All Comments

Jump to navigation Jump to search
Comment Page Associated Page Comment Title Comment Author Last Editor Created Last Edited
CommentStreams:1a6e788f1147f67cc685f4d21abae68e Download SEBoK PDF download is failing Left at a blank page, when selecting "Download the SEBok". No whirling, indicating it's trying to load, just a blank page. anonymous May 12 at 12:54 pm
CommentStreams:C4c37e93d872bdff9cf900c3e214826d functional architecture Insufficient definition This definition is not enough for me. A functional architecture is not just plain a set of functions. That would be just a loose collection of functions and does not yet make an architecture.

My suggestion: A functional architecture is a technology- and implementation-independent architecture of a system based on functional elements, functional interfaces and architecture decisions. A functional element is an abstract system element that defines a relation between at least one input and at least one output by means of a function. (Adapted from: Weilkiens T., Lamm J., Roth S., Walker M. Model-Based System Architecture. John Wiley & Sons, Inc. 2016.)

anonymous Mar 10 at 12:28 pm
CommentStreams:E02fd24bb7fa266f6c45f9d4c3f80d9b natural system uh ij anonymous Feb 18 at 6:23 pm
CommentStreams:8982cc63c56875ca6b08f14b6c0c5aca System Security Update CISSPs domains from 10 to 8, 2021 new ISC2 CBK Reference 6th Ed. Recommend to lift the Domain names and candidate text description is below.

<nowiki>The CISSP domains: An overview [2021 update - Infosec Resources (</nowiki>]

Domain 1: Security and risk management

The security and risk management domain covers general concepts in information security. Candidates are evaluated on skills related to the implementation of user awareness programs as well as security procedures. Emphasis is also placed on risk management concerning the acquisition of new services, hardware and software (supply chain). CISSP exam will also test candidates’ knowledge of phishing and social engineering defense mechanisms and how they can use gamification to bolster their company’s cybersecurity.

Domain 2: Asset security

This is an important domain as it deals with the issues related to the collection, storage, maintenance, retention and destruction of data. It also validates candidates’ knowledge of different roles regarding data handling (owner, controller and custodian) as well as data protection methods and data states. Other topics tested include resource provision, asset classification and data lifecycle management.

Domain 3: Security architecture and engineering

The security architecture and engineering part covers important security engineering topics using plans, designs and principles. Candidates are tested on assessing and mitigating information system vulnerabilities, fundamental concepts of security models and security architectures in critical areas like access control. Cloud systems, cryptography, system infiltrations (ransomware, fault-injection and more) and virtualized systems are also covered in this domain.

Domain 4: Communication and network security

Communication and network security previously comprised 14% of the exam but now has 13% weight in the latest version of CISSP.

CISSP’s fourth domain tests candidates’ ability to secure communication channels and networks. Exam takers will have to answer questions on secure and converged protocols, wireless networks, cellular networks, hardware operation (warranty and redundant power) and third-party connectivity.  IP networking (IPSec, IPv4 and IPv6) are also included in this domain.

Domain 5: Identity and access management (IAM

This section of the exam covers the attacks that target the human gateway to gain access to data. Plus, candidates are tested on ways to identify users with rights to access the information and servers. Identify and access management covers the topics of applications, Single sign-on authentication, privilege escalation, Kerberos, rule-based or risk-based access control, proofing and establishment of identity.

Domain 6: Security assessment and testing

This domain deals with all the techniques and tools used to find system vulnerabilities, weaknesses and potential areas of concern not addressed by security procedures and policies. Attack simulations and ethical disclosure also fall under this domain. Additionally, candidates are tested on penetration testing and vulnerability assessment. The latest version of the CISSP exam also lists compliance checks as one of the topics tested.

Domain 7: Security operations

Another practical and very broad subset, security operations covers topics ranging from investigations and digital forensic to detection and intrusion prevention tools, sandboxing and firewalls. Topics tested include user and entity behavior analytics, threat intelligence (threat hunting and threat feeds) log management, artifacts (mobile, computer and network) and machine learning and AI-based tools.

Domain 8: Software development security

This domain deals with implementing software-based security protocols within environments for which the IT professional is responsible. Risk analysis, vulnerability identification and auditing of source codes are all covered in this subset. Also, candidates are tested on software-designed security, maturity models, development methodologies, open-source and third-party development security.

anonymous Feb 1 at 10:14 pm
CommentStreams:E49e3c35427b58c966082b41566ea6bf plan dated 15289 has had two updates since 2011. The actually definition has not changed, but you'll want the reference to 2019. anonymous Jan 28 at 3:53 pm
CommentStreams:A323f644a2dc52ee2bc16a0dbf21f47d Systems of Systems (SoS) Broken System of Systems Video Link The second link in the 'Relevant Videos' section leads to video that is listed as "unavailable". anonymous Jan 4 at 4:48 pm
CommentStreams:58f6a0df77bea1526276e90c7badf0a6 Bkcase Wiki:Copyright creative anonymous Jan 1 at 4:09 am
CommentStreams:83451df5e81e0662641caad4b41b300f Bkcase Wiki:Copyright good privacy


anonymous Jan 1 at 4:06 am
CommentStreams:23616f0fd899eceb020c55c3d6d7e982 function Typo in (1) Should be "A system outcome". Outcome is plural, looks like a typo. anonymous Dec 29 at 9:48 pm
CommentStreams:39f8b0875db2ee2976a87701ab901cfd System Safety Is this it safety is a vital attribute - and there is a lot of SE literature showing how to design for it. This article seems extremely brief and perfunctory. Need to describe the impact of safety (eg ARP 4754A looking at the way to manage traceability, and how rigorous that has to be be based on the safety impact of the item in question anonymous Nov 21 at 10:36 pm
CommentStreams:23f81dc02e81c3c7838235a695739112 Product Systems Engineering Key Aspects Difference between needs and requirements near the start of article, it says "an acquirer specifies the needs and requirements" - an acquirer is one of several stakeholders - they totally have needs, but they only become requirements when the systems engineer of the solution has integrated these needs with the needs of other stakeholders, analysed then understood and then completed (stakeholders don't know everything they want) and so produced a valid set of requirements for the system of interest. Failure to distinguish between being a stakeholder defining needs, and the process of defining requirements leads to great confusion and difficulty in the practice of SE. anonymous Nov 20 at 2:28 pm
CommentStreams:7705f344a8314932199fd40fb17c4ed0 Product Systems Engineering Background Complicated systems need SE There is a comment that some products are not "complex" enough to need SE. This is misleading, and retains the wrong idea that "emergence" is only associated with complex situations, and complicated systems do not benefit from SE. The issue is around precedence in complication, and maybe the complexity of the organisation that produces the system - leading to the need to do SE to prevent "sub-optimisation". Many of the systems that have benefited from traditional good SE (rockets, satellites, planes, trains, buildings) are "merely" complicated, but certainly needed SE. anonymous Nov 20 at 2:21 pm
CommentStreams:A6efe37acef92e3ce0627762d189bda0 Logistics logistics not just for Operational support if you are producing a system (ie its hardware) do you not need logistics just as much to get the parts needed for production available (to standard) using logistics? anonymous Nov 19 at 11:31 am
CommentStreams:0dd7f8e12b54c6acbc58821ca8dcda72 System Validation This does not really make the clarity of difference between Verification and Validation I'm afraid the uninitiated reader would look at this and be unable to tell you clearly the significant difference between validation and verification. Try starting with the simplest premise - Verification shows the system meets the stated requirements, validation confirms that those requirements were correct and that what was asked for / delivered is actually valuable. anonymous Nov 19 at 11:05 am
CommentStreams:0d40e3541209e22f42503d7edf6e21e5 System Life Cycle Process Models: Vee Title is misleading - The V is much more a model for how to structure the data produced by the processes I am afraid I do not like to see the V model described as a process model. it perpetuates the myth that SE is a waterfall approach, and for many makes the V model seem wrong.

The V model is much more a way to understand how to structure and mature the information produced by Systems Engineering models. It is also unfortunate that amongst the figures you do not show any of Forsberg's views of multiple horizontal lines showing the different levels (you do have the nice figure showing the broadening) - and therefore missing the iteration between the levels, and the vital fact that each element in each level can (if say engineered by a different organisation) be "considered" as a system. I'd recommend the Assurance V from the 2013 paper - Scheithauer, D. and Forsberg, K., 2013, V-Model Views. INCOSE International Symposium, 23:pp502–516. What you have does not show the frequent and necessary iterations between each process in a level (e.g solution iterating with requirements) and continuously between the levels. The point I fail to see is the impoirtant activity that happens in the middle of the V (so you need to explain why the horizontal lines across the whole model are the key aspect

anonymous Nov 15 at 11:26 pm
CommentStreams:0950f84a247dd93eafbe4f78b6542e30 Life Cycle Models Wheres figure 1 This article refers to Figure 1 - which i cannot see anonymous Nov 15 at 11:11 pm
CommentStreams:97b1a7b96542b45636486880c2605b6d natural system unknown Trying to homework on this thing DON'T it's not good or right. It's like asking your dog to say meow. NOT GOOD IM TRYING TO SAVE YOU!!! anonymous Oct 22 at 10:02 pm
CommentStreams:Aab09350ff6d1d8277edd5f46ed28be9 Configuration Management Add a Primary Reference Consider adding, as a primary reference, SAE EIA-649C Configuration Management Standard anonymous Oct 22 at 3:12 pm
CommentStreams:3cd33e7ba5cef697bfdc2fcb2c681da5 Acronyms Acronyms used in new Knowledge Area in Part 6: Systems Engineering and Geospatial/Geodetic Engineering BIM Building Information Modeling

DFDD DGIWG Feature Data Dictionary

DGWIG Defence Geospatial Information Working Group

DTM Digital Terrain Model

GGE Geospatial/Geodetic Engineering (Knowledge Area in Part 6)

GIS Geographic Information System

GMDSS Global Maritime Distress and Safety System

GNSS Global Navigation Satellite System

HFE Human Factors Engineering

IHO International Hydrographic Organization

LBS Location Based Service

MSL Mean Sea Level

OGC Open Geospatial Consortium

PNT Positioning, Navigation and Timing

RNT Foundation Resilient Navigation and Timing Foundation

UK United Kingdom

US United States

WGS84 World Geodetic System 1984

WMO World Meteorological Organization

Ulenk Ulenk Apr 6 at 9:29 am Apr 13 at 7:43 am
CommentStreams:5c16e10163434f4e9426739bc7a2ddea complex Complex Both of these definitions reflect the subjective view of complexity. It is recommended that an objective definition be added, anonymous Sep 17 at 9:33 pm