Official (ISC)2 (R) Guide to the CISSP (R)-ISSEP (R) CBK (R)

ISSE DOMAIN 1: INFORMATION SYSTEMS SECURITY ENGINEERING (ISSE) ISSE Introduction Introduction SE and ISSE Overview The ISSE Model Life Cycle and ISSE Risk Management Defense in Depth Summary References ISSE Model Phase 1: Discover Information Protection Needs Introduction Systems Engineering Activity: Discover Needs ISSE Activity: Discover Information Protection Needs Identifying Security Services and Developing the Information Protection Policy Creating the Information Protection Policy (IPP) Creating the IPP Document The Information Management Plan (IMP) Final Deliverable of Phase 1 Summary References ISSE Model Phase 2: Define System Security Requirements Introduction System Engineering Activity: Defining System Requirements ISSE Activity: Defining System Security Requirements Final Deliverable of Phase 2 Summary References ISSE Model Phase 3: Define System Security Architecture Introduction Defining System and Security Architecture System Engineering Activity: Designing System Architecture ISSE Activity: Define the Security Architecture Final Deliverable of Phase 3 Summary References ISSE Model Phase 4: Develop Detailed Security Design Introduction Systems Engineering Activity: System Design ISSE Activity: System Security Design ISSE Design and Risk Management Final Deliverables of Phase 4 Summary References Web Sites Software Design and Development Bibliography ISSE Model Phase 5: Implement System Security Introduction System Engineering Activity: System Implementation ISSE and System Security Implementation ISSE and Risk Management Final Deliverable of Phase 5 Summary References Web Sites ISSE Model Phase 6: Assess Security Effectiveness Introduction System Engineering Activity: System Assessment ISSE and System Security Assessment ISSE and Risk Management Final Deliverable of Phase 6 Summary References Web Sites ISSE DOMAIN 2: CERTIFICATION AND ACCREDITATION DITSCAP and NIACAP Introduction DITSCAP and NIACAP Overview DITSCAP/NIACAP Definition Phase 1: Definition Phase 2: Verification Phase 3: Validation Phase 4: Post Accreditation Summary C&A NIST SP 800-37 Introduction The C&A Process Phase 1: Initiation Phase 2: Security Certification Phase 3: Security Accreditation Phase 4: Continuous Monitoring Summary Domain 2 References Web Sites Acronyms ISSE DOMAIN 3: TECHNICAL MANAGEMENT Technical Management Introduction Planning the Effort Managing the Effort Technical Roles and Responsibilities Technical Documentation Technical Management Tools Summary References Web Sites ISSEP DOMAIN 4: INTRODUCTION TO UNITED STATES GOVERNMENT INFORMATION ASSURANCE REGULATIONS Information Assurance Organizations, Public Laws, and Public Policies Introduction Section 1: Federal Agencies and Organizations Section 2: Federal Laws, Executive Directives and Orders, and OMB Directives Summary References Web Sites Department of Defense (DoD) Information Assurance Organizations and Policies Introduction Overview of DoD Policies DoD Information Assurance (IA) Organizations and Departments DoD Issuances Summary References Web Sites Committee on National Security Systems Introduction Overview of CNSS and NSTISSC CNSS and NSTISSC Issuances CNSS Policies CNSS Directive CNSS Instructions CNSS Advisory Memoranda Summary References Web Sites National Institute of Standards and Technology (NIST) Publications Introduction Federal Information Processing Standards (FIPS) NIST Special Publications Summary References Web Sites National Information Assurance Partnership (NIAP) and Common Criteria (CC) Introduction Historical View of IT Security Evaluations National Information Assurance Partnership (NIAP) The Common Criteria CC Scenario Summary References Web Sites APPENDIX A: LINKING ISSE PHASES TO SE Phases APPENDIX B: ENTERPRISE ARCHITECTURE APPENDIX C: COMBINING NIST SP 800-55 AND SP 800-26 APPENDIX D: COMMON CRITERIA SECURITY ASSURANCE REQUIREMENTS