1st Edition

Official (ISC)2® Guide to the CISSP®-ISSEP® CBK®

Edited By Susan Hansche Copyright 2005
    1024 Pages 143 B/W Illustrations
    by Auerbach Publications

    The Official (ISC)2® Guide to the CISSP®-ISSEP® CBK® provides an inclusive analysis of all of the topics covered on the newly created CISSP-ISSEP Common Body of Knowledge. The first fully comprehensive guide to the CISSP-ISSEP CBK, this book promotes understanding of the four ISSEP domains: Information Systems Security Engineering (ISSE); Certification and Accreditation; Technical Management; and an Introduction to United States Government Information Assurance Regulations.

    This volume explains ISSE by comparing it to a traditional Systems Engineering model, enabling you to see the correlation of how security fits into the design and development process for information systems. It also details key points of more than 50 U.S. government policies and procedures that need to be understood in order to understand the CBK and protect U.S. government information.

    About the Author
    Susan Hansche, CISSP-ISSEP is the training director for information assurance at Nortel PEC Solutions in Fairfax, Virginia. She has more than 15 years of experience in the field and since 1998 has served as the contractor program manager of the information assurance training program for the U.S. Department of State.

    ISSE DOMAIN 1: INFORMATION SYSTEMS
    SECURITY ENGINEERING (ISSE)
    ISSE Introduction
    Introduction
    SE and ISSE Overview
    The ISSE Model
    Life Cycle and ISSE
    Risk Management
    Defense in Depth
    Summary
    References

    ISSE Model Phase 1: Discover Information Protection
    Needs
    Introduction
    Systems Engineering Activity: Discover Needs
    ISSE Activity: Discover Information Protection Needs
    Identifying Security Services and Developing
    the Information Protection Policy
    Creating the Information Protection Policy (IPP)
    Creating the IPP Document
    The Information Management Plan (IMP)
    Final Deliverable of Phase 1
    Summary
    References

    ISSE Model Phase 2: Define System Security Requirements
    Introduction
    System Engineering Activity: Defining
    System Requirements
    ISSE Activity: Defining System Security Requirements
    Final Deliverable of Phase 2
    Summary
    References

    ISSE Model Phase 3: Define System
    Security Architecture
    Introduction
    Defining System and Security Architecture
    System Engineering Activity: Designing System Architecture
    ISSE Activity: Define the Security Architecture
    Final Deliverable of Phase 3
    Summary
    References

    ISSE Model Phase 4: Develop Detailed Security Design
    Introduction
    Systems Engineering Activity: System Design
    ISSE Activity: System Security Design
    ISSE Design and Risk Management
    Final Deliverables of Phase 4
    Summary
    References
    Web Sites
    Software Design and Development Bibliography

    ISSE Model Phase 5: Implement System Security
    Introduction
    System Engineering Activity: System Implementation
    ISSE and System Security Implementation
    ISSE and Risk Management
    Final Deliverable of Phase 5
    Summary
    References
    Web Sites

    ISSE Model Phase 6: Assess Security Effectiveness
    Introduction
    System Engineering Activity: System Assessment
    ISSE and System Security Assessment
    ISSE and Risk Management
    Final Deliverable of Phase 6
    Summary
    References
    Web Sites

    ISSE DOMAIN 2: CERTIFICATION AND
    ACCREDITATION
    DITSCAP and NIACAP
    Introduction
    DITSCAP and NIACAP Overview
    DITSCAP/NIACAP Definition
    Phase 1: Definition
    Phase 2: Verification
    Phase 3: Validation
    Phase 4: Post Accreditation
    Summary

    C&A NIST SP 800-37
    Introduction
    The C&A Process
    Phase 1: Initiation
    Phase 2: Security Certification
    Phase 3: Security Accreditation
    Phase 4: Continuous Monitoring
    Summary
    Domain 2 References
    Web Sites
    Acronyms

    ISSE DOMAIN 3: TECHNICAL MANAGEMENT
    Technical Management
    Introduction
    Planning the Effort
    Managing the Effort
    Technical Roles and Responsibilities
    Technical Documentation
    Technical Management Tools
    Summary
    References
    Web Sites

    ISSEP DOMAIN 4: INTRODUCTION TO UNITED
    STATES GOVERNMENT INFORMATION ASSURANCE REGULATIONS
    Information Assurance Organizations, Public Laws, and
    Public Policies
    Introduction
    Section 1: Federal Agencies and Organizations
    Section 2: Federal Laws, Executive Directives and Orders, and OMB
    Directives
    Summary
    References
    Web Sites

    Department of Defense (DoD) Information Assurance
    Organizations and Policies
    Introduction
    Overview of DoD Policies
    DoD Information Assurance (IA) Organizations and Departments
    DoD Issuances
    Summary
    References
    Web Sites

    Committee on National Security Systems
    Introduction
    Overview of CNSS and NSTISSC
    CNSS and NSTISSC Issuances
    CNSS Policies
    CNSS Directive
    CNSS Instructions
    CNSS Advisory Memoranda
    Summary
    References
    Web Sites

    National Institute of Standards and Technology (NIST)
    Publications
    Introduction
    Federal Information Processing Standards (FIPS)
    NIST Special Publications
    Summary
    References
    Web Sites

    National Information Assurance Partnership (NIAP) and
    Common Criteria (CC)
    Introduction

    Historical View of IT Security Evaluations
    National Information Assurance Partnership (NIAP)
    The Common Criteria
    CC Scenario
    Summary
    References
    Web Sites

    APPENDIX A: LINKING ISSE PHASES TO SE
    Phases

    APPENDIX B: ENTERPRISE ARCHITECTURE

    APPENDIX C: COMBINING NIST SP 800-55 AND
    SP 800-26

    APPENDIX D: COMMON CRITERIA SECURITY
    ASSURANCE REQUIREMENTS

    Biography

    Susan Hansche

    "I just wanted to let you know I found your ISSEP textbook very helpful in preparation for the exam. I took the exam on the 20th of January and found out that I passed yesterday. I also found out from an instructor at ISC2 that the pass rate for this exam is around 30%. So I'd say you've done a pretty good job in writing a book that helps prepare candidates for the test as well as provide them a great resource for understanding much of the process of the Federal Government relating to IA…."
    Jim Wiggins, SAIT/IMT