nerdexam
(ISC)2

CISSP-ISSEP · Question #15

Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document? Each correct answer represents a complete solu

The correct answer is B. It allocates security mechanisms to system security design elements. C. It identifies custom security products. D. It identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security. During the detailed security design phase, the ISSEP's role shifts from problem discovery to solution implementation - specifically, allocating security mechanisms to design elements (B), identifying custom-built security products (C), and identifying candidate COTS/GOTS products

Security Planning and Design

Question

Which of the following statements define the role of the ISSEP during the development of the detailed security design, as mentioned in the IATF document? Each correct answer represents a complete solution. Choose all that apply.

Options

  • AIt identifies the information protection problems that needs to be solved.
  • BIt allocates security mechanisms to system security design elements.
  • CIt identifies custom security products.
  • DIt identifies candidate commercial off-the-shelf (COTS)government off-the-shelf (GOTS) security

How the community answered

(33 responses)
  • A
    21% (7)
  • B
    79% (26)

Explanation

During the detailed security design phase, the ISSEP's role shifts from problem discovery to solution implementation - specifically, allocating security mechanisms to design elements (B), identifying custom-built security products (C), and identifying candidate COTS/GOTS products (D) that can fulfill security requirements. These three activities are all about how security will be technically realized within the system architecture, which is precisely what detailed design entails.

Option A is incorrect because identifying information protection problems belongs to an earlier phase (requirements analysis/problem definition), not detailed design - by this stage, the problems are already known and the focus is on solutions.

Memory tip: Think of detailed security design as the "HOW" phase - How do we allocate mechanisms? How do we source products (custom or off-the-shelf)? Problem identification is the "WHAT" phase and happens upstream. If an answer choice sounds like discovery or analysis, it likely belongs before detailed design, not during it.

Topics

#Security Design#ISSEP Role#Security Engineering#COTS/GOTS

Community Discussion

No community discussion yet for this question.

Full CISSP-ISSEP Practice