|
The Official (ISC) 2 Guide to the CISSP-ISSEP CBK
The Official (ISC)2 Guide to the CISSP -ISSEP CBK provides an inclusive analysis of all of the topics covered on the newly created CISSP-ISSEP Common Body of Knowledge. The first fully comprehensive guide to the CISSP-ISSEP CBK, this book promotes understanding of the four ISSEP domains: Information Systems Security Engineering (ISSE); Certification
and Accreditation; Technical Management; and an Introduction to United States Government Information Assurance Regulations. This volume explains ISSE by comparing it to a traditional Systems Engineering model, enabling you to see the correlation of how security fits into the design and development process for information systems. It also details key points of more than 50 U.S. government policies and procedures that need to be understood in order to understand the CBK and protect U.S. government information. About the Author-Susan Hansche, CISSP-ISSEP is the training director for information assurance at Nortel PEC Solutions in Fairfax, Virginia. She has more than 15 years of experience in the field and since 1998 has served as the contractor program manager of the information assurance training program for the U.S.Department of State.
Contents:
ISSE DOMAIN 1: INFORMATION SYSTEMS SECURITY ENGINEERING (ISSE)ISSE IntroductionIntroductionSE and ISSE OverviewThe ISSE ModelLife Cycle and ISSERisk ManagementDefense in DepthSummaryReferencesISSE Model Phase 1: Discover Information ProtectionNeedsIntroductionSystems Engineering Activity: Discover NeedsISSE Activity: Discover Information Protection NeedsIdentifying Security Services and Developingthe Information Protection PolicyCreating the Information Protection Policy (IPP)Creating the IPP DocumentThe Information Management Plan (IMP)Final Deliverable of Phase 1SummaryReferencesISSE Model Phase 2: Define System Security RequirementsIntroductionSystem Engineering Activity: DefiningSystem RequirementsISSE Activity: Defining System Security RequirementsFinal Deliverable of Phase 2SummaryReferencesISSE Model Phase 3: Define SystemSecurity ArchitectureIntroductionDefining System and Security ArchitectureSystem Engineering Activity: Designing System ArchitectureISSE Activity: Define the Security ArchitectureFinal Deliverable of Phase 3SummaryReferencesISSE Model Phase 4: Develop Detailed Security DesignIntroductionSystems Engineering Activity: System DesignISSE Activity: System Security DesignISSE Design and Risk ManagementFinal Deliverables of Phase 4SummaryReferencesWeb SitesSoftware Design and Development BibliographyISSE Model Phase 5: Implement System SecurityIntroductionSystem Engineering Activity: System ImplementationISSE and System Security ImplementationISSE and Risk ManagementFinal Deliverable of Phase 5SummaryReferencesWeb SitesISSE Model Phase 6: Assess Security EffectivenessIntroductionSystem Engineering Activity: System AssessmentISSE and System Security AssessmentISSE and Risk ManagementFinal Deliverable of Phase 6SummaryReferencesWeb SitesISSE DOMAIN 2: CERTIFICATION AND ACCREDITATIONDITSCAP and NIACAPIntroductionDITSCAP and NIACAP OverviewDITSCAP/NIACAP DefinitionPhase 1: DefinitionPhase 2: VerificationPhase 3: ValidationPhase 4: Post AccreditationSummaryC&A NIST SP 800-37IntroductionThe C&A ProcessPhase 1: InitiationPhase 2: Security CertificationPhase 3: Security AccreditationPhase 4: Continuous MonitoringSummaryDomain 2 ReferencesWeb SitesAcronymsISSE DOMAIN 3: TECHNICAL MANAGEMENTTechnical ManagementIntroductionPlanning the EffortManaging the EffortTechnical Roles and ResponsibilitiesTechnical DocumentationTechnical Management ToolsSummaryReferencesWeb SitesISSEP DOMAIN 4: INTRODUCTION TO UNITEDSTATES GOVERNMENT INFORMATION ASSURANCE REGULATIONSInformation Assurance Organizations, Public Laws, andPublic PoliciesIntroductionSection 1: Federal Agencies and OrganizationsSection 2: Federal Laws, Executive Directives and Orders, and OMBDir
|
