cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AlecTrevelyan
Community Champion

ISSEP Exam Changes Announced

I'm a bit late to the party with this one, and apologies if something was already posted about this, but if you weren't aware the ISSEP exam is due to be updated in November of this year:

 

https://blog.isc2.org/isc2_blog/2020/03/cissp-engineering-concentration-exam-updates.html

 

https://www.isc2.org/Certifications/CISSP-Concentrations/ISSEP-Domain-Change-FAQs

 

One notable change for the exam is the reduction in the number of questions from 150 down to 125. This is inline with other ISC2 exams being changed to fit the seemingly now standard for linear tests 3 hours / 125 questions format. (I do wonder if this has something to do with ISC2 wanting the CISSP to be (potentially) the longest test again after losing this title in the move to Computer Adaptive Testing for the English language version?)

 

In terms of changes to the exam outline, the main thing to note is a change in the domains:

 

"Systems Engineering Technical Management" (current domain 5) has been removed, but its content and most of the content from "Security Engineering Principles" (current domain 1) have now been incorporated into the brand new domain, "Systems Security Engineering Foundations" (new domain 1).

 

"Security Planning, Design, and Implementation" (current domain 3) has been changed to "Security Planning and Design" (new domain 3), with the implementation elements being moved into a brand new domain called, "Systems Implementation, Verification and Validation" (new domain 4). While most of the remainder of the content from "Security Engineering Principles" (current domain 1) not staying in the new domain 1 as described above, has now been moved into "Security Planning and Design" (new domain 3).

 

You can view the current and new exam outlines for yourself if you want to see the changes in detail. Unfortunately, the direct link to the ISSEP accordion section is not working so I won't post it here, but you'll be able to find your way there from this page if you select the ISSEP and then click on "get the exam outline" accordion section: https://www.isc2.org/Certifications/CISSP-Concentrations

 

Despite the rejigging of some of the tasks/subtasks in various domains into new domains or being dispersed amongst other domains, along with the removal of some domains, the overall list of tasks/subtasks across all the domains is very similar between the two versions of the exam outlines, so the concepts you'll need to understand to pass the exam should be the same. Even the tasks/subtasks that appear to be brand new were definitely covered in the materials I used to study for the ISSEP, so, as ever, the suggested reference list is the place to go for self-study materials: https://www.isc2.org/issep-cbk-references

 

One question I would have is, and this is not just in relation to the ISSEP changes but to all of the various certifications that have forthcoming changes (ISSAP and CSSLP to name two), given the current situation with Pearson VUE testing centres being closed and considering the impacts this will have on candidates preparing for the current exam versions, will ISC2 still be sticking with its plans to release the exam changes on the previously announced dates? @AndreaMoore @Kaity

 

5 Replies
AppDefects
Community Champion


@AlecTrevelyan wrote:

I'm a bit late to the party with this one, and apologies if something was already posted about this, but if you weren't aware the ISSEP exam is due to be updated in November of this year:

 

https://blog.isc2.org/isc2_blog/2020/03/cissp-engineering-concentration-exam-updates.html

 


Very astute observations on the new ISSEP structure. The certification has come a long way from being US government centric to one that is now applicable globally. Moving the certification content in that direction has take years of hard work. Thanks to everyone that contributed. The focus now is even greater on security engineering principles, planning, and design as you will notice in the weights associated with those domains. It is not easy driving consensus during a "Job Task Analysis" (JTA), but we did it! Now, let's build the membership!

AlecTrevelyan
Community Champion


@AppDefects wrote:


Very astute observations on the new ISSEP structure. The certification has come a long way from being US government centric to one that is now applicable globally. Moving the certification content in that direction has take years of hard work. Thanks to everyone that contributed. The focus now is even greater on security engineering principles, planning, and design as you will notice in the weights associated with those domains. It is not easy driving consensus during a "Job Task Analysis" (JTA), but we did it!

...

...


I'm from the UK, and despite the tie-in with the NSA and the RMF which is used almost exclusively by US federal organisations, I chose to pass the ISSEP to validate my years of experience in Systems Security Engineering. The remainder of the curriculum is, as you say, applicable globally. Also, the fundamentals of risk management you learn from studying the RMF are still applicable globally, even if you'll never be involved in the RMF itself as a prescribed process.

 

@AppDefects wrote:


...

...

Now, let's build the membership!


At the time I passed the ISSEP exam in Dec 2018, the member counts showed only 2 people from the UK held the ISSEP. When the most recent member counts were released in Jan 2020 it showed there are now 5 ISSEPs in the UK. So the UK membership has increased 150% in just over 12 months, which shows the certification is gaining in recognition, to the point I have seen it listed in job adverts over here now too.

 

Kaity
Community Manager


@AlecTrevelyan wrote:

...

 

One question I would have is, and this is not just in relation to the ISSEP changes but to all of the various certifications that have forthcoming changes (ISSAP and CSSLP to name two), given the current situation with Pearson VUE testing centres being closed and considering the impacts this will have on candidates preparing for the current exam versions, will ISC2 still be sticking with its plans to release the exam changes on the previously announced dates? @AndreaMoore @Kaity

 


Regarding this point - no change to the planned date of the exam updates for later this year. If that changes, we'll share an update as soon as it happens! 

AlecTrevelyan
Community Champion

Thanks @Kaity - understood!

 

AppDefects
Community Champion


@AlecTrevelyan wrote:


I'm from the UK, and despite the tie-in with the NSA and the RMF which is used almost exclusively by US federal organisations, I chose to pass the ISSEP to validate my years of experience in Systems Security Engineering. The remainder of the curriculum is, as you say, applicable globally. Also, the fundamentals of risk management you learn from studying the RMF are still applicable globally, even if you'll never be involved in the RMF itself as a prescribed process.

 


You can see that the certification has really matured over time. It is no longer tied to the US DoD. Remember the IATF? The original author actually evolved it into being NIST SP 800-160 (volume 1 and volume 2) and mapped to ISO/IEC/IEEE 15288, Systems and software engineering — System life cycle processes. It is true that there is a RMF focus that overlaps the CAP certification somewhat, but again its presented with an engineering mindset.

 

NIST SP 160