Pass your certification exam. Faster. Guaranteed.

Secure Design Principles Transcription

Welcome to our secure system design principles module. Systems engineering applies through the entire process of development from the concept until the final disposal. Here we have a life cycle that can help to depict this process. We start with a concept of operations and then move on to our requirements and architecture phase.

We would then come up with a detailed design for our system. And then we would implement the system, install it, and get it up and running. Once it has been installed we would integrate, test, and verify that the system is working properly. And then do a system verification and validation before placing the system in service.

Once the operation of the system begins we would then have to maintain the system and make sure that it is working properly. We would accomplish this through verification and validation and since it is a life cycle this cycle would repeat itself. As we need to add new items to the system or replace the system, we would move back to the concept of operations and then flow through the cycle again.

It is very important that we use this system's life cycle to make sure that we can manage our risk and assures the safety, security, and dependability of our system. NIST, or the National Institute of Standards and Technology provides a system development life cycle, or SDLC. This lifecycle is designed to help you with what is called cradle to grave planning, meaning from the very beginning of the system until the very end of the system.

This lifecycle begins at the initiation phase where someone tells you that they need a system or makes a request for a system and you determine the high-level requirements for that system. We then move on to the acquisition and development phase. And here we either purchase the system, or develop and design the system.

And this phase also includes other cycles, such as the system development cycle of the acquisition cycle. Once we have designed or purchased the system, we can move on to the implementation and assessment phase. Here we would install the system and conduct system testing to make sure that it is working properly.

We then move on to the operations and maintenance phase where we have the system working properly for the work we needed it to do. We will maintain the system by installing necessary updates, or making modifications, and continue to make sure that the system is functioning properly and serving the needs of our organization.

We will then move to the sunset phase, also known as the disposal phase. This is where we have decided we no longer need the system, or we've replaced it with something new, and we make sure that we dispose of the system properly, keeping in mind that the system could have sensitive data on it, and we need to make sure that we properly dispose of the system. We would then begin the life cycle again when the need for a new system arises. Security architecture is the practice of applying rigorous and comprehensive methods for describing your current structure or future structure and the behavior of your security processes, information security systems, your personnel, and your organizational sub-units to make sure that they all align with your organization's core goals and strategic direction.

This is basically a very detailed road map which will help you from the start to the finish. You'll take a look at your information security requirements, such as the resilience of your information security, the consistency of your risk management, and also making sure that you have cost-effective controls in place.

You will also incorporate your security requirements into the security architecture, such as any legislation or laws that you're required to follow, directives, policies, standards, and regulations. It is important to follow secure design principles when designing systems or software. Planning for security from the very beginning is the best way to accomplish this goal.

It is not acceptable to design a system and then try to implement security once the system is already up and running. It is much more cost effective to fix flaws in the beginning of the cycle rather than trying to fix it later once the system is up and running.

This will improve your quality, productivity, and customer satisfaction. And reuse is an efficient part of your design and architecture is about reusing existing technology. You should use a framework of best practices, which is just a well-defined approach to how you will achieve the goals of your architecture based on your policies and also meeting the requirements and expectations of various stakeholders.

A blueprint will help you to develop your policies and procedures and this is the definition for the integration and development of your technology infrastructure into your existing organizational business processes. There are several different standards that you can use to work from. This includes security and audit frameworks and methodologies, and models such as the COBIT model, SABSA model, ITIL model, as well as the International Organization for Standardization, standards 27001 and 27002.

This concludes our secure system design principles module. Thank you for watching.