Pass your certification exam. Faster. Guaranteed.

Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.


Comprehensive practice exam engine!

  • Unlimited access to thousands of practice questions
  • Exam readiness score
  • Smart reinforcement


All features in the FREE plan, plus:

  • Focused training ensures 100% exam readiness
  • Personalized learning plan
  • Align exam engine to your current baseline knowledge
  • Eliminate wasted study time
  • Exam pass guarantee
  • And much more

Secure Design Principles Transcription

Welcome to our secure system design principles module. Systems engineering applies through the entire process of development from the concept until the final disposal. Here we have a life cycle that can help to depict this process. We start with a concept of operations and then move on to our requirements and architecture phase.

We would then come up with a detailed design for our system. And then we would implement the system, install it, and get it up and running. Once it has been installed we would integrate, test, and verify that the system is working properly. And then do a system verification and validation before placing the system in service.

Once the operation of the system begins we would then have to maintain the system and make sure that it is working properly. We would accomplish this through verification and validation and since it is a life cycle this cycle would repeat itself. As we need to add new items to the system or replace the system, we would move back to the concept of operations and then flow through the cycle again.

It is very important that we use this system's life cycle to make sure that we can manage our risk and assures the safety, security, and dependability of our system. NIST, or the National Institute of Standards and Technology provides a system development life cycle, or SDLC. This lifecycle is designed to help you with what is called cradle to grave planning, meaning from the very beginning of the system until the very end of the system.

This lifecycle begins at the initiation phase where someone tells you that they need a system or makes a request for a system and you determine the high-level requirements for that system. We then move on to the acquisition and development phase. And here we either purchase the system, or develop and design the system.

And this phase also includes other cycles, such as the system development cycle of the acquisition cycle. Once we have designed or purchased the system, we can move on to the implementation and assessment phase. Here we would install the system and conduct system testing to make sure that it is working properly.

We then move on to the operations and maintenance phase where we have the system working properly for the work we needed it to do. We will maintain the system by installing necessary updates, or making modifications, and continue to make sure that the system is functioning properly and serving the needs of our organization.

We will then move to the sunset phase, also known as the disposal phase. This is where we have decided we no longer need the system, or we've replaced it with something new, and we make sure that we dispose of the system properly, keeping in mind that the system could have sensitive data on it, and we need to make sure that we properly dispose of the system. We would then begin the life cycle again when the need for a new system arises. Security architecture is the practice of applying rigorous and comprehensive methods for describing your current structure or future structure and the behavior of your security processes, information security systems, your personnel, and your organizational sub-units to make sure that they all align with your organization's core goals and strategic direction.

This is basically a very detailed road map which will help you from the start to the finish. You'll take a look at your information security requirements, such as the resilience of your information security, the consistency of your risk management, and also making sure that you have cost-effective controls in place.

You will also incorporate your security requirements into the security architecture, such as any legislation or laws that you're required to follow, directives, policies, standards, and regulations. It is important to follow secure design principles when designing systems or software. Planning for security from the very beginning is the best way to accomplish this goal.

It is not acceptable to design a system and then try to implement security once the system is already up and running. It is much more cost effective to fix flaws in the beginning of the cycle rather than trying to fix it later once the system is up and running.

This will improve your quality, productivity, and customer satisfaction. And reuse is an efficient part of your design and architecture is about reusing existing technology. You should use a framework of best practices, which is just a well-defined approach to how you will achieve the goals of your architecture based on your policies and also meeting the requirements and expectations of various stakeholders.

A blueprint will help you to develop your policies and procedures and this is the definition for the integration and development of your technology infrastructure into your existing organizational business processes. There are several different standards that you can use to work from. This includes security and audit frameworks and methodologies, and models such as the COBIT model, SABSA model, ITIL model, as well as the International Organization for Standardization, standards 27001 and 27002.

This concludes our secure system design principles module. Thank you for watching.

Included in all plans.

1000's of practice test questions

Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.

Exam Readiness Score

Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.

Smart Reinforcement

Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.

THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!

PRO Membership Benefits.

Personalized Learning Plan

Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.

Exam Pass Guarantee

Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.

Eliminate Wasted Study Time

Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.

Coming Soon - Simulated Exam

More PRO benefits are being built all the time!