safety and security: learn cissp domains for project managers
TRANSCRIPT
Learn CISSP Safety and Security Domains for Project Managers …
Interrelated Information security, computer security and information assurance CIA concepts protection goals.
Chuck Morrison, MBA, PMP, CPIM, WWISA
A working model using mission-driven measures in a team approach enables focus on effective solutions
Course Goals • Understand Confidentiality, Integrity, and Availability (CIA) concepts and
relationships • Overview key principles and objectives of CISSP domains • Apply concepts of safety and security to portfolio, program, and project
management • Project Management consulting and mentoring on methodology, and dealing
with security and risk management • Apply safety and security concepts to assets, SDLC security, Communications
& Networks security • Understand apply concepts related to identity and access management • Understand apply concepts related to security assessment and testing and
security operations • Apply Personally Identifiable Information (PII), Payment Card Industry Data
Security Standard (DSS/PCI) concepts
Target Audience Who should take this course? • Subject Matter Experts (SMEs) • Product Owners and Sponsors • Business Process Managers • Business Process Users • Product, Portfolio, Project, and Program Managers • Business Analysts & Architects • Quality Assurance • System & Software Developers
Course Prerequisites • Some technical experience • Ability to collaborate and listen • Capability to capture and define business and
technical requirements • Interest in business analysis and information
architecture • Ability to collect and organize tasks, activities and
resources into diagrams and graphical models
CISSP Domains Overview for Project Managers …
Section 1 Goal … Interrelated Information security, computer security and information assurance concepts protection goals: Confidentiality, Integrity, and Availability (CIA).
Welcome • … to my Udemy Training course
• Hello, I'm Chuck Morrison
• My specialties are: Business Process Engineering, Software Systems Development, Cross-Functional Program and Change Management.
• My significant skills and accomplishments include ...
• My significant accomplishments also include ...
• Company’s Business Systems Delivery
• Team Support Product & Services for Customers
• Undocumented Processes & Procedure
• Impact on Time or Resources or Security & Safety
• What to Do … Next Steps …
Imagine …
Related Quotes • Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop
questioning. – Albert Einstein
• Continuous improvement is not about the things you do well — that’s work. Continuous improvement is about removing the things that get in the way of your work. The headaches, the things that slow you down, that’s what continuous improvement is all about. ~Bruce Hamilton
• Perfection is not attainable, but if we chase perfection we can catch excellence. -Vince Lombardi
• The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency. ~Bill Gates
• What gets measured, gets managed. ~Peter Drucker
Why Is a Safety and Security Needed?
The CISSP© CBK 4Ed consists of the following 8 domains:
Domain 1 — Security & Risk Management Domain 2 — Asset Security Domain 3 — Security Engineering Domain 4 — Communications & Network Security Domain 5 — Identity & Access Management Domain 6 — Security Assessment & Testing Domain 7 — Security Operations Domain 8 — Security in the Software Development Life Cycle
What’s This Course About? • Information security is the protection of information and
information systems from unauthorized access.
• The concepts are interrelated and share critical information protection goals: Confidentiality, Integrity, and Availability (CIA)
• The key to business and IT security and protection is due diligence
What you get from this course? • Understand Confidentiality, Integrity, and Availability (CIA) concepts and
relationships • Overview key principles and objectives of CISSP domains • Apply concepts of safety and security to portfolio, program, and project
management • Project Management consulting and mentoring on methodology, and dealing
with security and risk management • Apply safety and security concepts to assets, SDLC security, Communications
& Networks security • Understand apply concepts related to identity and access management • Understand apply concepts related to security assessment and testing and
security operations
What are course requirements? • Some technical experience desired. • Ability to collaborate and listen for business wants and
needs • Capability to capture and define business and technical
requirements • Interest in the fields of business analysis and information
architecture • Ability to collect and organize tasks, activities and resources
into diagrams and graphical models
Target Audience Who should take this course? • Subject Matter Experts (SMEs) • Product Owners and Sponsors • Business Process Managers • Business Process Users • Product, Portfolio, Project, and Program Managers • Business Analysts & Architects • Quality Assurance • System & Software Developers
Overview Privacy & Information Protection
Section 2 Goal … • Understand Confidentiality, Integrity, and Availability (CIA) concepts
and relationships
• Overview key principles and objectives of CISSP domains
• Apply concepts of safety and security to portfolio, program, and project management
Overview of Safety and Security • Information Security – Confidentiality,
Integrity, and Availability (CIA) • Confidentiality (Identity, Access, Authorize) • Integrity (Detectability, Consistency) • Availability (when Needed)
• Security & Safety • Safety (Danger, Risk, Threat, Impact) • Security (PCI/DSS) & PII
Safety and CISSP Knowledge Domains Relationships BOK v3 & v4
Safety & CISSP Knowledge Domains Relationships • CISSP® CBK v3 consists of ten domains • CISSP® CBK v4 consists of eight domains
CISSP BOK V3 Domains CISSP BOK V4 Domains
Domain 3 – Security Engineering (Security Architecture and Design, Cryptography, Physical Security– V3.5)
Section 3: Security Risk Management
Goals: • Understand CIA concepts and relationships
• CISSP domains
• Portfolio, Program, and Project Management – safety and security concepts
• Project Management security and risk consulting and mentoring
• Assets, SDLC security, Communications & Networks security
• Identity and Access Management
• Security assessment and testing
• Personally Identifiable Information (PII), Payment Card Industry Data Security Standard (DSS/PCI)
Conclusion … Congratulations!! You’ve made it … You’ve Completed the Course Goals … • Creation and maintenance of standards and methods • Understand Confidentiality, Integrity, and Availability (CIA) concepts and relationships • Overview key principles and objectives of CISSP domains • Apply concepts of safety and security to portfolio, program, and project management • Project Management consulting and mentoring on methodology, and dealing with security
and risk management • Apply safety and security concepts to assets, SDLC security, Communications &
Networks security • Understand apply concepts related to identity and access management • Understand apply concepts related to security assessment and testing and security
operations • Apply Personally Identifiable Information (PII), Payment Card Industry Data Security
Standard (DSS/PCI) concepts
For Further Reading … OO UML developed by “The 3 Amigos” Grady Booch, Ivar Jacobson and James Rumbaugh at Rational Software during 1994–95 with further development led by them through 1996 … Rational Software transferred to IBM … OO UML accepted by OMG & ISO Please see other References (attached) ...