cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Advocate I

Re: New ISSEP Official Guide and/or training for the March 14 refresh?

 

I passed the ISSEP exam today thanks to the guidance in this thread, particularly the list of top 5 references per domain from @ToniHahn and the advice from @wentzwu that the old CBK book from 2005 is still a valuable study resource. Many thanks to you both!

 

Newcomer III

Re: New ISSEP Official Guide and/or training for the March 14 refresh?

CONGRATS!!!!!  That's great news!!!

Newcomer I

Re: New ISSEP Official Guide and/or training for the March 14 refresh?

Congrats on your pass!

TK
Newcomer I

Re: New ISSEP Official Guide and/or training for the March 14 refresh?

Well done, congratulations.

Newcomer II

Re: New ISSEP Official Guide and/or training for the March 14 refresh?

Congratulations for passing ISSEP!

Highlighted
Contributor III

Re: New ISSEP Official Guide and/or training for the March 14 refresh?


@CraginS wrote:

@ToniHahn

Thanks for the detailed reference list. That helps quite a bit, and confirms that  SP 800-160 is key in two domains. 

I recommend that the list be updated to specify only SP 800-160 Volume 1 as the reference. Recent publication of Volume 2 forced the name change of the original release.

 

Also, quite fascinating that the PMBOK is listed as a key reference given that many enterprises consider the PMP a useful correlate certification to the CISSP, supplementing, not competing with, the CISSP. However, I STRONGLY recommend amending the list and filtering the exam question pool so that ONLY the current edition of the PMBOK is needed for study, and any questions derived from earlier editions but not found in the current one are removed from the question pool. 

 

 


Generally speaking, the most recent (final) version of a standard is used and that does include any material consumed through PMI, of which the PMBOK is only one example to help build a foundation in the technical management domain.

Also, I would strike the IATF reference, it was replaced it with NIST SP 800-160 v1 and the ISO/IEC/IEEE 15288 standard that it references. Although the list looks good, I strongly caution you in saying that the certification is not about memorizing and recalling standards. You must be able to apply knowledge consistently. It is true that the certification had its start with the DoD, but today it has become more international and less NIST standard and DoD policy issuance centric. Systems Security Engineering is a discipline and NOT just a part of the certification title. It is an engineering mindset. That is what I live and breathe every day.