CISSP® - Security Engineering
By Evan Morgan
Course info
Course info
Description
Deep dive into the Security Engineering domain of the Certified Information Systems Security Professional (CISSP®) certification, including Secure Design Principles and Processes, Fundamental Concepts of Security Models, Security Evaluation Models, Security Capabilities of Information Systems, Vulnerabilities in Security Architecture and Technology Components, Cryptography, and Site and Facility Secure Design
About the author
Evan is an engineer by nature and a security professional by trade with over a decade of experience in technology and security. He enjoys learning new technologies and how to get more out of existing technologies through integration, enrichment, and innovation of new use cases.
Section Introduction Transcripts
Introduction
Hi, I'm Evan Morgan and in this course I'm going to be discussing security engineering. Security engineering is one of the eight domains of the Certified Information Systems Security Professional certification. Or as it is commonly referred to the CISSP. In this course we'll cover the 11 topics within the security engineering domain across 7 more modules. Specifically, we'll cover the following. Secure design principle and processes. Fundamental concepts of security modules. Security evaluation models. Security capabilities of information systems. Vulnerabilities in security architecture and technology components. Cryptography. And finally, site and facility secure design.
Secure Design Principles and Processes
Hi, I'm Evan Morgan and in this module I'm going to be discussing secure design principles and processes. Secure design principles and processes is the first of the objectives of the security engineering domain of the Certified Information Systems Security Professional certification or as it is commonly referred to the CISSP. Secure design principles and processes are key concepts to understand for any information security program, as well as for the CISSP exam. Numerous other components in information security programming build upon a secure design for an organization. So without a secure design in place, it is next to impossible to perform other aspects effectively and efficiently. In this module I'll show you how to increase security and reduce risk for your organization through proper timing in the Software/Systems Development Lifecycle process or SDLC for short. Then we'll outline and discuss the 33 security engineering principles, from the Engineering Principles for Information Technology Security by the National Institute of Standards and Technology or NIST for short, that can be implied within your organization. And lastly, as previously mentioned, the secure design principles and processes is the first objective of the security engineering domain of the CISSP exam.
Fundamental Concepts of Security Models
Hi, I'm Evan Morgan. In this module, I'm going to be discussing fundamental concepts of security models. Fundamental concepts of security models is the second objective of the security engineering domain of the Certified Information Systems Security Professional certification, or as it is commonly referred to, the CISSP. Fundamental concepts of security models is a key concept to understand for any information security program, as well as for the CISSP exam. Numerous other components in an information security program build upon the security model, or models, that an organization decides to leverage. Without understanding the fundamental concepts, it is next to impossible to perform the other aspects effectively, and efficiently. In this module, I will outline the common security model types, as well as examples for them. Then we will outline security architecture frameworks that are commonly seen in the industry, that you can leverage for your organization. Lastly, as I previously mentioned, fundamental concepts of security models is the second objective of the security engineering domain of the CISSP exam.
Security Evaluation Models
Hi, I'm Evan Morgan and in this module I'm going to be discussing security evaluation models. Security evaluation models is the third objective of the security engineering domain of the Certified Information Systems Security Professional certification, or as it is commonly referred to, the CISSP. Security evaluation models is a key concept to understand for any information security program, as well as for the CISSP exam. Security evaluation models enable an organization's ability to restrict evaluations to only products that meet their security needs, as well as an established baseline for security via other usage. In this module we'll define what certification and accreditation are, as well as how they can be used within your organization. Then we'll discuss three common models used for evaluation of products. And three common security implementation guidelines that can be used. And lastly, as previously mentioned, security evaluation models is the third objective of the security engineering domain of the CISSP exam.
Security Capabilities of Information Systems
Hi I'm Evan Morgan and in this module I'm going to be discussing security capabilities of information systems. Security capabilities of information systems is the fourth objective of the security engineering domain of the Certified Information Systems Security Professional certification or as it is commonly referred to, the CISSP. Security capabilities of information systems is a key concept to understand for any information security program, as well as for the CISSP exam. Security capabilities of information systems are rudimentary controls that information systems have that provide security value to an organization in defending itself from attacks. In this module, I'll show you how you can reduce risk for your organization by implementing security value in your information systems. And as previously mentioned, security capabilities of information systems is the fourth objective of the security engineering domain of the CISSP exam.
Vulnerabilities in Security Architecture and Technology Components
Hi, I'm Evan Morgan and in this module I'm going to be discussing vulnerabilities in security architecture and technology components. Vulnerabilities in security architecture and technology components are the fifth, sixth, seventh, and eighth objectives of the security engineering domain of the Certified Information Systems Security Professional certification or as it is commonly referred to, the CISSP. Vulnerabilities in security architecture and technology components is a key concept to understand for any information security program, as well as the CISSP exam. Vulnerabilities in your organization's security architecture and/or its technology components that make up the environment in your organization operates within can be exploited to circumvent security controls that you have in place to protect your organization from malicious activity. In this module we'll identify two common groupings that vulnerabilities are typically placed in. Then we'll discuss how the CIA Triad can be used as a fundamental principle to systematically assess your organization for the CIA Triad's core concerns. Followed by how security architecture and technology components can be vulnerable to exploitation. And lastly as previously mentioned, vulnerabilities in security architecture and technology components are the fifth, sixth, seventh, and eighth objectives of the security engineering domain of the CISSP exam.
Cryptography
Hi, I'm Evan Morgan and in this module I'm going to be discussing cryptography. Cryptography is the ninth objective of the security engineering domain of the Certified Information Systems Security Professional certification or as it is commonly referred to the CISSP. Cryptography is a key concept to understand for any information security program, as well as for the CISSP exam. Cryptography can greatly enhance the security of your organization's data if used appropriately. In this module we'll introduce basic cryptography concepts. Then we'll outline the forms of cryptography and common examples that can be leveraged by your organization followed by a discussion of methods on cryptanalytic attacks and how to protect your organizations from them. And lastly, as previously mentioned, cryptography is the ninth objective of the security engineering domain of the CISSP exam.
Site and Facility Secure Design
Hi, I'm Evan Morgan and in this module I'm going to be discussing site and facility secure design. Site and facility secure design are the tenth and eleventh objectives of the security engineering domain of the Certified Information Systems Security Professional certification or as it is commonly referred to, the CISSP. Site and facility secure design is a key concept to understand for any information security program, as well as for the CISSP exam. It is important to ensure that the security of your organization's facilities remains high enough to protect your information security controls from being bypassed by physical access to facilities like your data center. In this module we'll discuss how physical security improvements can improve the overall security posture for your organization and as previously mentioned, site and facility secure design are the tenth and eleventh objectives of the security engineering domain of the CISSP exam.