Issep - Study guides, Class notes & Summaries

The authority to accept residual risk resides in which role? - Authorizing Official Which reference provides detailed guidance on risk assessments? - SP 800-30 Risk Management Guide for Information Technology Systems Which non-executive branch organization provides the President with advice on security and continuity of communications systems? - National Security Telecommunications Advisory Committee (NSTAC) NCSC-5 establishes the National Policy for the use of cryptographic material when o...

E.O. 13231 Directs which actions - -Protection of information systems as components of CI -Protection of emergency preparedness communications -Protection of supporting physical assets E.O. 13231 assigns these responisbilities - -Director, OMB to develop and oversee the implementation of government-wide policies principles, standards and guidelines -SecDef and DCI will oversee, develop, and ensure implmentation of policies, priniciples, standards, and guidlines for the secuirty of info...

The authority to accept residual risk resides in which role? - Authorizing Official Which reference provides detailed guidance on risk assessments? - SP 800-30 Risk Management Guide for Information Technology Systems Which non-executive branch organization provides the President with advice on security and continuity of communications systems? - National Security Telecommunications Advisory Committee (NSTAC) NCSC-5 establishes the National Policy for the use of cryptographic material wh...

ISSEP Final Exam Questions And Accurate Answers...

Approval to Operate (ATO) - correct answer The official management decision issued by a designated accrediting authority (DAA) or principal accrediting authority (PAA) to authorize operation of an information system and to explicitly accept the residual risk to agency operations (including mission, functions, image, or reputation), agency assets, or individuals. See authorization to operate (ATO). Rationale: Term has been replaced by the authorization to operate (ATO). Assessment - correct an...

What are the activities in the ISSE per IATF App J? - Discover Info Protection Needs, Define System Security Reqts, Design System Security Architecture, Develop Detailed Security Design, Implement System Security, Assess Info Protection Effectiveness, Plan Technical Effort, Management Technical Effort PHE are caused by what? IATF App H. - Adversaries (malicious), or Non malicious threat sources (accidents and nature) What are the PNE Procedures, in order? IATF App H. - Approaching ...

Architecture - A set for related physical and logical representations (i.e., views) of a system or a solution. The architecture conveys information about the system/solution elements, interconnections, relationships, and behavior at different levels of abstractions and with different scopes. Availability - Ensuring Timely and reliable access to and use of information. Confidentiality - Preserving authorized restrictions on information access and disclosure including means for protectin...

ISSEP PREP 2024 QUESTIONS WITH CORRECT ANSWERS!!

SDLC Phases - - Initiation (need for system is expressed and documented) - Development/Acquisition : system designed, purchased, and developed - Implementation/Assessment - Operation/Maintenance - Disposal CNSSP 14 - Release of security information to contractors and other non government personnel CNSSP 15 - AES CNSSD 500 - IA training, awareness, etc