The Official (ISC)2 (R) Guide to the CISSP (R)-ISSEP (R) CBK (R) provides an inclusive analysis of all of the topics covered on the newly created CISSP-ISSEP Common Body of Knowledge. The first fully comprehensive guide to the CISSP-ISSEP CBK, this book promotes understanding of the four ISSEP domains: Information Systems Security Engineering (ISSE); Certification and Accreditation; Technical Management; and an Introduction to United States Government Information Assurance Regulations.
This volume explains ISSE by comparing it to a traditional Systems Engineering model, enabling you to see the correlation of how security fits into the design and development process for information systems. It also details key points of more than 50 U.S. government policies and procedures that need to be understood in order to understand the CBK and protect U.S. government information.
About the Author
Susan Hansche, CISSP-ISSEP is the training director for information assurance at Nortel PEC Solutions in Fairfax, Virginia. She has more than 15 years of experience in the field and since 1998 has served as the contractor program manager of the information assurance training program for the U.S. Department of State.
ISSE DOMAIN 1: INFORMATION SYSTEMS SECURITY ENGINEERING (ISSE) ISSE Introduction Introduction SE and ISSE Overview The ISSE Model Life Cycle and ISSE Risk Management Defense in Depth Summary References ISSE Model Phase 1: Discover Information Protection Needs Introduction Systems Engineering Activity: Discover Needs ISSE Activity: Discover Information Protection Needs Identifying Security Services and Developing the Information Protection Policy Creating the Information Protection Policy (IPP) Creating the IPP Document The Information Management Plan (IMP) Final Deliverable of Phase 1 Summary References ISSE Model Phase 2: Define System Security Requirements Introduction System Engineering Activity: Defining System Requirements ISSE Activity: Defining System Security Requirements Final Deliverable of Phase 2 Summary References ISSE Model Phase 3: Define System Security Architecture Introduction Defining System and Security Architecture System Engineering Activity: Designing System Architecture ISSE Activity: Define the Security Architecture Final Deliverable of Phase 3 Summary References ISSE Model Phase 4: Develop Detailed Security Design Introduction Systems Engineering Activity: System Design ISSE Activity: System Security Design ISSE Design and Risk Management Final Deliverables of Phase 4 Summary References Web Sites Software Design and Development Bibliography ISSE Model Phase 5: Implement System Security Introduction System Engineering Activity: System Implementation ISSE and System Security Implementation ISSE and Risk Management Final Deliverable of Phase 5 Summary References Web Sites ISSE Model Phase 6: Assess Security Effectiveness Introduction System Engineering Activity: System Assessment ISSE and System Security Assessment ISSE and Risk Management Final Deliverable of Phase 6 Summary References Web Sites ISSE DOMAIN 2: CERTIFICATION AND ACCREDITATION DITSCAP and NIACAP Introduction DITSCAP and NIACAP Overview DITSCAP/NIACAP Definition Phase 1: Definition Phase 2: Verification Phase 3: Validation Phase 4: Post Accreditation Summary C&A NIST SP 800-37 Introduction The C&A Process Phase 1: Initiation Phase 2: Security Certification Phase 3: Security Accreditation Phase 4: Continuous Monitoring Summary Domain 2 References Web Sites Acronyms ISSE DOMAIN 3: TECHNICAL MANAGEMENT Technical Management Introduction Planning the Effort Managing the Effort Technical Roles and Responsibilities Technical Documentation Technical Management Tools Summary References Web Sites ISSEP DOMAIN 4: INTRODUCTION TO UNITED STATES GOVERNMENT INFORMATION ASSURANCE REGULATIONS Information Assurance Organizations, Public Laws, and Public Policies Introduction Section 1: Federal Agencies and Organizations Section 2: Federal Laws, Executive Directives and Orders, and OMB Directives Summary References Web Sites Department of Defense (DoD) Information Assurance Organizations and Policies Introduction Overview of DoD Policies DoD Information Assurance (IA) Organizations and Departments DoD Issuances Summary References Web Sites Committee on National Security Systems Introduction Overview of CNSS and NSTISSC CNSS and NSTISSC Issuances CNSS Policies CNSS Directive CNSS Instructions CNSS Advisory Memoranda Summary References Web Sites National Institute of Standards and Technology (NIST) Publications Introduction Federal Information Processing Standards (FIPS) NIST Special Publications Summary References Web Sites National Information Assurance Partnership (NIAP) and Common Criteria (CC) Introduction Historical View of IT Security Evaluations National Information Assurance Partnership (NIAP) The Common Criteria CC Scenario Summary References Web Sites APPENDIX A: LINKING ISSE PHASES TO SE Phases APPENDIX B: ENTERPRISE ARCHITECTURE APPENDIX C: COMBINING NIST SP 800-55 AND SP 800-26 APPENDIX D: COMMON CRITERIA SECURITY ASSURANCE REQUIREMENTS