CISSP-ISSEP - CISSP Concentration In Security Engineering Boot Camp

Chapter 1: Systems Security Engineering Fundamentals Domain

• Module 1: Apply systems security engineering fundamentals
  • Understand system type terminology.
  • Understand the multidisciplinary nature of systems engineering and the role of security engineering.
  • Analyze and identify systems and system elements.
  • Identify and understand the system -of- interest.
  • Understand the design problem of adequate security.
  • Understand the role of the System Security Engineer.
  • Understand the systems security engineer trust concepts and hierarchy.
  • Analyze the relationship between systems engineering and security engineering.
  • Apply Structural Security Design Principles.
• Module 2: Execute systems security engineering processes
  • Understand and execute the systems security engineering lifecycle processes.
  • Identify organizational security authority.
  • Identify system security policy elements.
  • Understand software design concepts.
  • Integrate design concepts (e.g. open, proprietary, modular).
• Module 3: Integrate with applicable development methodology
  • Understand the lifecycle models.
  • Analyze the complexity model.
  • Understand the lifecycle model types.
  • Characterize lifecycle types.
  • Understand Agile team member roles.
  • Understand Agile feature breakdown.
  • Understand the relationship between planning and lifecycle models.
  • Analyze Waterfall and Agile pros and cons.
  • Integrate with the applicable system development methodology.
  • Integrate with systems security engineering security tasks and activities.
  • Verify security requirements throughout the process.
  • Integrate software assurance methods.
• Module 4: Perform technical management
  • Perform Technical Management processes.
  • Perform project planning processes.
  • Perform project assessment and control processes.
  • Perform decision management processes.
  • Perform the risk management processes.
  • Perform configuration management processes.
  • Perform information management processes.
  • Perform measurement processes.
  • Identify opportunities for security process automation.
• Module 5: Participate in the acquisition process
  • Prepare security requirements for acquisitions.
  • Participate in the selection process.
  • Participate in supply chain risk management (SCRM).
  • Participate in development and review of contractual information.
• Module 6: Design trusted systems and networks (TSN).
  • Understand the basic network architecture design to protect the system.

Chapter 2: Security Architecture Modeling

• Module 1: Apply Security Risk Management Principles
  • Align security risk management with enterprise risk management (ERM).
  • Integrate risk management throughout the lifecycle.
• Module 2: Address the Risk to the System
  • Establish the risk context.
  • Identify system security risks.
  • Perform risk analysis.
  • Perform risk evaluation.
  • Recommend risk treatment options.
  • Document risk findings and decisions.
• Module 3: Manage the Risk to the Operations
  • Determine stakeholder risk tolerance.
  • Identify remediation needs and other system changes.
  • Determine risk treatment options.
  • Assess proposed risk treatment options.
  • Recommend risk treatment options.

Chapter 3: Chapter Security Planning and Design Domain

• Module 1: Analyze Organizational and Operational Environment
  • Capture stakeholder requirements.
  • Identify relevant constraints and assumptions.
  • Assess and document threats.
  • Determine system protection needs.
  • Develop security test plans (STP).
• Module 2: Apply System Security Principles
  • Incorporate resiliency methods to address threats.
  • Apply defense-in-depth concepts.
  • Identify fail-safe defaults.
  • Reduce single points of failure (SPOF).
  • Incorporate least privilege concept.
  • Understand the economy of mechanism.
  • Understand the separation of duties (SoD) concept.
• Module 3: Develop System Security Requirements
  • Develop system security context.
  • Identify functions within the system and security concept of operations (CONOPS).
  • Document a system security requirements baseline.
  • Analyze system security requirements.
• Module 4: Create System Security Architecture Design
  • Develop functional analysis and allocation.
  • Maintain traceability between specified design and system requirements.
  • Develop system security design components.
  • Execute trade-off-studies.
  • Assess protection effectiveness.

Chapter 4: Systems Implementation, Verification and Validation Domain

• Module 1: Implement, Integrate and Deploy Security Solutions
  • Perform system security implementation and integration.
  • Perform system security deployment activities.
• Module 2: Perform System security Deployment Activities
  • Perform system security verification.
  • Perform security validation to demonstrate controls meet stakeholder security requirements.

Chapter 5: Secure Operations, Change Management and Disposal Domain

• Module 1: Develop Secure Operations Strategy
  • Specify requirements for personnel conducting operations.
  • Contribute to the continuous communication with stakeholders for security-relevant aspects of the system.
• Module 2: Participate in Secure Operations
  • Develop continuous monitoring solutions and processes.
  • Support the incident response (IR) process.
  • Develop secure maintenance strategy.
• Module 3: Participate in Change Management
  • Participate in change reviews.
  • Determine change impact.
  • Perform verification and validation changes.
  • Update risk assessment documentation.
• Module 4: Participate in the Disposal Processes
  • Identify disposal security requirements.
  • Develop secure disposal strategy.
  • Develop decommissioning and disposal procedures.
  • Audit results of the decommissioning and disposal process.

At the end of this course, learners will be able to:

• Understand and apply information system security engineering processes as the Information System Security Engineer on the systems engineering team.
• Analyze system security risk throughout the system development lifecycle within the context of system operations and organizational risk tolerance.
• Analyze, design, develop, and evaluate the security design and architecture for systems using security engineering processes and principles.
• Develop system solutions that employ security functions and provide adequate protection to system functions.
• Choose the most effective security configurations and designs to ensure system security during operations, change management, and disposal.

Prior to taking this course, learners should hold the CISSP designation and have experience, skills or knowledge obtained while serving in the following roles:

• Senior Systems Engineer
• Information Assurance Systems Engineer
• Information Assurance Officer
• Information Assurance Analyst
• Senior Security Analyst

This course is for individuals planning to pursue the CISSP-ISSEP certification. The CISSP-ISSEP is a CISSP who analyzes organizational needs, defines security requirements, designs security architectures, develops secure designs, implements system security, and supports system security assessment and authorization for government and industry.