I hope this is correct Samantha as I've asked several times over the last couple years when a new guide would be forthcoming - crickets.  THANKS!

With all the turmoil I have been considering getting the INCOSE CSEP certification as a warmup for the ISSEP.

@ToniHahn referred to study references that "may be older but still relevant so these are the top references that were used. We do not limit what reference an item writer can use with the exception of a few. "

Toni, and all of the exam teams,

PLEASE change your guidelines to limit necessary references for new certification aspirants to only those currently available from the original authoritative source. If it is essential to study PMBOK editions 3, 4, and 5, but it is only possible to obtain edition 5 from the Project Management Institute, this is a major problem. In fact, it is the very problem of the old one I mentioned, of requiring the IATF from NSA long after NSA stopped making it available. Even if the old publication can be found on some secondary archive source, the fact that it is no longer current according to the original publisher means that we should not use it as a current source.  A perfect example is the huge change in password management advice as NIST updated SP 800-63 last year.

If a new or replacement edition appears, review the question pool for older edition questions to confirm the Q&A are still covered in the new edition. If a reference disappears from the original authoritative source, remove all questions based on that reference.

Hello everyone,

Thank you all for posting about this and creating an engaging discussion, we appreciate all of the comments and suggestions that have come up around this topic. If you wish to influence which references are used for future iterations of the exam, we recommend signing up to volunteer for exam writing. You can get more information about that by emailing examdevelopment@isc2.org or taking a look here.

We encourage you all to continue to comment and discuss this topic here; however, at this time there is nothing further that (ISC)² can offer on this topic.

Thank you, 

Thanks, @ToniHahn. I passed the ISSEP exam today. Your references by domain are helpful.

I shared mine on my blog and hope this helpful to ISSEP aspirants.

Congratulations!!!  That is something you should be very proud of!!  It is not an easy exam!  I am so glad the references helped!!  🙂  Great news!!  Thanks for sharing!  

Congratulations @wentzwu!

A question regarding your study materials. I see you used the (ISC)2 CISSP-ISSEP resource, I am reluctant to buy it as it is very old, how did you find the content?

Thanks, @TK!

I believe the revision to the ISSEP exam is an evolution instead of a revolution. That's why I bought the old ISSEP-CBK 2005 and found it valuable. I would suggest to read Domain 1, 3, and 4(focus on ch 14 & 15, while 11 to 13 are good to know). Domain 2 is pretty good as well to know about how the C&A worked in the past. Practicing the sample questions helps.

Some other materials for your information:

• NIST IA Overview: NIST SP 800-100, 800-12 (understand the RMF overview diagram on page 36 well)
• Engineering concepts: NIST SP 800-64, 800-160 vol1 & vol2 (for resilience), CSSLP CBK
• Risk Management: 800-39, 800-30, 800-37
• Security Planning: NIST 800-18, 800-34
• Important topics: Patching, Continuous Monitoring, Sanitization... go for related NIST SP guidelines.

Enjoy your journey to ISSEP and good luck!