CISSP-ISSEP Exam: Six-Step Technical Security Evaluation

Six-Step Technical Security Evaluation

Question

Which of the following assessment methodologies defines a six-step technical security evaluation.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

C.

The correct answer is D. DITSCAP.

DITSCAP (Department of Defense Information Technology Security Certification and Accreditation Process) is a formal, risk-driven, six-step process that defines a technical security evaluation methodology. The six steps of DITSCAP are as follows:

  1. Definition of the Information System: This step involves defining the system boundaries, categorizing the information, and identifying the security requirements and potential threats.

  2. Verification of Security Requirements: In this step, the security requirements identified in step one are verified to ensure that they meet the system's security objectives.

  3. Security Test and Evaluation: This step involves testing the system's security controls to ensure that they are functioning correctly.

  4. Risk Assessment: In this step, the risks associated with the system are identified, analyzed, and evaluated.

  5. Accreditation: In this step, the system is accredited based on the results of the previous steps, and a formal acceptance of the system's security posture is made.

  6. Continuous Monitoring: The final step in DITSCAP involves monitoring the system's security posture on an ongoing basis to ensure that it remains secure.

FITSAF (Federal Information Technology Security Assessment Framework) is a methodology that provides guidance for conducting security assessments of federal information systems.

OCTAVE (Operationally Critical Threat, Asset, and Vulnerability Evaluation) is a methodology for assessing and managing information security risks.

FIPS 102 is not a methodology, but rather a standard for using cryptographic algorithms in electronic data interchange systems.