Learn CISSP Safety and Security Domains for Project Managers …

Interrelated Information security, computer security and information assurance CIA concepts protection goals.

Chuck Morrison, MBA, PMP, CPIM, WWISA

A working model using mission-driven measures in a team approach enables focus on effective solutions

Course Goals •  Understand Confidentiality, Integrity, and Availability (CIA) concepts and

relationships •  Overview key principles and objectives of CISSP domains •  Apply concepts of safety and security to portfolio, program, and project

management •  Project Management consulting and mentoring on methodology, and dealing

with security and risk management •  Apply safety and security concepts to assets, SDLC security, Communications

& Networks security •  Understand apply concepts related to identity and access management •  Understand apply concepts related to security assessment and testing and

security operations •  Apply Personally Identifiable Information (PII), Payment Card Industry Data

Security Standard (DSS/PCI) concepts

Target Audience Who should take this course? •  Subject Matter Experts (SMEs) •  Product Owners and Sponsors •  Business Process Managers •  Business Process Users •  Product, Portfolio, Project, and Program Managers •  Business Analysts & Architects •  Quality Assurance •  System & Software Developers

Course Prerequisites •  Some technical experience •  Ability to collaborate and listen •  Capability to capture and define business and

technical requirements •  Interest in business analysis and information

architecture •  Ability to collect and organize tasks, activities and

resources into diagrams and graphical models

CISSP Domains Overview for Project Managers …

Section 1 Goal … Interrelated Information security, computer security and information assurance concepts protection goals: Confidentiality, Integrity, and Availability (CIA).

Welcome •  … to my Udemy Training course

•  Hello, I'm Chuck Morrison

•  My specialties are: Business Process Engineering, Software Systems Development, Cross-Functional Program and Change Management.

•  My significant skills and accomplishments include ...

•  My significant accomplishments also include ...

What Are Safety & Security •  CIA

•  Confidentiality

•  Integrity

•  Availability

What Are Safety & Security

•  Company’s Business Systems Delivery

•  Team Support Product & Services for Customers

•  Undocumented Processes & Procedure

•  Impact on Time or Resources or Security & Safety

•  What to Do … Next Steps …

Imagine …

Related Quotes •  Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop

questioning. – Albert Einstein

•  Continuous improvement is not about the things you do well — that’s work. Continuous improvement is about removing the things that get in the way of your work. The headaches, the things that slow you down, that’s what continuous improvement is all about. ~Bruce Hamilton

•  Perfection is not attainable, but if we chase perfection we can catch excellence. -Vince Lombardi

•  The first rule of any technology used in a business is that automation applied to an efficient operation will magnify the efficiency. The second is that automation applied to an inefficient operation will magnify the inefficiency. ~Bill Gates

•  What gets measured, gets managed. ~Peter Drucker

Why Is a Safety and Security Needed?

The CISSP© CBK 4Ed consists of the following 8 domains:

Domain 1 — Security & Risk Management Domain 2 — Asset Security Domain 3 — Security Engineering Domain 4 — Communications & Network Security Domain 5 — Identity & Access Management Domain 6 — Security Assessment & Testing Domain 7 — Security Operations Domain 8 — Security in the Software Development Life Cycle

What’s This Course About? •  Information security is the protection of information and

information systems from unauthorized access.

•  The concepts are interrelated and share critical information protection goals: Confidentiality, Integrity, and Availability (CIA)

•  The key to business and IT security and protection is due diligence

What you get from this course? •  Understand Confidentiality, Integrity, and Availability (CIA) concepts and

relationships •  Overview key principles and objectives of CISSP domains •  Apply concepts of safety and security to portfolio, program, and project

management •  Project Management consulting and mentoring on methodology, and dealing

with security and risk management •  Apply safety and security concepts to assets, SDLC security, Communications

& Networks security •  Understand apply concepts related to identity and access management •  Understand apply concepts related to security assessment and testing and

security operations

What are course requirements? •  Some technical experience desired. •  Ability to collaborate and listen for business wants and

needs •  Capability to capture and define business and technical

requirements •  Interest in the fields of business analysis and information

architecture •  Ability to collect and organize tasks, activities and resources

into diagrams and graphical models

Target Audience Who should take this course? •  Subject Matter Experts (SMEs) •  Product Owners and Sponsors •  Business Process Managers •  Business Process Users •  Product, Portfolio, Project, and Program Managers •  Business Analysts & Architects •  Quality Assurance •  System & Software Developers

Overview Privacy & Information Protection

Section 2 Goal … •  Understand Confidentiality, Integrity, and Availability (CIA) concepts

and relationships

•  Overview key principles and objectives of CISSP domains

•  Apply concepts of safety and security to portfolio, program, and project management

Overview of Safety and Security •  Information Security – Confidentiality,

Integrity, and Availability (CIA) •  Confidentiality (Identity, Access, Authorize) •  Integrity (Detectability, Consistency) •  Availability (when Needed)

•  Security & Safety •  Safety (Danger, Risk, Threat, Impact) •  Security (PCI/DSS) & PII

Safety and CISSP Knowledge Domains Relationships BOK v3 & v4

Safety & CISSP Knowledge Domains Relationships •  CISSP® CBK v3 consists of ten domains •  CISSP® CBK v4 consists of eight domains

CISSP BOK V3 Domains CISSP BOK V4 Domains

Domain 1 – Security & Risk Management (Information Security Governance & Risk Management – V3.3)

Domain 2 – Asset Security (Business Continuity and Disaster Recovery – V3.8)

Domain 3 – Security Engineering (Security Architecture and Design, Cryptography, Physical Security– V3.5)

Domain 4 – Communications & Network Security

(Business Continuity and Disaster Recovery – V3.2)

Domain 5 – Identity & Access Management (Identity & Access Controls Types – V3.1)

Domain 6 – Security Assessment & Testing (Security Architecture and Design – V3.6)

Domain 7 – Operations Security (Security Operations – V3.7)

Domain 8 – Security in the SDLC (Software Development Security – V3.7)

Domain 0 – Public and Private Safety

Section 3: Security Risk Management

Goals: •  Understand CIA concepts and relationships

•  CISSP domains

•  Portfolio, Program, and Project Management – safety and security concepts

•  Project Management security and risk consulting and mentoring

•  Assets, SDLC security, Communications & Networks security

•  Identity and Access Management

•  Security assessment and testing

•  Personally Identifiable Information (PII), Payment Card Industry Data Security Standard (DSS/PCI)

Security Risk Management

Security Management …

Security Risk Management Methodology …

CISSP Process Groups Knowledge Areas …

Conclusion …

Section 4 – CISSP Domains Overview for Project Managers – Conclusion

Conclusion … Congratulations!! You’ve made it … You’ve Completed the Course Goals … •  Creation and maintenance of standards and methods •  Understand Confidentiality, Integrity, and Availability (CIA) concepts and relationships •  Overview key principles and objectives of CISSP domains •  Apply concepts of safety and security to portfolio, program, and project management •  Project Management consulting and mentoring on methodology, and dealing with security

and risk management •  Apply safety and security concepts to assets, SDLC security, Communications &

Networks security •  Understand apply concepts related to identity and access management •  Understand apply concepts related to security assessment and testing and security

operations •  Apply Personally Identifiable Information (PII), Payment Card Industry Data Security

Standard (DSS/PCI) concepts

Glossary For definitions of terms used in this course, please see

downloadable Glossary below …

For Further Reading … OO UML developed by “The 3 Amigos” Grady Booch, Ivar Jacobson and James Rumbaugh at Rational Software during 1994–95 with further development led by them through 1996 … Rational Software transferred to IBM … OO UML accepted by OMG & ISO Please see other References (attached) ...