Wednesday, September 14, 2005

Information System Security Engineering Professional (ISSEP) certification

I've been thinking of taking the Information System Security Engineering Professional (ISSEP) certification. Since the CISSP info is still fresh in my mind and much of the ISSEP are things I do or have to deal with daily it seems like a good idea.

What is the ISSEP?
The ISSEP was developed by the International Information System Security Certification Consortium (ISC)2 in conjuction with the National Security Agency/IAD. Where as the CISSP is an all encompassing general look at security, the ISSEP is a concentration on system security engineering process. System security engineering has to do with ensuring that selected solutions
meet the mission or business security needs. It is defined as "the art of and science of discovering users security needs, and designing and making with economy and elegance information
systems so that they can safely resist the forces they might be subjected to."


System Security Engineers tasks:
Discover Information Protection Needs
Define system Security Requirements
Design System Security Architectures
Develop Detailed Security Design
Implement System Security
Assess Information Protection Effectiveness

Instead of ten Domains the ISSEP has four:

System Security Engineering
Certification and Accreditation
Technical Managment
U.S. Government Information Assurance Regulations

Most of of the ISSEP's material comes from the Information Assurance Technical Framework (IATF).

My co-worker recently took the test and he said it was more difficult than the CISSP. The CISSP is easily THE most difficult test I've every done. Although, since most of the information comes from the IATF, I'm not sure how it could be more difficult.
The CISSP is so broad that you could not possibly get all the information from a single source.

http://www.acsac.org/2003/case/thu-c-1530-Oren.pdf
www.nsa.gov
www.isc2.org

0 Comments:

Post a Comment

<< Home