CISSP-ISSEP: Information Systems Security Engineering Professional Exam

ISSE Model Phases

Question

You work as a security engineer for BlueWell Inc.

You are working on the ISSE model.

In which of the following phases of the ISSE model is the system defined in terms of what security is needed.

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

D.

The ISSE (Information Systems Security Engineering) model is a process used for the development of secure information systems. The model is composed of six phases, and each phase represents a specific task in the development process. The phases are as follows:

  1. Discover information protection needs
  2. Define system security requirements
  3. Define system security architecture
  4. Develop detailed security design
  5. Implement system security
  6. Assess and authorize system security

The phase in which the system is defined in terms of what security is needed is the "Define system security requirements" phase. This phase involves the identification of the specific security requirements that are necessary to protect the information system.

During this phase, the security engineer works with the system stakeholders to identify and prioritize the security requirements. These requirements are documented in a security requirements specification (SRS) document that will be used to guide the development of the system.

The security requirements identified during this phase may include things like access control, data encryption, and system monitoring. The SRS document will also include any relevant laws, regulations, and policies that the system must comply with.

Once the security requirements have been defined and documented, they will be used to guide the development of the system security architecture in the next phase of the ISSE model.

In summary, the correct answer to the question is D. Define system security requirements.