Cantitate/Preț
Produs

Official (ISC)2® Guide to the CISSP®-ISSEP® CBK®

Editat de Susan Hansche
en Limba Engleză Hardback – 29 sep 2005
The Official (ISC)2® Guide to the CISSP®-ISSEP® CBK® provides an inclusive analysis of all of the topics covered on the newly created CISSP-ISSEP Common Body of Knowledge. The first fully comprehensive guide to the CISSP-ISSEP CBK, this book promotes understanding of the four ISSEP domains: Information Systems Security Engineering (ISSE); Certification and Accreditation; Technical Management; and an Introduction to United States Government Information Assurance Regulations.

This volume explains ISSE by comparing it to a traditional Systems Engineering model, enabling you to see the correlation of how security fits into the design and development process for information systems. It also details key points of more than 50 U.S. government policies and procedures that need to be understood in order to understand the CBK and protect U.S. government information.

About the Author
Susan Hansche, CISSP-ISSEP is the training director for information assurance at Nortel PEC Solutions in Fairfax, Virginia. She has more than 15 years of experience in the field and since 1998 has served as the contractor program manager of the information assurance training program for the U.S. Department of State.
Citește tot Restrânge

Preț: 52935 lei

Preț vechi: 66169 lei
-20%

Puncte Express: 794

Preț estimativ în valută:
10142 10985$ 8697£

Carte disponibilă

Livrare economică 19 aprilie-03 mai
Livrare express 04-10 aprilie pentru 6063 lei

Preluare comenzi: 021 569.72.76

Specificații

ISBN-13: 9780849323416
ISBN-10: 084932341X
Pagini: 1024
Ilustrații: 143 black & white illustrations, 103 black & white tables
Dimensiuni: 175 x 241 x 56 mm
Greutate: 1.51 kg
Ediția:1
Editura: Taylor & Francis Ltd.

Public țintă

Information systems security professionals interested in understanding the CISSP-ISSEP CBK; information security managers; IT auditors; and network and system administrators, network and systems engineers, CISSPs working in the U.S. Government sector

Cuprins

ISSE DOMAIN 1: INFORMATION SYSTEMS
SECURITY ENGINEERING (ISSE)
ISSE Introduction
Introduction
SE and ISSE Overview
The ISSE Model
Life Cycle and ISSE
Risk Management
Defense in Depth
Summary
References

ISSE Model Phase 1: Discover Information Protection
Needs
Introduction
Systems Engineering Activity: Discover Needs
ISSE Activity: Discover Information Protection Needs
Identifying Security Services and Developing
the Information Protection Policy
Creating the Information Protection Policy (IPP)
Creating the IPP Document
The Information Management Plan (IMP)
Final Deliverable of Phase 1
Summary
References

ISSE Model Phase 2: Define System Security Requirements
Introduction
System Engineering Activity: Defining
System Requirements
ISSE Activity: Defining System Security Requirements
Final Deliverable of Phase 2
Summary
References

ISSE Model Phase 3: Define System
Security Architecture
Introduction
Defining System and Security Architecture
System Engineering Activity: Designing System Architecture
ISSE Activity: Define the Security Architecture
Final Deliverable of Phase 3
Summary
References

ISSE Model Phase 4: Develop Detailed Security Design
Introduction
Systems Engineering Activity: System Design
ISSE Activity: System Security Design
ISSE Design and Risk Management
Final Deliverables of Phase 4
Summary
References
Web Sites
Software Design and Development Bibliography

ISSE Model Phase 5: Implement System Security
Introduction
System Engineering Activity: System Implementation
ISSE and System Security Implementation
ISSE and Risk Management
Final Deliverable of Phase 5
Summary
References
Web Sites

ISSE Model Phase 6: Assess Security Effectiveness
Introduction
System Engineering Activity: System Assessment
ISSE and System Security Assessment
ISSE and Risk Management
Final Deliverable of Phase 6
Summary
References
Web Sites

ISSE DOMAIN 2: CERTIFICATION AND
ACCREDITATION
DITSCAP and NIACAP
Introduction
DITSCAP and NIACAP Overview
DITSCAP/NIACAP Definition
Phase 1: Definition
Phase 2: Verification
Phase 3: Validation
Phase 4: Post Accreditation
Summary

C&A NIST SP 800-37
Introduction
The C&A Process
Phase 1: Initiation
Phase 2: Security Certification
Phase 3: Security Accreditation
Phase 4: Continuous Monitoring
Summary
Domain 2 References
Web Sites
Acronyms

ISSE DOMAIN 3: TECHNICAL MANAGEMENT
Technical Management
Introduction
Planning the Effort
Managing the Effort
Technical Roles and Responsibilities
Technical Documentation
Technical Management Tools
Summary
References
Web Sites

ISSEP DOMAIN 4: INTRODUCTION TO UNITED
STATES GOVERNMENT INFORMATION ASSURANCE REGULATIONS
Information Assurance Organizations, Public Laws, and
Public Policies
Introduction
Section 1: Federal Agencies and Organizations
Section 2: Federal Laws, Executive Directives and Orders, and OMB
Directives
Summary
References
Web Sites

Department of Defense (DoD) Information Assurance
Organizations and Policies
Introduction
Overview of DoD Policies
DoD Information Assurance (IA) Organizations and Departments
DoD Issuances
Summary
References
Web Sites

Committee on National Security Systems
Introduction
Overview of CNSS and NSTISSC
CNSS and NSTISSC Issuances
CNSS Policies
CNSS Directive
CNSS Instructions
CNSS Advisory Memoranda
Summary
References
Web Sites

National Institute of Standards and Technology (NIST)
Publications
Introduction
Federal Information Processing Standards (FIPS)
NIST Special Publications
Summary
References
Web Sites

National Information Assurance Partnership (NIAP) and
Common Criteria (CC)
Introduction

Historical View of IT Security Evaluations
National Information Assurance Partnership (NIAP)
The Common Criteria
CC Scenario
Summary
References
Web Sites

APPENDIX A: LINKING ISSE PHASES TO SE
Phases

APPENDIX B: ENTERPRISE ARCHITECTURE

APPENDIX C: COMBINING NIST SP 800-55 AND
SP 800-26

APPENDIX D: COMMON CRITERIA SECURITY
ASSURANCE REQUIREMENTS