This is to certify that. Chris FitzGerald. has completed the course. Systems Security Engineering _eng 2/10/08

Similar documents
DoDD DoDI

Appendix 12 Risk Assessment Plan

Appendix 12 Risk Assessment Plan

INFORMATION ASSURANCE DIRECTORATE

TABLE OF CONTENTS. Page REFERENCES 5 DEFINITIONS 8 ABBREVIATIONS AND/OR ACRONYMS 18 C1. CHAPTER 1 - INTRODUCTION 20

National Information Assurance (IA) Policy on Wireless Capabilities

INFORMATION ASSURANCE DIRECTORATE

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Committee on National Security Systems. CNSS Policy No. 14 November 2002

National Defense University and IRMC. National Defense University

INFORMATION ASSURANCE DIRECTORATE

10th International Command and Control Research and Technology Symposium The Future of C2

International Standard ISO/IEC 17799:2000 Code of Practice for Information Security Management. Frequently Asked Questions

DIACAP and the GIG IA Architecture. 10 th ICCRTS June 16, 2005 Jenifer M. Wierum (O) (C)

Department of Defense INSTRUCTION

Seagate Supply Chain Standards and Operational Systems

Protecting Controlled Unclassified Information(CUI) in Nonfederal Information Systems and Organizations

Synergies of the Common Criteria with Other Standards

ManTech Advanced Systems International 2018 Security Training Schedule

An Introduction to Department of Defense IA Certification and Accreditation Process (DIACAP)

Information Systems Security Requirements for Federal GIS Initiatives

INFORMATION ASSURANCE DIRECTORATE

INFORMATION ASSURANCE DIRECTORATE

Does a SAS 70 Audit Leave you at Risk of a Security Exposure or Failure to Comply with FISMA?

INFORMATION ASSURANCE DIRECTORATE

Chapter 9 Section 3. Digital Imaging (Scanned) And Electronic (Born-Digital) Records Process And Formats

INFORMATION ASSURANCE DIRECTORATE

DirectTrust Governmental Trust Anchor Bundle Standard Operating Procedure

INFORMATION ASSURANCE DIRECTORATE

DoD Information Technology Security Certification and Accreditation Process (DITSCAP) A presentation by Lawrence Feinstein, CISSP

FISMAand the Risk Management Framework

DRAFT NATIONAL EDUCATION AND TRAINING STANDARD FOR SYSTEM CERTIFIERS

Building an Assurance Foundation for 21 st Century Information Systems and Networks

National Policy On Classified Information Spillage

SAC PA Security Frameworks - FISMA and NIST

CPA PEP 2018 Schedule and Fees

NIST Security Certification and Accreditation Project

BCS Practitioner Certificate in Information Risk Management Syllabus

FedRAMP Digital Identity Requirements. Version 1.0

Progress Report National Information Assurance Partnership

Executive Order 13556

National Policy Governing the Use of High Assurance Internet Protocol Encryptor (HAIPE) Products

Streamlined FISMA Compliance For Hosted Information Systems

Cybersecurity & Privacy Enhancements

Continuous Monitoring & Security Authorization XACTA IA MANAGER: COST SAVINGS AND RETURN ON INVESTMENT IA MANAGER

INFORMATION ASSURANCE DIRECTORATE

Interagency Advisory Board Meeting Agenda, December 7, 2009

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

Outline. Why protect CUI? Current Practices. Information Security Reform. Implementation. Understanding the CUI Program. Impacts to National Security

INFORMATION ASSURANCE DIRECTORATE

Program Review for Information Security Management Assistance. Keith Watson, CISSP- ISSAP, CISA IA Research Engineer, CERIAS

ManTech Advanced Systems International 2017 Security Training Schedule

FiXs - Federated and Secure Identity Management in Operation

BCS Specialist Certificate in Change Management Syllabus

Achieving a FIPS Compliant Wireless Infrastructure using Intel Centrino Mobile Technology Clients

Management Of Information Security 4th Edition Whitman

HIPAA by the Numbers. Presented by: Mark L. Schuweiler Director of Global Information Assurance Services EDS Corporation

Updated Frequently Asked Questions (FAQ) on Revision of ZICA Accountancy Programme

OSC Guidance and Training for Internal Audit and Internal Control Practitioners. Tina Kim John Buyce

TEL2813/IS2820 Security Management

Course Intended Learning Outcomes (CILOs): Upon successful completion of this course, students should be able to:

Building Secure Systems

แนวทางการพ ฒนา Information Security Professional ในประเทศไทย

INTERNATIONAL CIVIL AVIATION ORGANIZATION ASIA and PACIFIC OFFICE ASIA/PAC RECOMMENDED SECURITY CHECKLIST

Security Management Models And Practices Feb 5, 2008

National Information Assurance Partnership. Common Criteria Evaluation and Validation Scheme Validation Report

fips185 U.S. DEPARTMENT OF COMMERCE/National Institute of Standards and Technology

COURSE OUTLINE. Last Amendment Edition Procedure No. Lecturer /blog Room No. Phone No. / Name.

FedRAMP: Understanding Agency and Cloud Provider Responsibilities

Security Control Mapping of CJIS Security Policy Version 5.3 Requirements to NIST Special Publication Revision 4 4/1/2015

CNSS Advisory Memorandum Information Assurance December 2010 Advisory Memorandum

How to Become a CMA (Certified Management Accountant) May 10, 2017

existing customer base (commercial and guidance and directives and all Federal regulations as federal)

INFORMATION ASSURANCE DIRECTORATE

DoD Internet Protocol Version 6 (IPv6) Contractual Language

Affordable Security. Sarah Pramanik April 10, 2013

Attachment 1 to Appendix 2 Risk Assessment Security Report for the Networx Security Plan

GAO INFORMATION SHARING ENVIRONMENT

IATF - International Automotive Task Force Rules for achieving and maintaining IATF Recognition IATF Rules 5 th Edition Sanctioned Interpretations

DIRECTIVE TRANSMITTAL

Volume I, Appendix B References Table of Contents

Agency Guide for FedRAMP Authorizations

Strategies for the Implementation of PIV I Secure Identity Credentials

INFORMATION ASSURANCE DIRECTORATE

Data Recovery Policy

DATABASE SECURITY REQUIREMENTS GUIDE (SRG) TECHNOLOGY OVERVIEW. Version 2, Release October Developed by DISA for the DoD

Defense Information Systems Agency (DISA) Department of Defense (DoD) Cloud Service Offering (CSO) Initial Contact Form

Introduction of the Identity Assurance Framework. Defining the framework and its goals

PKI and FICAM Overview and Outlook

COMMON CRITERIA CERTIFICATION REPORT

2018 CALENDAR OF ACTIVITIES

Electronic Signature Policy

Mohammad Shahadat Hossain

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

OFFICE OF THE UNDER SECRETARY OF DEFENSE 3000DEFENSEPENTAGON WASHINGTON, DC

DIA s DoD M FISSEA 2008 Annual Conference. Mr. Paul Krasley March 2008

IATF Transition Strategy Presenter: Mrs. Michelle Maxwell, IAOB

Frequently Asked Questions

Advanced Syllabus 2007 Release Plan

DoD ANNEX FOR PROTECTION PROFILE FOR APPLICATION SOFTWARE V1.2. Version 1, Release February Developed by DISA for the DoD

Transcription:

This is to certify that Chris FitzGerald has completed the course Systems Security Engineering - 206760_eng on 2/10/08

Systems Security Engineering About This Course Overview/Description To define the Systems Security Engineering domain of the ISSEP process. Target Audience: Candidates who plan to take the International Information System Security Certification Consortium's (ISC)2 Information Systems Security Engineering Professional (ISSEP) certification or IT professionals who want to learn about the standards and regulations pertaining to systems engineering, certification and accreditation, information assurance, and technical management. Requires experience in selecting, recommending, and implementing information system security policies, standards, procedures, and technologies. Certification: No Certifications for this Course. Expected Duration: 2 Hours 40 Minutes First publication date: This course was released August 11, 2004. Last revision: This course was last updated May 30, 2005. Course Number: 206760_eng Copyright 2005 SkillSoft PLC. All rights reserved.

Systems Security Engineering Course Objectives Topic Name The four domains of ISSEP The SE and ISSE processes The ISSE activities The PNE process Identifying SE and ISSE activities The correlation between ISSE and C&A Defense-in-depth Risk management Identifying risk assessment activities When you have completed this topic, you should be able to identify the four domains that are required to cover the Common Body of Knowledge for ISSEP certification. recognize the components of the SE and ISSE processes. recognize the activities that comprise the ISSE process. identify the function and procedures of the PNE process. identify SE and ISSE activities. define Certification and Accreditation and its relationship to SE and ISSE. recognize the concepts and elements of Defense-in-depth. recognize the elements of risk management. identify risk assessment activities. Copyright 2005 SkillSoft PLC. All rights reserved.

Systems Security Engineering References Books Auditing Information Systems, Second Edition 2003, Jack J. Champlain, John Wiley & Sons, I0471281174 Microsoft Encyclopedia of Security 2003, Mitch Tulloch, Microsoft Press, 0735618771 Security Engineering: A Guide to Building Dependable Distributed Systems 2001, Ross Anderson, John Wiley & Sons, 0471389226 Systems Engineering and Analysis 1998, Benjamin S. Blanchard, Wolter J. Fabrycky, Prentice Hall, 0131350471 Systems Engineering Principles and Practice N/A, Alexander Kossiakoff, William N. Sweet, John Wiley & Sons, 047123443-5 Copyright 2004 SkillSoft PLC. All rights reserved.

References for the four ISSEP domains Systems Security Engineering Information Assurance Technical Framework (IATF) Release 3.1, September 2002 (Particularly Chapters 2,3, and Appendix J) NIST Special Publication 800-27, "Engineering Principles for Information Technology Security (A Baseline for Achieving Security)," June 2001 NIST Special Publication 800-30, "Risk Management Guide for Information Technology Systems," October 2001 Security Engineering: A Guide to Building Dependable Distributed Systems, Ross Anderson, John Wiley & Sons, ISBN: 0-471-38922-6 Certification and Accreditation DoD Instruction 5200.40, "DoD Information Technology Security Certification and Accreditation (C&A) Process (DITSCAP)," December 30, 1997 DoD 8510.1-M, "Department of Defense Information Technology Security Certification and Accreditation Process (DITSCAP) Application Manual," July 31, 2000 FIPS PUB 102, "Guidelines for Computer Security Certification and Accreditation, " September 27, 1983 NSTISS Instruction (NSTISSI) No. 1000, "National Information Assurance Certification and Accreditation Process (NIACAP)," April 2000 NSTISS Policy (NSTISSP) No. 6, "National Policy on Certification and Accreditation of National Security Telecommunications and Information Systems," 8 April 1994 Technical Management Carnegie Mellon Software Engineering Web Site, http://www.sei.cmu.edu Systems Engineering and Analysis, Benjamin S. Blanchard, Wolter J. Fabrycky, Prentice Hall, ISBN: 0-13- 135047-1 Systems Engineering Management, Benjamin S. Blanchard, John Wiley & Sons, ISBN: 0-471-19086-1 Systems Engineering Principles and Practice, Alexander Kossiakoff, William N. Sweet, John Wiley & Sons, ISBN: 0-471-23443-5 Systems Security Engineering Capability Maturity Model, International Systems Security Engineering Association, Version 2.0, April 1, 1999/ISO 21827 US Government Information Assurance Regulations 10 U.S.C. Section 2315 Committee on National Security Systems (CNSS) web site, http://www.nstissc.gov Common Criteria for Information Technology Security, National Institute of Standards and Technology, Version 2.0/ISO IS 15408, May 1998

DoD Directive 8500.1, "Information Assurance (IA)," October 24, 2002 DoD Instruction 8500.2, "Information Assurance (IA) Implementation, " February 6, 2003 Executive Order 13231, "Critical Infrastructure Protection in the Information Age," October 16, 2001 Federal Information Processing Standards (FIPS) Publication (PUB) 81, "DES Modes of Operation," December 2, 1980 National Communications Security Committee (NCSC)-2, "National Policy on Release of Communications Security Information to U.S. Contractors and Other U.S. Nongovernmental Sources (U)," July 7, 1983 NCSC-5, "National Policy on Use of Cryptomaterial by Activities Operating in High Risk Environments (U)," January 16, 1981 National Communications Security (COMSEC) Instruction (NACSI) No. 6002, "Protection of Government Contractor Telecommunications," 4 June 1984 National Institute of Standards and Technology (NIST) Special Publication 800-12, "An Introduction to Computer Security: The NIST Handbook," October 1995 NIST Special Publication 800-14, "Generally Accepted Principles and Practices for Securing Information Technology Systems," September 1996 NIST Special Publication 800-18, "Guide for Developing Security Plans for Information Technology Systems," December 1998 NIST Special Publication 800-25, "Federal Agency Use of Public Key Technology for Digital Signatures and Authentication," October 2000 NIST Special Publication 800-47, "Security Guide for Interconnecting Information Technology Systems," August 2002 National Security Telecommunications and Information Systems Security Advisory Memorandum (NSTISSAM) Computer Security (COMPUSEC)/I-98, "The Role of Firewalls and Guards in Enclave Boundary Protection," December 1998 NSTISSAM COMPUSEC/I-99, "Advisory Memorandum on the Transition from the Trusted Computer System Evaluation Criteria to the International Common Criteria for Information Technology Security Evaluation," 11 March 1999 NSTISSAM INFOSEC/I-00, "Advisory Memorandum for the Use of the Federal Information Processing Standards (FIPS) 140-1 Validated Cryptographic Modules in Protecting Unclassified National Security Systems," 8 February 2000 NSTISSAM INFOSEC/2-00, "Advisory Memorandum for the Strategy for Using National Information Assurance Partnership (NIAP) for the Evaluation of Commercial Off-The-Shelf (COTS) Security Enabled Information Technology Products," 8 February 2000 National Security Telecommunications and Information Systems Security (NSTISS) Directive (NSTISSD) No. 500, "Information Systems Security (INFOSEC) Educations, Training, and Awareness," February 25, 1993 NSTISSI No. 4009, "National Information Systems Security (INFOSEC) Glossary," September 2000 NSTISSI No. 4011, "National Training Standard for Information Systems Security (INFOSEC) Professionals," 20 June 1994 NSTISSI No. 4012, "National Training Standard for Designated Approving Authority (DAA)," August 1997 NSTISSI No. 4013, "National Training Standard for System Administrators in Information Systems Security (INFOSEC)," August 1997

\ (INFOSEC), August 1997 NSTISSI No. 4014, "National Training Standard for Information Systems Security Officers (ISSO)," August 1997 NSTISSI No. 4015, "National Training Standard for System Certifiers," December 2000 NSTISSI No. 7003, "Protected Distribution Systems (PDS)," 13 December 1996 NSTISSP No. 7, "National Policy on Secure Electronic Messaging Services," 21 February 1995 NSTISSP No. 101, "National Policy on Securing Voice Communications," September 14, 1999 NSTISSP No. 200, "National Policy on Controlled Access Protection," 15 July 1987 Office of Management and Budget (OMB) Circular A-130, "Management of Federal Information Resources, Transmittal 4," November 30, 2000 OMB Guidance to Federal Agencies on Data Availability and Encryption OMB M-00-13, "Privacy Policies and Data Collection on Federal Web Sites," June 22, 2000 OMB M-01-08, "Guidance on Implementing the Government Information Security Reform Act," January 16, 2001 Public Law 100-235, "Computer Security Act of 1987," 8 January 1988 Section 3531 Title 44 U.S.C., Government Information Security Reform Act (GISRA) Copyright 2004 SkillSoft PLC. All rights reserved.

This is to certify that Chris FitzGerald has completed the course Certification and Accreditation - 206761_eng on 2/10/08

Certification and Accreditation About This Course Overview/Description To define ISSE certification and accreditation. Target Audience: Candidates who plan to take the International Information System Security Certification Consortium's (ISC)2 Information Systems Security Engineering Professional (ISSEP) certification or IT professionals who want to learn about the standards and regulations pertaining to systems engineering, certification and accreditation, information assurance, and technical management. Requires experience in selecting, recommending, and implementing information system security policies, standards, procedures, and technologies. Certification: No Certifications for this Course. Expected Duration: 1 Hours 40 Minutes First publication date: This course was released August 11, 2004. Last revision: This course was last updated August 29, 2006. Course Number: 206761_eng Copyright 2006 SkillSoft PLC. All rights reserved.

Certification and Accreditation Course Objectives Topic Name Components of the C&A process C&A requirements DITSCAP NIACAP and FIPS 102 Comparing C&A processes When you have completed this topic, you should be able to recognize the components of the C&A process. identify C&A requirements. identify the activities within each phase of the DITSCAP process. identify the phases of the NIACAP and FIPS 102 processes. identify various C&A processes. Copyright 2006 SkillSoft PLC. All rights reserved.

Certification and Accreditation References Books Auditing Information Systems, Second Edition 2003, Jack J. Champlain, John Wiley & Sons, I0471281174 Microsoft Encyclopedia of Security 2003, Mitch Tulloch, Microsoft Press, 0735618771 Security Engineering: A Guide to Building Dependable Distributed Systems 2001, Ross Anderson, John Wiley & Sons, 0471389226 Systems Engineering and Analysis 1998, Benjamin S. Blanchard, Wolter J. Fabrycky, Prentice Hall, 0131350471 Systems Engineering Principles and Practice N/A, Alexander Kossiakoff, William N. Sweet, John Wiley & Sons, 047123443-5 Copyright 2004 SkillSoft PLC. All rights reserved.

This is to certify that Chris FitzGerald has completed the course Technical Management - 206762_eng on 2/10/08

Print Back Close Technical Management About This Course Overview/Description To provide an overview of technical management. Target Audience: Candidates who plan to take the International Information System Security Certification Consortium's (ISC)2 Information Systems Security Engineering Professional (ISSEP) certification or IT professionals who want to learn about the standards and regulations pertaining to systems engineering, certification and accreditation, information assurance, and technical management. Requires experience in selecting, recommending, and implementing information system security policies, standards, procedures, and technologies. Certification: No Certifications for this Course. Expected Duration: 1 Hours 20 Minutes First publication date: This course was released August 11, 2004. Last revision: This course was last updated August 11, 2004. Course Number: 206762_eng Copyright 2004 SkillSoft PLC. All rights reserved.

Print Back Close Technical Management Course Objectives opceobjectes Topic Name Project planning fundamentals Systems development process models Planning and managing technical effort Identifying technical management practices When you have completed this topic, you should be able to recognize the fundamentals of project planning. identify the features of different systems development process models. identify the tasks and models associated with planning and managing technical effort. identify technical management practices. Copyright 2004 SkillSoft PLC. All rights reserved.

Print Back Close Technical Management References Books Auditing Information Systems, Second Edition 2003, Jack J. Champlain, John Wiley & Sons, I0471281174 Microsoft Encyclopedia of Security 2003, Mitch Tulloch, Microsoft Press, 0735618771 Security Engineering: A Guide to Building Dependable Distributed Systems 2001, Ross Anderson, John Wiley & Sons, 0471389226 Systems Engineering and Analysis 1998, Benjamin S. Blanchard, Wolter J. Fabrycky, Prentice Hall, 0131350471 Systems Engineering Principles and Practice N/A, Alexander Kossiakoff, William N. Sweet, John Wiley & Sons, 047123443-5 Copyright 2004 SkillSoft PLC. All rights reserved.

This is to certify that Chris FitzGerald has completed the course US Government Information Assurance Regulations - 206763_eng on 2/11/08

US Government Information Assurance Regulations About This Course Overview/Description To outline US government IA regulations. Target Audience: Candidates who plan to take the International Information System Security Certification Consortium's (ISC)2 Information Systems Security Engineering Professional (ISSEP) certification or IT professionals who want to learn about the standards and regulations pertaining to systems engineering, certification and accreditation, information assurance, and technical management. Requires experience in selecting, recommending, and implementing information system security policies, standards, procedures, and technologies. Certification: No Certifications for this Course. Expected Duration: 2 Hours 20 Minutes First publication date: This course was released August 11, 2004. Last revision: This course was last updated July 13, 2006. Course Number: 206763_eng Copyright 2006 SkillSoft PLC. All rights reserved.

US Government Information Assurance Regulations Course Objectives Topic Name Introduction to IA regulations CNSS issuances NIST publications Identifying national security policies Civil agency regulations DoD regulations Identifying policies and regulations When you have completed this topic, you should be able to define the role of the various bodies involved in Information Assurance regulations. identify the role of the CNSS and its issuances. identify the purpose of NIST documents. identify CNSS issuances and NIST publications. identify the regulations governing civil agencies. identify DoD regulations. identify civil agency and defense policies. Copyright 2006 SkillSoft PLC. All rights reserved.

US Government Information Assurance Regulations References Books Auditing Information Systems, Second Edition 2003, Jack J. Champlain, John Wiley & Sons, I0471281174 Microsoft Encyclopedia of Security 2003, Mitch Tulloch, Microsoft Press, 0735618771 Security Engineering: A Guide to Building Dependable Distributed Systems 2001, Ross Anderson, John Wiley & Sons, 0471389226 Systems Engineering and Analysis 1998, Benjamin S. Blanchard, Wolter J. Fabrycky, Prentice Hall, 0131350471 Systems Engineering Principles and Practice N/A, Alexander Kossiakoff, William N. Sweet, John Wiley & Sons, 047123443-5 Copyright 2004 SkillSoft PLC. All rights reserved.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback