Official (ISC)2® Guide to the CISSP®-ISSEP® CBK®: 1st Edition (Hardback) book cover

Official (ISC)2® Guide to the CISSP®-ISSEP® CBK®

1st Edition

Edited by Susan Hansche

Auerbach Publications

1,024 pages | 143 B/W Illus.

Purchasing Options:$ = USD
Hardback: 9780849323416
pub: 2005-09-29
SAVE ~$21.00
$105.00
$84.00
x


FREE Standard Shipping!

Description

The Official (ISC)2® Guide to the CISSP®-ISSEP® CBK® provides an inclusive analysis of all of the topics covered on the newly created CISSP-ISSEP Common Body of Knowledge. The first fully comprehensive guide to the CISSP-ISSEP CBK, this book promotes understanding of the four ISSEP domains: Information Systems Security Engineering (ISSE); Certification and Accreditation; Technical Management; and an Introduction to United States Government Information Assurance Regulations.

This volume explains ISSE by comparing it to a traditional Systems Engineering model, enabling you to see the correlation of how security fits into the design and development process for information systems. It also details key points of more than 50 U.S. government policies and procedures that need to be understood in order to understand the CBK and protect U.S. government information.

About the Author

Susan Hansche, CISSP-ISSEP is the training director for information assurance at Nortel PEC Solutions in Fairfax, Virginia. She has more than 15 years of experience in the field and since 1998 has served as the contractor program manager of the information assurance training program for the U.S. Department of State.

Reviews

"I just wanted to let you know I found your ISSEP textbook very helpful in preparation for the exam. I took the exam on the 20th of January and found out that I passed yesterday. I also found out from an instructor at ISC2 that the pass rate for this exam is around 30%. So I'd say you've done a pretty good job in writing a book that helps prepare candidates for the test as well as provide them a great resource for understanding much of the process of the Federal Government relating to IA…."

Jim Wiggins, SAIT/IMT

Table of Contents

ISSE DOMAIN 1: INFORMATION SYSTEMS

SECURITY ENGINEERING (ISSE)

ISSE Introduction

Introduction

SE and ISSE Overview

The ISSE Model

Life Cycle and ISSE

Risk Management

Defense in Depth

Summary

References

ISSE Model Phase 1: Discover Information Protection

Needs

Introduction

Systems Engineering Activity: Discover Needs

ISSE Activity: Discover Information Protection Needs

Identifying Security Services and Developing

the Information Protection Policy

Creating the Information Protection Policy (IPP)

Creating the IPP Document

The Information Management Plan (IMP)

Final Deliverable of Phase 1

Summary

References

ISSE Model Phase 2: Define System Security Requirements

Introduction

System Engineering Activity: Defining

System Requirements

ISSE Activity: Defining System Security Requirements

Final Deliverable of Phase 2

Summary

References

ISSE Model Phase 3: Define System

Security Architecture

Introduction

Defining System and Security Architecture

System Engineering Activity: Designing System Architecture

ISSE Activity: Define the Security Architecture

Final Deliverable of Phase 3

Summary

References

ISSE Model Phase 4: Develop Detailed Security Design

Introduction

Systems Engineering Activity: System Design

ISSE Activity: System Security Design

ISSE Design and Risk Management

Final Deliverables of Phase 4

Summary

References

Web Sites

Software Design and Development Bibliography

ISSE Model Phase 5: Implement System Security

Introduction

System Engineering Activity: System Implementation

ISSE and System Security Implementation

ISSE and Risk Management

Final Deliverable of Phase 5

Summary

References

Web Sites

ISSE Model Phase 6: Assess Security Effectiveness

Introduction

System Engineering Activity: System Assessment

ISSE and System Security Assessment

ISSE and Risk Management

Final Deliverable of Phase 6

Summary

References

Web Sites

ISSE DOMAIN 2: CERTIFICATION AND

ACCREDITATION

DITSCAP and NIACAP

Introduction

DITSCAP and NIACAP Overview

DITSCAP/NIACAP Definition

Phase 1: Definition

Phase 2: Verification

Phase 3: Validation

Phase 4: Post Accreditation

Summary

C&A NIST SP 800-37

Introduction

The C&A Process

Phase 1: Initiation

Phase 2: Security Certification

Phase 3: Security Accreditation

Phase 4: Continuous Monitoring

Summary

Domain 2 References

Web Sites

Acronyms

ISSE DOMAIN 3: TECHNICAL MANAGEMENT

Technical Management

Introduction

Planning the Effort

Managing the Effort

Technical Roles and Responsibilities

Technical Documentation

Technical Management Tools

Summary

References

Web Sites

ISSEP DOMAIN 4: INTRODUCTION TO UNITED

STATES GOVERNMENT INFORMATION ASSURANCE REGULATIONS

Information Assurance Organizations, Public Laws, and

Public Policies

Introduction

Section 1: Federal Agencies and Organizations

Section 2: Federal Laws, Executive Directives and Orders, and OMB

Directives

Summary

References

Web Sites

Department of Defense (DoD) Information Assurance

Organizations and Policies

Introduction

Overview of DoD Policies

DoD Information Assurance (IA) Organizations and Departments

DoD Issuances

Summary

References

Web Sites

Committee on National Security Systems

Introduction

Overview of CNSS and NSTISSC

CNSS and NSTISSC Issuances

CNSS Policies

CNSS Directive

CNSS Instructions

CNSS Advisory Memoranda

Summary

References

Web Sites

National Institute of Standards and Technology (NIST)

Publications

Introduction

Federal Information Processing Standards (FIPS)

NIST Special Publications

Summary

References

Web Sites

National Information Assurance Partnership (NIAP) and

Common Criteria (CC)

Introduction

Historical View of IT Security Evaluations

National Information Assurance Partnership (NIAP)

The Common Criteria

CC Scenario

Summary

References

Web Sites

APPENDIX A: LINKING ISSE PHASES TO SE

Phases

APPENDIX B: ENTERPRISE ARCHITECTURE

APPENDIX C: COMBINING NIST SP 800-55 AND

SP 800-26

APPENDIX D: COMMON CRITERIA SECURITY

ASSURANCE REQUIREMENTS

About the Series

(ISC)2 Press

Learn more…

Subject Categories

BISAC Subject Codes/Headings:
COM051230
COMPUTERS / Software Development & Engineering / General
COM053000
COMPUTERS / Security / General