welcome back to Sai Berries is. Of course, I'm your instructor, Brad Roads. So let's jump into the first part of the ISI process, and that is discovered information protection needs.
So in this lesson, it's gonna follow a general format for all of the different areas that we're gonna explore here in the S E process. We're gonna talk about tasks. We're gonna talk about source documents. If that's part of what we're doing, that we're gonna have some outputs we're gonna review.
So before we get started here, ISI tasks come from the eye out of the information assurance Technical framework 3.1 little old, written in 2002 by the National Security Agency.
But it is still the best thing going out there when in terms in terms of what an ISI is supposed to do. Um, as we noted previously, when we started the s, of course. Ah, lot of the of course. And a lot of what the concentration is focused on is government organizations, in particular,
Department of Defense and the U. S. Government. So
keep that in mind that frame there, and that's why we're talking about this year. But this is from a flow perspective. These are things that you should know.
So the first thing we do in ISI tasks here for discover information protection needs. So you gotta understand the mission, the mission or business. That's pretty straight for if you don't start with understanding where you're working out on what you're doing right, you're you're not gonna be able to do the next step, which is help the customer determine what they need toe do from an information management perspective.
If you design something or you have a conversation with a mission or business owner
and you're not able to support their stuff, they're going to stop listening to you. So you got to know that, um, you need to work with customer customer concurrence when you develop that information management model, right? Don't do it in a vacuum, right? Involve them. Do the white board sessions with him? That's incredibly important. And then, of course, you're gonna want to document those results.
So source documentations when we're discovering information protection needs include operational doctrine. So again, that ties back to the construct of the this being a d. O. D type thing. We have books in the d o D that is written down for doctrine that says, Hey, this is how we do this kind of mission in this kind of mission in this kind of mission. Super helpful.
Um, if it's a standard business, they're probably gonna have a mission, needs statement or business needs statement.
The next thing could be a con ops. If an organization that you're working for has a concept of operation that is a great place toe, understand what their needs are. And then, of course, many organizations today have online documentation that provide a wealth of information when you're getting started in discovering information protection needs.
So what are the outputs here? Well, the outputs here, the primary output of this of what s he does here is the information protection policy. Those things come from the protection need solicitation, solicitation. Is that conversation with the customer looking at harm to information metrics. So, based on the classification, not top secret secret,
you know, unclassified. But
you know, is it? You know, privacy information is a proprietary information. Whatever it is, right that harmful to information metrics, right? What's the worst thing that could happen? You're gonna need that as an input to the information protection policy and then potentially harmful events. And those could be things in virtual space or those could be things in the physical space. You need to know
those potentially harmful events those threats and vulnerabilities we talked about
in a previous lesson.
So when we discover information protection needs, right, what does the SC do right? They're going through and understanding the mission needs and business needs of the organization. And they're looking to capture as much potential information about the threats and everything like that to get it into the information protection policy or the I p. P.
So if you remember anything from this
out of discover information protection needs, the ISI is going to create an I p. P.
So in this lesson, we looked at ISI tasks related to discovering information protection needs. We talked about source documents that are incredibly valuable to use. We took talked about the output of this particular process area, and that is the information protection policy.
We'll see you next time