1st Edition

Official (ISC)2® Guide to the CISSP®-ISSEP® CBK®




ISBN 9780849323416
Published September 29, 2005 by Auerbach Publications
1024 Pages 143 B/W Illustrations

USD $110.00

Prices & shipping based on shipping country


Preview

Book Description

The Official (ISC)2® Guide to the CISSP®-ISSEP® CBK® provides an inclusive analysis of all of the topics covered on the newly created CISSP-ISSEP Common Body of Knowledge. The first fully comprehensive guide to the CISSP-ISSEP CBK, this book promotes understanding of the four ISSEP domains: Information Systems Security Engineering (ISSE); Certification and Accreditation; Technical Management; and an Introduction to United States Government Information Assurance Regulations.

This volume explains ISSE by comparing it to a traditional Systems Engineering model, enabling you to see the correlation of how security fits into the design and development process for information systems. It also details key points of more than 50 U.S. government policies and procedures that need to be understood in order to understand the CBK and protect U.S. government information.

About the Author
Susan Hansche, CISSP-ISSEP is the training director for information assurance at Nortel PEC Solutions in Fairfax, Virginia. She has more than 15 years of experience in the field and since 1998 has served as the contractor program manager of the information assurance training program for the U.S. Department of State.

Table of Contents

ISSE DOMAIN 1: INFORMATION SYSTEMS
SECURITY ENGINEERING (ISSE)
ISSE Introduction
Introduction
SE and ISSE Overview
The ISSE Model
Life Cycle and ISSE
Risk Management
Defense in Depth
Summary
References

ISSE Model Phase 1: Discover Information Protection
Needs
Introduction
Systems Engineering Activity: Discover Needs
ISSE Activity: Discover Information Protection Needs
Identifying Security Services and Developing
the Information Protection Policy
Creating the Information Protection Policy (IPP)
Creating the IPP Document
The Information Management Plan (IMP)
Final Deliverable of Phase 1
Summary
References

ISSE Model Phase 2: Define System Security Requirements
Introduction
System Engineering Activity: Defining
System Requirements
ISSE Activity: Defining System Security Requirements
Final Deliverable of Phase 2
Summary
References

ISSE Model Phase 3: Define System
Security Architecture
Introduction
Defining System and Security Architecture
System Engineering Activity: Designing System Architecture
ISSE Activity: Define the Security Architecture
Final Deliverable of Phase 3
Summary
References

ISSE Model Phase 4: Develop Detailed Security Design
Introduction
Systems Engineering Activity: System Design
ISSE Activity: System Security Design
ISSE Design and Risk Management
Final Deliverables of Phase 4
Summary
References
Web Sites
Software Design and Development Bibliography

ISSE Model Phase 5: Implement System Security
Introduction
System Engineering Activity: System Implementation
ISSE and System Security Implementation
ISSE and Risk Management
Final Deliverable of Phase 5
Summary
References
Web Sites

ISSE Model Phase 6: Assess Security Effectiveness
Introduction
System Engineering Activity: System Assessment
ISSE and System Security Assessment
ISSE and Risk Management
Final Deliverable of Phase 6
Summary
References
Web Sites

ISSE DOMAIN 2: CERTIFICATION AND
ACCREDITATION
DITSCAP and NIACAP
Introduction
DITSCAP and NIACAP Overview
DITSCAP/NIACAP Definition
Phase 1: Definition
Phase 2: Verification
Phase 3: Validation
Phase 4: Post Accreditation
Summary

C&A NIST SP 800-37
Introduction
The C&A Process
Phase 1: Initiation
Phase 2: Security Certification
Phase 3: Security Accreditation
Phase 4: Continuous Monitoring
Summary
Domain 2 References
Web Sites
Acronyms

ISSE DOMAIN 3: TECHNICAL MANAGEMENT
Technical Management
Introduction
Planning the Effort
Managing the Effort
Technical Roles and Responsibilities
Technical Documentation
Technical Management Tools
Summary
References
Web Sites

ISSEP DOMAIN 4: INTRODUCTION TO UNITED
STATES GOVERNMENT INFORMATION ASSURANCE REGULATIONS
Information Assurance Organizations, Public Laws, and
Public Policies
Introduction
Section 1: Federal Agencies and Organizations
Section 2: Federal Laws, Executive Directives and Orders, and OMB
Directives
Summary
References
Web Sites

Department of Defense (DoD) Information Assurance
Organizations and Policies
Introduction
Overview of DoD Policies
DoD Information Assurance (IA) Organizations and Departments
DoD Issuances
Summary
References
Web Sites

Committee on National Security Systems
Introduction
Overview of CNSS and NSTISSC
CNSS and NSTISSC Issuances
CNSS Policies
CNSS Directive
CNSS Instructions
CNSS Advisory Memoranda
Summary
References
Web Sites

National Institute of Standards and Technology (NIST)
Publications
Introduction
Federal Information Processing Standards (FIPS)
NIST Special Publications
Summary
References
Web Sites

National Information Assurance Partnership (NIAP) and
Common Criteria (CC)
Introduction

Historical View of IT Security Evaluations
National Information Assurance Partnership (NIAP)
The Common Criteria
CC Scenario
Summary
References
Web Sites

APPENDIX A: LINKING ISSE PHASES TO SE
Phases

APPENDIX B: ENTERPRISE ARCHITECTURE

APPENDIX C: COMBINING NIST SP 800-55 AND
SP 800-26

APPENDIX D: COMMON CRITERIA SECURITY
ASSURANCE REQUIREMENTS

...
View More

Reviews

"I just wanted to let you know I found your ISSEP textbook very helpful in preparation for the exam. I took the exam on the 20th of January and found out that I passed yesterday. I also found out from an instructor at ISC2 that the pass rate for this exam is around 30%. So I'd say you've done a pretty good job in writing a book that helps prepare candidates for the test as well as provide them a great resource for understanding much of the process of the Federal Government relating to IA…."
Jim Wiggins, SAIT/IMT