|Exam Name||:||Information Systems Security Engineering(R) Professional|
|Questions and Answers||:||449 Q & A|
|Updated On||:||February 23, 2018|
|PDF Download Mirror||:||ISSEP Dump|
|Get Full Version||:||Pass4sure ISSEP Full Version|
Adjustments: Contingency plans and exceptions should be generated so that the residual risk be above the acceptable threshold.
Which of the following types of CNSS issuances establishes criteria, and assigns responsibilities?
The various CNSS issuances are as follows: Policies: It assigns responsibilities and establishes criteria (NSTISSP) or (CNSSP). Directives: It establishes or describes policy and programs, provides authority, or assigns responsibilities (NSTISSD). Instructions: It describes how to implement the policy or prescribes the manner of a policy (NSTISSI). Advisory memoranda: It provides guidance on policy and may cover a variety of topics involving information assurance, telecommunications security, and network security (NSTISSAM).
Which of the following types of cryptography defined by FIPS 185 describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information?
Type III cryptography
Type III (E) cryptography
Type II cryptography
Type I cryptography
The types of cryptography defined by FIPS 185 are as follows: Type I cryptography: It describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting classified information. Type II cryptography: It describes a cryptographic algorithm or a tool accepted by the National Security Agency for protecting sensitive, unclassified information in
the systems as stated in Section 2315 of Title 10, United States Code, or Section 3502(2) of Title 44, United States Code. Type III cryptography: It describes a cryptographic algorithm or a tool accepted as a Federal Information Processing Standard. Type III (E) cryptography: It describes a Type III algorithm or a tool that is accepted for export from the United States.
Which of the following are the major tasks of risk management? Each correct answer represents a complete solution. Choose two.
Building Risk free systems
Assuring the integrity of organizational data
The following are the two major tasks of risk management: 1.Risk identification
Risk identification is the task of examining and documenting the security posture of an organization's information technology and the risks it faces. Risk control is the task of applying controls to reduce risks to an organization's data and information systems. Answer options B and C are incorrect. Building risk free systems and assuring the integrity of organizational data are the tasks related to the implementation of security measures.
You are working as a project manager in your organization. You are nearing the final stages of project execution and looking towards the final risk monitoring and controlling activities. For your project archives, which one of the following is an output of risk monitoring and control?
Quantitative risk analysis
Qualitative risk analysis
Of all the choices presented, only requested changes is an output of the monitor and control risks process. You might also have risk register updates, recommended corrective and preventive actions, organizational process assets, and updates to the project management plan. Answer options D and A are incorrect. These are the plan risk management processes. Answer option B is incorrect. Risk audit is a risk monitoring and control technique.
Continuous Monitoring is the fourth phase of the security certification and accreditation process. What activities are performed in the Continuous Monitoring process?
Each correct answer represents a complete solution. Choose all that apply.
Status reporting and documentation
Security control monitoring and impact analyses of changes to the information system
Configuration management and control
Security accreditation documentation
Security accreditation decision
Continuous Monitoring is the fourth phase of the security certification and accreditation process. The Continuous Monitoring process consists of the following three main activities:
Configuration management and control Security control monitoring and impact analyses of
changes to the information system Status reporting and documentation The objective of these tasks is to observe and evaluate the information system security controls during the system life cycle. These tasks determine whether the changes that have occurred will negatively impact the system security. Answer options E and D are incorrect. Security accreditation decision and security accreditation documentation are the two tasks of the security accreditation phase.
Which of the following organizations incorporates building secure audio and video communications equipment, making tamper protection products, and providing trusted microelectronics solutions?
Answer option A is incorrect. The Defense Technical Information Center (DTIC) is a repository of scientific and technical documents for the United States Department of Defense. DTIC serves the DoD community as the largest central resource for DoD and government-funded scientific, technical, engineering, and business related information available today. DTIC's documents are available to DoD personnel and defense contractors, with unclassified documents also available to the public. DTIC's aim is to serve a vital link in the transfer of information among DoD personnel, DoD contractors, and potential contractors and other U.S. Government agency personnel and their contractors. Answer option D is incorrect. The Defense Advanced Research Projects Agency (DARPA) is an agency of the United States Department of Defense responsible for the development of new technology for use by the military. DARPA has been responsible for funding the development of many technologies which have had a major effect on the world, including computer networking, as well as NLS, which was both the first hypertext system, and an important precursor to the contemporary ubiquitous graphical user interface. DARPA supplies technological options for the entire Department, and is designed to be the "technological engine" for transforming DoD. Answer option C is incorrect. The Defense-wide Information Assurance Program (DIAP) protects and supports DoD information, information systems, and information networks, which is important to the Department and the armed forces throughout the day-to-day operations, and in the time of crisis.The DIAP uses the OSD method to plan, observe, organize, and incorporate IA activities. The role of DIAP is to act as a facilitator for program execution by the combatant commanders, Military Services, and Defense Agencies. The DIAP staff combines functional and programmatic skills for a comprehensive Defense-wide approach to IA. The DIAP's main objective is to ensure that the DoD's vital information resources are secured and
protected by incorporating IA activities to get a secure net-centric GIG operation enablement and
information supremacy by applying a Defense-in-Depth
Official (ISC)2 guide to the CISSP-">ISSEP CBK.
This guide analyzes all of the topics covered in the newly created CISSP-">ISSEP CBK, a compendium of industry best practices. Focus is on the four ">ISSEP domains of information systems security engineering, certification and accreditation, technical management, and US government information assurance regulations. The book explains ISSE by comparing it to a traditional systems engineering model, and details key points of about 50 US government policies and procedures essential for understanding CBK. Hansche, CISSP-">ISSEP, is a training director for information assurance at a private sector company. The book is distributed by CRC.
([c] 2005 Book News, ., Portland, OR)
COPYRIGHT 2005 Book News, .No portion of this article can be reproduced without the express written permission from the copyright holder.
2005 Gale, Cengage Learning. .
Article by ArticleForge
Raytheon Leads IT Contractors and Hosts Certification Preview Seminar for Government Contractors and Employees
VIENNA, Virginia, USA, July 23, 2003 – The International Information Systems Security Certification Consortium (ISC)2, the non-profit international leader dedicated to training, qualifying and certifying information security professionals worldwide, will introduce the Information Systems Security Engineering Professional (">ISSEP) certification requirements to government employees and contractors at its preview seminar hosted by Raytheon Company tomorrow from 1 to 5 p.m. at the Raytheon facility located at 7700 Arlington Boulevard, Falls Church, Va.
The ">ISSEP addresses the unique information security knowledge and expertise the U.S. national security community requires of its employees and contractors, and serves as an area of concentration of (ISC)2’s Certified Information Systems Security Professional (CISSP®) credential. The CISSP is a prerequisite to obtaining the ">ISSEP concentration.
This preview will be the first opportunity for government employees and contractors to learn about the ">ISSEP certification process and training requirements. Nearly 200 information security professionals from the U.S. National Security Agency (NSA), Department of Defense, civilian agencies, and government contractors have registered to attend the event.
(ISC)2 introduced the ">ISSEP earlier this year as part of a five-year contract with NSA’s Information Assurance Directorate to develop and administer the ">ISSEP credential for information security professionals who want to work for NSA as employees or contractors.
Raytheon has taken the lead in building a consortium of government IT contractors to learn about the ">ISSEP certification and respond to opportunities that may result from new information assurance requirements.
According to Jim Craft, director of IT strategic growth initiatives for Raytheon Intelligence and Information Systems, several large and small government IT contractors met with NSA earlier this year to apply the Raytheon Six Sigma collaboration and problem-solving methodology to increase the level of professionalism in cybersecurity and establish a common understanding of the Information Systems Security Engineering discipline.
“We determined that the ">ISSEP is one of the most promising mechanisms to further these two goals in the short term,” said Craft. “The opportunity now exists for industry and NSA to pilot a process to apply that mechanism to help secure the National Information Infrastructure. Working with (ISC)2, this seminar is our first step in expanding this collaborative effort nationally”
Opening remarks for the preview will be presented by Janet Oren, CISSP, senior information systems security engineer at NSA; Jim Craft and Raytheon senior executives; Lynn McNulty, CISSP, (ISC)2 director of government affairs; and Dow Williamson, CISSP, (ISC)2 director of communications. The agenda includes an introduction to the ">ISSEP concentration and how it impacts government contractors, certification and accreditation, the systems security engineering process, technical management, U.S. government information assurance regulations, and the preparation and training required for the ">ISSEP exam.
“(ISC)2 developed the ">ISSEP certification with NSA to establish an additional level of knowledge and expertise unique to U.S. national security. As a result, there is a defined career path for information security professionals and an opportunity for government contractors with IT professionals who meet ">ISSEP requirements,” said Dow Williamson. “The response from the national security community has been tremendous. Additional preview seminars will be presented in the near future to meet the requests of the community.”
The first ">ISSEP two-day training sessions and certification exams are scheduled for Aug. 25-27 and Aug. 28-30, 2003. The next ">ISSEP training and certification exams are scheduled in September 2003. To register for ">ISSEP training and the certification exam, CISSPs may contact (ISC)2 Institute at p. 888-333-4458.
About Raytheon:Raytheon Company, with 2002 sales of $16.8 billion, is an industry leader in defense, government and commercial electronics, space, information technology, technical services, and business and special mission aircraft. With headquarters in Lexington, Mass., Raytheon employs more than 76,000 people worldwide. For more information, visit .raytheonm.
About (ISC)2:Based in Vienna, Virginia, USA. with offices in London, UK and Hong Kong, China, the International Information Systems Security Certification Consortium, . (ISC)2 is the premier organization dedicated to providing information security professionals around the world with the standard for professional certification based on (ISC)2’s CBKTM, a compendium of industry “best practices” for information security professionals. Since its inception in 1989, the non-profit organization has trained, qualified, and certified thousands of information security professionals in more than 90 countries and has advocated the need for one industry-wide information security standard. (ISC)2 awards the Certified Information Systems Security Professional (CISSP®) and the Systems Security Certified Practitioner (SSCP®) credentials as well as certification concentrations. The CISSP and SSCP are both unique by requiring years of experience in their field and, for the CISSP, the Gold Standard in information security certifications, an endorsement by a professional that is familiar with the background of the candidate. More information on (ISC)2 is available at .isc2.
Article by ArticleForge
(ISC)2 Provides Enterprise-Wide EducationTesting for ">ISSEP Credential to NSA
Decision to expand program demonstrates agency's commitment to professionalizing its information security engineering workforce.
LM HARBOR, Fla., Dec. 12 -- The International Information Systems Security Certification Consortium [(ISC)2(R)], the non-profit leader in educating and certifying information security professionals worldwide, today announced that the U.S. National Security Agency (NSA) has asked (ISC)2 to move forward with an enterprise-wide education and testing program after completing a successful pilot program earlier this summer.
The expanded program will allow up to 90 NSA information security engineering professionals to go through on-site review and testing for the Information Systems Security Engineering Professional (">ISSEP(R)) credential. Earlier this year, 15 NSA information systems security engineers sat for the on-site review and testing pilot program. For the larger program, NSA has asked (ISC)2 to modify the format of the review course from three days to four days and also to provide each candidate with a post-test report detailing their strengths and weaknesses in each of the 10 security domains.
"The ">ISSEP is one of the more challenging credentials offered by (ISC)2. NSA officials want to ensure that candidates have the time they need to review and absorb the extensive course materials. The additional day of review will assist in the successful preparation for the exam," explains John Mongeon who leads the Government Services Division for (ISC)2, Americas. "By ramping up the program and putting up to 90 personnel through the ">ISSEP review and examination, NSA is demonstrating a commitment to professionalizing its information systems security engineering workforce."
(ISC)2 developed the ">ISSEP credential with NSA to establish an additional level of knowledge and expertise unique to U.S. national security employees and contractors. Based on U.S. National Institute of Standards and Technology (NIST) guidelines pertaining to Department of Defense (DoD) requirements, the ">ISSEP is designed for advanced information securityassurancerisk management professionals who demonstrate mastery of systems security engineering, technical management, Certification and Accreditation (C&A) and information assurance regulations.
The ">ISSEP, which is one of just a few professional credentials to be accredited by ANSI under the global ANSIISOIEC 17024 standard, serves as an area of concentration for (ISC)2's Certified Information Systems Security Professional (CISSP(R)) certification. Those CISSPs who also hold the ">ISSEP must relate a portion of their continuing professional education (CPE) credits directly to information systems security engineering.
NSA officials have two additional 1-year options in their contract, which will allow the agency to renew the agreement on an as-needed basis. If all options are exercised, (ISC)2 would train and test approximately 250 ">ISSEP candidates for the NSA.
About (ISC)2The International Information Systems Security Certification Consortium, . [(ISC)2(R)] is the internationally recognized Gold Standard for certifying information security professionals. Founded in 1989, (ISC)2 has certified over 45,000 information security professionals in more than 120 countries. Based in Palm Harbor, Florida, USA, with offices in Vienna, Virginia, USA, London, Hong Kong and Tokyo, (ISC)2 issues the Certified Information Systems Security Professional (CISSP) and related concentrations, Certification and Accreditation Professional (CAP(CM)), and Systems Security Certified Practitioner (SSCP) credentials to those meeting necessary competency requirements. The CISSP, CISSP-">ISSEP and SSCP are among the first information technology credentials to meet the stringent requirements of ANSIISOIEC Standard 17024, a global benchmark for assessing and certifying personnel. (ISC)2 also offers a portfolio of education products and services based upon (ISC)2's CBK(R), a taxonomy of information security topics, and is responsible for the annual (ISC)2 Global Information Security Workforce Study. More information is available at
Article by ArticleForge