cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mclewis74
Viewer II

New ISSEP Official Guide and/or training for the March 14 refresh?

I would like to take the new ISSEP exam, however, with the new format I will need to study different and updated areas.

Is there any estimated date for a release of a new Official ISC2 Guide or training for the new ISSEP format?

29 Replies
Kolbe
Newcomer II

I am looking for the same thing. The only book I can see is from 2007, right?
TK
Newcomer II

I am also interested in an official update regarding th the ISSEP course material.

SamanthaO_isc2
ISC2 Former Staff

Hello @TK

 

I just received an update from our team. The course should be ready sooner than the September timeframe listed in this article - we are thinking it may be ready as early as July!  At this time, the textbook is not being updated; however, it still can be used as a resource. You can also look at the following link to find other self-study items for the exam: https://www.isc2.org/Certifications/References

 

 

Samantha O'Connor
(ISC)² Online Community Manager
Xdbuix
Newcomer I

Hi Samantha! Just curious if we had some updates on the material!

Happy belated fourth!
CraginS
Defender I

@SamanthaO_isc2,

The original ISSEP body of knowledge relied heavily on Chapter 3 of the National Security Agency (NSA) Information Assurance Technical Framework (IATF) for core content in the Information Systems Security Engineering (ISSE) domain. The IATF has not been publicly available for many years. The 2007 ISSEP study guide book mentioned above used the IATF extensively for its content.

 

The successor document to Chapter 3 for SSE is the relatively new NIST Special Publication 800-160 Volume i, Systems Security Engineering: Considerations for a Multidiscip..., first published in 2016 and last updated 3/21/2018. 

 

Can your team confirm whether the new ISSEP exam is based on NIST SP 800-160, or whether there are holdover questions from the old IATF Chapter 3?

 

Thanks.

 

 

 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
ToniHahn
Contributor I

Hi Dr. D. Craigin Shelton,

  My name is Toni Hahn and I work in exams.  While I can't tell you what is specifically on the test.  I can tell you the most common references used for the ISSEP by domain.  Hope this helps

Top 5 references per domain (some may have fewer)

Domain 1
NIST SP 800-30 Rev 1
NIST SP 800-100

 

Domain 2

NIST SP 800-30 Rev 1

PMBOK Guide v3
NIST 800-37 rev 1

NIST SP 800-160

NIST SP 800-64

 

Domain 3

NIST SP 800-160

NIST SP 800-37 Rev 1

FIPS 140-2

NIST SP 800-115

NIAP/CCE Pub v4 (https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/scheme-pub-1.pdf)

 

Domain 4

NIST SP 800-88 Rev 1

NIST SP 800-160
NIST SP 800-53 Rev 4

NIST SP 800-100

NIST SP 800-37 Rev 1

 

Domain 5
Systems Engineering Fundamentals by United States Government US Army  Publisher: CreateSpace Independent Publishing Platform (April 15, 2013)   ISBN-13: 978-1484120835

PMBOK Guide Edition 3

PMBOK Guide Edition 4

PMBOK Guide Edition 5

ISO/IEC 21827:2008 Preview available https://www.iso.org/obp/ui/#!iso:std:44716:en

Information technology -- Security techniques -- Systems Security Engineering -- Capability Maturity Model® (SSE-CMM®)

while the IATF isn't as popular this time it is available - (v3.1) here: http://www.dtic.mil/dtic/tr/fulltext/u2/a606355.pdf

TK
Newcomer II

Hi Toni,

 

Many thanks for the domain level references, that is a great help.

So essentially, if one digests all of those linked documents and can apply the principles then that would be sufficient?

Does that mean that (ISC)2 will cease to provide a dedicated course book for the ISSEP concentration in future?

 

Regards,

TK

 

ToniHahn
Contributor I

Hi TK,
I can not confirm or deny about the references and studying. I can only provide the top 5 used for each domain.

I am sure Education will continue to publish books as the publishing of the top 5 references for each domain per certification on the web is just us responding from feedback from our members.

Hope this helps

CraginS
Defender I

@ToniHahn

Thanks for the detailed reference list. That helps quite a bit, and confirms that  SP 800-160 is key in two domains. 

I recommend that the list be updated to specify only SP 800-160 Volume 1 as the reference. Recent publication of Volume 2 forced the name change of the original release.

 

Also, quite fascinating that the PMBOK is listed as a key reference given that many enterprises consider the PMP a useful correlate certification to the CISSP, supplementing, not competing with, the CISSP. However, I STRONGLY recommend amending the list and filtering the exam question pool so that ONLY the current edition of the PMBOK is needed for study, and any questions derived from earlier editions but not found in the current one are removed from the question pool. 

 

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts