The phases in the Information Systems Security Engineering (ISSE) life-cycle model are:

Discover Information Protection Needs. Ascertain why the system needs to be built and what information needs to be protected.

Define System Security Requirements. Define the system in terms of what security is needed.

Define System Security Architecture. Define the security functions needed to meet the specific security requirements.

Develop Detailed Security Design. Based on the security architecture, design the security functions and features for the system.

Implement System Security. Following the documented security design, build and implement the security functions and features for the system.

Assess Security Effectiveness. Assess the degree to which the security of the system, as it is defined, designed, and implemented, meets the security needs.

ISSE model: Define security requirements. https://s3-euw1-ap-pe-df-pch-content-public-u.s3.eu-west-1.amazonaws.com/9780429207358/4f0e7fa0-934f-46ca-ad29-882cfdec4168/content/fig3_1_B.tif"/> (Source: Adapted from IATF, p. 3–2.)