>>Information Systems Security Engineering

Information Systems Security Engineering (ISSE) is the art and science of discovering users' information protection needs and then designing and making information systems to safely resist the forces to which they may be subjected.

ISSE should be an integral part of systems engineering and should support certification and accreditation processes, such as the Department of Defense (DoD) Information Technology Security Certification and Accreditation Process (DITSCAP).

Resources

The ISSE process comprises the following eight activities:

Discover Information Protection Needs
Define System Security Requirements
Design System Security Architecture
Develop Detailed Security Design
Implement System Security
Assess Information Protection Effectiveness
Plan Technical Effort
Manage Technical Effort

The ISSE process ensures that security solutions are effective and efficient. It provides the basis for the background information, technology assessments, and guidance contained in the Information Assurance Technical Framework (IATF). For detailed descriptions of the ISSE process, refer to Chapter 3 of the IATF.