100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Previously searched by you
Previously searched by you
logo
ISSEP - SSE Process - Final Exam Questions And Accurate Answers $9.99   Add to cart
Quickly navigate to
Preview
  2.  
  3. ISSEP - SSE Process
  4.  
  5. ISSEP - SSE Process

Exam (elaborations)

ISSEP - SSE Process - Final Exam Questions And Accurate Answers
 3 views  0 purchase
  • Course
  • ISSEP - SSE Process
  • Institution
  • ISSEP - SSE Process

ISSEP - SSE Process - Final Exam Questions And Accurate Answers...

Preview 3 out of 22  pages

Document information

  • November 1, 2024
  • 22
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers

Subjects

  • issep sse process
  • issep sse process final exam
  • sse process solution find out information

Written for

  • ISSEP - SSE Process
  • ISSEP - SSE Process

Seller

avatar-seller
Easton

Reviews received

Content preview

ISSEP - SSE Process - Final Exam Questions And
Accurate Answers


SSE Process Solution Find Out Information Protection Requirements

Describe System Security Requirements

Develop System Security Architecture

Develop Detailed Security Design

Implement System Security

Assess Effectiveness of Information Protection



Information Management Requirements Model Solution model specifies processes, the
information being processed, and the users of the information and processes

decomposes user roles, processes and information

utilises principles of least privilege

- shall also address the provisions of all applicable information management policies,
regs and agreements relating to the managed information

- components are information domains



Information Domains comprises of - Response - Users or members

- rules, privileges, roles and responsibilities applicable to ALL users

- Information objects being managed, including processes



SSE Elaborate Information Protection Requirements - Response - Identify customer's
mission or business understanding

- Help customer to determine what information management is needed to enable
business

- Create model of information management

,- Record findings

- Provide input to C and A

- Determine threats to information

MNS - Response Mission Needs Statement

SSE Step1 Summarization documents - Response MNS

High level CONOPS

IMM - Response Information Management Model

- Very granular representation of information needs

- Information domains collection

- the SSE may support the SE in developing IMM

Each information domain is assigned a HTI & PHE names

Information domains

consist of:

users

processes

information

*

complex model is technical data for systems people, must not be used to brief
customers

*

initial model of the eventual information system, embodying concept of least privilege

baseline for threat analysis

baseline for security services



Upon completion of this course, we would be able to use it to analyze and apply the
knowledge gained in identifying protection policies, security regulations, directives,
laws, etc applicable.

- such as NSA docs & C&A procedures

, HTI - Answer Harm to Information (Impact)

- considers value of information and degree of harm if information was compromised

-aid the customer in ascertaining the information most to least valuable and types of
harm that would happen if the information was exploited.

See

None, Mild, Significant, Serious

PHE - Answer Potentially Harmful Events

(Likelihood of a threat executing)

-considers the existence of malicious adversaries and their degree of motivation, as well
as accidents or natural disasters.

None, Low, Medium, High (for CIA, Repudiation)



HTI & PHE combined to produce a single threat metric - 0,1,2,3.

- metrics to be defined by the customer



Documentation required for SSE Discover- information threats (in IPP)

- security services (in IPP)

- strengths & priorities

- roles & responsibilities

- design constraints



IPP Information Protection Policy

- information threats (& likelihood of occurring) & security services are documented

- Part of the customers' information management policy

This policy forms the basis for subsequent engineering activities that relate to the
effectiveness of information protection.



Security requirements are based on IPP

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Easton. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

72042 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.99
  • (0)
  Add to cart