Implementation and Assessment

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

5 hours 58 minutes
Video Transcription
welcome back to CyberRays is. Of course, I'm your instructor. Bread roads. Let's jump into the third phase of the system development life cycle. That's implementation and assessment.
Here's our objectives. We're gonna look at security activities just like we've done in the past. We're gonna talk about linkages, and then we're gonna define what implementation and assessment really is.
So security activities here, we're going to start from the bottom. You got to complete all of the accreditation activities. And so that's the documentation that gets us from We're building a new system to interim authority to operate to hopefully eventually authority to operate and go into the operations and maintenance phase, which is next.
The next thing we have to do is we just synchronize the testing
right. That's super important here. This is where we test a lot of our security controls, Azan isi, and one of the things you get to do is lots of documentation as an ISI. And so you're gonna actually right up and provide the evidence as to whether these security controls meet the male or not.
And then, of course, it's the integration right. We have to put the system or the controls or the capability or the elements or whatever it is as we're trying to get to that system of interest, you gotta put them into their operating environment and see if it actually works. It doesn't make any sense to try to launch, say, a space rated component
on a satellite if you've never actually tested it in a vacuum
environment before. So that's what we do that in this integration piece.
So here are the linkages. So we've made the decision to go into our implementation and assessment, right? We do a lot of detailed planning to gather the information toe, authorize the informant information system to actually function or work right. One of the things you see a lot in this phase is poems have had personal experience working with a custom built system
that the US government used.
Great system did great work, but here's some things we were using some older technologies because that's what worked right. It wasn't that we wanted toe use those technologies specifically. It's just that's what we have, right? That's what the member of the cost schedule scope? Well, guess what? We had some cost issues, so we had to do reuse. They had a bunch of things that we had to do, right?
because of using older technology, we had a bunch of poems. And those poems were things that we had to show how that we mitigated before we got an interim authority to operate. Well, guess what? Sometimes you create a poem and you do nothing with it. Why? Because there is no mitigation that's gonna help it. And
the person that's going to authorize the system, that authorizing authority,
they're going to decide whether they're going to accept that poem. That risk or not. Right? So again, we talked about documentation on the previous light in phase three, where we do this implementations. Last assessment. We do a lot of documentation as it sees.
So what is implementation Assessment?
It's the deployment integration of our system. So I like the parachute analogy or you jump out of a plane, you're hurtling towards the earth and you deploy the parachute. Well, guess what? You imagine that That that parachute is your security system and you're gonna deploy it into the environment? Well, boop, it comes open and there it is. It's right there. Hopefully, your rigor
packed it correctly and you don't go crashing down,
right implications there, Right? And then the second piece is integration. Obviously, when we talk about security controls, individual security controls, right that are being applied to, say, a larger system and the systems engineering construct right, that integration piece is very important. We're gonna talk specifically about assessment in detail in a minute.
But I want you to remember that when we talk about implementation assessment, it's deploying the system and then in many cases, integrating that system
to see whether it works in the environment or not.
So in this video we talked about security activities in the implementation and assessment phase. We talked about those linkages. You got to know those linkages for the use of content. I'm telling you, it's super important to know those charts.
Um and then, of course, you have implementation. Assessment is really that deployment and integration off capabilities from a security perspective.
We'll see you next time
Up Next
Information Systems Security Engineering Professional (ISSEP)

This ISSEP course provides students with the foundational knowledge of the concentration area of the CISSP certification that includes a focus on the processes used to develop secure systems. Students will learn key concepts and skills of the five ISSEP domains.

Instructed By