ISSEP - SSE Process - Final Exam Questions And
Accurate Answers
SSE Process Solution Find Out Information Protection Requirements
Describe System Security Requirements
Develop System Security Architecture
Develop Detailed Security Design
Implement System Security
Assess Effectiveness of Information Protection
Information Management Requirements Model Solution model specifies processes, the
information being processed, and the users of the information and processes
decomposes user roles, processes and information
utilises principles of least privilege
- shall also address the provisions of all applicable information management policies,
regs and agreements relating to the managed information
- components are information domains
Information Domains comprises of - Response - Users or members
- rules, privileges, roles and responsibilities applicable to ALL users
- Information objects being managed, including processes
SSE Elaborate Information Protection Requirements - Response - Identify customer's
mission or business understanding
- Help customer to determine what information management is needed to enable
business
- Create model of information management
,- Record findings
- Provide input to C and A
- Determine threats to information
MNS - Response Mission Needs Statement
SSE Step1 Summarization documents - Response MNS
High level CONOPS
IMM - Response Information Management Model
- Very granular representation of information needs
- Information domains collection
- the SSE may support the SE in developing IMM
Each information domain is assigned a HTI & PHE names
Information domains
consist of:
users
processes
information
*
complex model is technical data for systems people, must not be used to brief
customers
*
initial model of the eventual information system, embodying concept of least privilege
baseline for threat analysis
baseline for security services
Upon completion of this course, we would be able to use it to analyze and apply the
knowledge gained in identifying protection policies, security regulations, directives,
laws, etc applicable.
- such as NSA docs & C&A procedures
, HTI - Answer Harm to Information (Impact)
- considers value of information and degree of harm if information was compromised
-aid the customer in ascertaining the information most to least valuable and types of
harm that would happen if the information was exploited.
See
None, Mild, Significant, Serious
PHE - Answer Potentially Harmful Events
(Likelihood of a threat executing)
-considers the existence of malicious adversaries and their degree of motivation, as well
as accidents or natural disasters.
None, Low, Medium, High (for CIA, Repudiation)
HTI & PHE combined to produce a single threat metric - 0,1,2,3.
- metrics to be defined by the customer
Documentation required for SSE Discover- information threats (in IPP)
- security services (in IPP)
- strengths & priorities
- roles & responsibilities
- design constraints
IPP Information Protection Policy
- information threats (& likelihood of occurring) & security services are documented
- Part of the customers' information management policy
This policy forms the basis for subsequent engineering activities that relate to the
effectiveness of information protection.
Security requirements are based on IPP
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Easton. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $9.99. You're not tied to anything after your purchase.