundamentals. We're going to review processes related to that. We're going to talk about development methodologies. And so this is development methodologies that you might ascribe to software engineering, but they are also applicable to large-scale systems engineering. In fact, those development methodologies were originally built to handle systems engineering, but they have since been transformed and used for multiple things. We're going to talk about the technical management process. You do, as an ISSE, a lot of technical management. That is a huge part of your work. So you need to know that. We're going to talk about acquisition, which is really the buy/build decision points. Sometimes, as an ISSE, you have to make a recommendation. Am I going to buy something or am I going to build it myself? I'll tell you, if you build it yourself, you own the zero days. That's kind of one of my mantras. But sometimes you have to buy it because it's cheaper. You're going to get to market with whatever product you're working on faster. And then we're going to talk about trusted systems networks and why they are so important, especially as it relates to the US government and the US Department of Defense. That's where you're going to see the conversation about COTS and GOTS initially. So just keep that in mind. But we're going to get there. All right, so from NIST, the National Institute of Standards and Technologies, we have this great overview. And this is, you can see, built by INCOSE. And we've talked about in INCOSE before. So systems engineering is the top-level management process or top-level engineering process for putting together complex systems. One of the specialties of systems engineering is systems security engineering or information systems security engineering, ISSE, which is what we're talking about in this course. And so a systems security engineer, what do they do? They apply the math, the engineering, the concepts, methods. So they standardize what happens as it gets integrated into the system as a whole. The systems security engineer helps with other specialties. So for example, if you're doing a system and you're exercising or executing defense in depth, so think the onion layers of security, you are going to have security specialists in host-based systems, so computers. You're going to have security specialists in network-based security systems. You're going to have specialists in data-loss prevention. And so those are the security specialties and other specialties that roll up into what we do in systems security engineering, that ultimately are then morphed modularly into the system as a whole from a systems engineering perspective. And so systems engineering and systems security engineering are both multidisciplinary processes to integrate pieces and parts into a system as a whole. And that's a basic overview of systems security engineering. So what did we cover in this lesson? We looked at the module objectives for Module 2, which is our Domain 1 of ISSEP, foundations. And then we did a brief overview of the systems security engineering processes framed by NIST. We'll see you next time.

Contents