CISSP-ISSEP┃Information System Security Engineering Professional
The Information Systems Security Engineering Professional (CISSP-ISSEP) exam is a definitive and suitable credential for candidates if they are planning to grow in their respective fields in security and know-how to integrate security into all elements of business undertakings. This security engineering certification acknowledges and tests the candidates’ abilities to practically apply systems engineering principles and processes to cultivate and create secure and strong systems in real-life.
Target Audience
The candidates who should consider the Information Systems Security Engineering Professional (CISSP-ISSEP) exam for their career growth and boost are the following:
- Senior systems engineer.
- Information assurance systems engineer.
- Information assurance officer.
- Information assurance analyst.
- Senior security analyst.
Recommended Knowledge and Prerequisites
Candidates must possess the knowledge and skills to blend in and implement security system principles into projects, applications, business strategies & world and all information systems. Also, candidates must be a deserving CISSP and have two years of consistent, paid work experience in one or more of the five domains of the CISSP-ISSEP CBK.
CISSP- ISSEP Exam Format
The CISSP- ISSEP exam difficulty is quite high. So familiarising with the exam details is of utmost importance. The CISSP ISSEP exam questions are in Multiple Choice and Multi-Response Format. You get 3 hours to complete the 125 questions of this exam. Also, the cost is $599. Moreover the CISSP- ISSEP questions are available in English language only.
Exam Name Information Systems Security Engineering | Exam Code CISSP-ISSEP |
Exam Duration 3 hours | Exam Format Multiple Choice and Multi-Response Questions |
Pass Score 700 (on a scale of 1-1000) | Number of Questions 125 |
Eligibility/Pre-Requisite 2 years cumulative, paid work-ex | |
Exam Language English | Register Pearson VUE |
For More Details See – CISSP-ISSEP FAQ – Information System Security Engineering
Course Outline
The Information Systems Security Engineering Professional (CISSP-ISSEP) Exam covers the following domains.
Domain 1: Systems Security Engineering Foundations 25%
1.1 Apply systems security engineering fundamentals
- Understand systems security engineering trust concepts and hierarchies
- Identify the relationships between systems and security engineering processes
- Apply structural security design principles
1.2 Execute systems security engineering processes
- Identify organizational security authority
- Identify system security policy elements
- Integrate design concepts (e.g., open, proprietary, modular)
1.3 Integrate with applicable system development methodology
- Integrate security tasks and activities
- Verify security requirements throughout the process
- Integrate software assurance methods
1.4 Perform technical management
- Perform project planning processes
- Perform project assessment and control processes
- Perform decision management processes
- Perform risk management processes
- Perform configuration management processes
- Perform information management processes
- Perform measurement processes
- Perform Quality Assurance (QA) processes
- Identify opportunities for security process automation
1.5 Participate in the acquisition process
- Prepare security requirements for acquisitions
- Participate in selection process
- Participate in Supply Chain Risk Management (SCRM)
- Participate in the development and review of contractual documentation
1.6 Design Trusted Systems and Networks (TSN)
Domain 2: Risk Management 14%
2.1 Apply security risk management principles
- Align security risk management with Enterprise Risk Management (ERM)
- Integrate risk management throughout the lifecycle
2.2 Address risk to system
- Establish risk context
- Identify system security risks
- Perform risk analysis
- Perform risk evaluation
- Recommend risk treatment options
- Document risk findings and decisions
2.3 Manage risk to operations
- Determine stakeholder risk tolerance
- Identify remediation needs and other system changes
- Determine risk treatment options
- Assess proposed risk treatment options
- Recommend risk treatment options
Domain 3: Security Planning and Design 30%
3.1 Analyze organizational and operational environment
- Capture stakeholder requirements
- Identify relevant constraints and assumptions
- Assess and document threats
- Determine system protection needs
- Develop Security Test Plans (STP)
3.2 Apply system security principles
- Incorporate resiliency methods to address threats
- Apply defense-in-depth concepts
- Identify fail-safe defaults
- Reduce Single Points of Failure (SPOF)
- Incorporate least privilege concept
- Understand economy of mechanism
- Understand Separation of Duties (SoD) concept
3.3 Develop system requirements
- Develop system security context
- Identify functions within the system and security
- Concept of Operations (CONOPS)
- Document system security requirements baseline
- Analyze system security requirements
3.4 Create system security architecture and design
- Develop functional analysis and allocation
- Maintain traceability between specified design and system requirements
- Develop system security design components
- Perform trade-off studies
- Assess protection effectiveness
Domain 4: Systems Implementation, Verification and Validation 14%
4.1 Implement, integrate and deploy security solutions
- Perform system security implementation and integration
- » Perform system security deployment activities
4.2 Verify and validate security solutions
- Perform system security verification
- Perform security validation to demonstrate security controls meet stakeholder security requirements
Domain 5: Secure Operations, Change Management and Disposal 17%
5.1 Develop secure operations strategy
- Specify requirements for personnel conducting operations
- Contribute to the continuous communication with stakeholders for security relevant aspects of the system
5.2 Participate in secure operations
- Develop continuous monitoring solutions and processes
- Support the Incident Response (IR) process
- Develop secure maintenance strategy
5.3 Participate in change management
- Participate in change reviews
- Determine change impact
- Perform verification and validation of changes
- Update risk assessment documentation
5.4 Participate in the disposal process
- Identify disposal security requirements
- Develop secure disposal strategy
- Develop decommissioning and disposal procedures
- Audit results of the decommissioning and disposal process
Preparation Guide for the Information Systems Security Engineering Professional (CISSP-ISSEP) Exam
An exam credential brings out the excellence of your mastery to demonstrate and interpret the skills required for the job in the market. Mostly, candidates pursue their subjects based on what’s really in demand and where the mainstream crowd is heading. This sometimes pulls candidates to the direction they never wanted to go to in the first place. Before starting your study sessions, download the free CISSP- ISSEP exam guide provided by the website to get the gist of what it is. This will boost your confidence and determination to give the exams as you will become super sure or you will realise the opposite.
Remember, be clear with your choices from the start, whether you want to opt for the credential, what kind of schedule you want to set in regards to your work-life balance, which resources will fit in the best, etc. All of these are proven to be a favored way to enhance your journey of studying and learning for what you aspire to achieve. Lets get started with your CISSP- ISSEP exam preparation.
Learning Resource 1: Official Website
The official website has many small yet important resources that are extremely beneficial for all the candidates, following are the three basics:
- Updated CISSP- ISSEP exam outline – The updates exam outline, yes. The exam’s syllabus has been changed and the newest exam outline will be used from 13th November 2020. So it’s very important to check that and download the Pdf. If you are going to appear for the exam before it, the older version of the exam outline is also available at the site.
- Glossary – The exam might have a few sets of words that you might not be able to interpret or understand, so the website has a glossary made especially for candidates to understand the vocabulary of the exam and their study.
- Free Guide – The website also provides a free CISSP- ISSEP study guide that explains everything about the exam and answers all your doubts about whether or not you are fit for it and how you can grow further with the credential. This is a must, download the guide as it’s very important due to the details and messages it sends out to its aspirants.
Learning Resource 2: Self-paced Course
This is a formal course introduced by the (ISC)² for their aspirants. It’s a 180 Days of express entry to the content hub of the Official (ISC)² ISSEP study material in the learning management system. This course includes 40 hours of video lectures wrapping all 6 domains that’ll be coming for the exam. It also consists of Interactive flashcards, Domain Quizzes, Post-assessment practice questions, and Flexibility to learn on your schedule. Also, this course comes with a bonus! The CISSP Self-Paced Refresher is provided to the candidates at no additional cost, this course includes study materials for your voyage too. This is a completely different course but is offered for free. The official self-paced course’s Price is $2,495.
Learning Resource 3: Flashcards
The Official Information System Security Engineering Professional Flash Cards is one of the best ways to rehearse. Flashcards are the most fun and engaging way to study for any exam anytime and anywhere. The fact they are small, pleasant to the eyes, and easy to carry and revise with makes it the best companion. with Official ISSEP Flash Cards! This will immediately lift your soul to study when you get bored with watching modules and reading books.
Learning Resource 4: Online (ISC)² Community
Online communities can benefit candidates when it comes to engaging with people at the same level of mastery as theirs or close to it, as online communities are filled with students, aspirants and experienced candidates who come together to be helped and help each other. Candidates can come across individuals who can share great tips and tricks and help them calm down or be well prepared before the exam.
Evaluate with Practice Tests
Practicing can never go wrong until and unless a person who never prepared for anything. Although the official website doesn’t provide candidates with sample tests or mock tests, students can practice their test at Pearson VUE website, the main idea of this is to show candidates how it will exactly bon their exam day. This will really add salt to candidates’ efforts of months of preparation. Boost your confidence with CISSP ISSEP practice exams now!