cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
aofihfaiohd
Viewer II

Provisionally Passed the CISSP-ISSEP - 01Sept2023

Provisionally passed the ISSEP.

 

Background:

4xISACA, 2xISC2, 2xGIAC,1xIAPP certs. 35 years in the industry.

 

I always give myself 3 months to study for an exam, I first did the official ISC2 online training (i.e. watched the videos) to get a feel for the course/certification. After that I did the training exam. Then I spent about 1.5 of the 3 months to read all the material. Stopped reading about one week before the exam.

 

I spent the bulk (80%) of the time reading NIST 800-160, NIST 800-37 and IATF 3.1. I did not read PMBOK or INCOSE at all (except the incose PDF-document that was linked in the course).

 

I normally use pocketprep but it was not available for ISSEP, tried cccure and udemy practice exams but it felt like those very made for an older version of the exam and the content did not align with the ISC2 course. So I used the training exam instead.

 

I found the exam very hard, I was convinced I had failed.

4 Replies
oi
Newcomer I

Congrats! I'm curious, why did you not bother diving into the PMBOK or INCOSE? Was it because you were already familiar with the material or because you felt like it wasn't going to be a huge part of the exam? Maybe a little of both?

 

Without disclosing too much, can you expound on why it felt so difficult? Was it just the nature of the questions or some topic you should have studied more?

aofihfaiohd
Viewer II

Thanks,

I saw INCOSE being mentioned here in the forums but it isnt on "the list" https://www.isc2.org/certifications/References. I have been working in projects, as a technical project manager and project manager and getting the PMBOK was expensive so I decided not to buy/read it.

 

English is not my native language, so I would say the language in the exam. I have passed CCSP and CISSP, but I feel this was more complicated language in the questions. Also I feel that normally the last 20-25 questions in the CAT test modell are somewhat hard, but here I struggled with the last 40-50 questions and used up much more time than CCSP/CISSP.

mav51
Newcomer I

Thanks for sharing your experience and study materials! I'm planning to prepare for it by January.

PatrickG78108
Newcomer I

This is an older thread, but I thought I would add that the references (at the link aofihfaiohd listed) must have been updated to include the INCOSE material.  Please see the cut/paste of the ISSEP section *from your link), below.

 

ISSEP
 
  • A Guide to the Project Management Body of Knowledge (PMBOK Guide), 7th Ed. by Project Management Institute. Publisher: Project Management Institute. (Aug, 2021).

  • INCOSE Systems Engineering Handbook by Walden. Publisher: Wiley. (Jul, 2015).

  • Information Assurance Technical Framework 3.1 by National Security Agency Information Assurance Solutions Technical Directors. (Sep, 2002).

  • ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation by ISO/IEC. Publisher: National Information Assurance Partnership. (Dec, 2017).

  • NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012).

  • NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

  • NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative. (Mar, 2011).

  • NIST SP 800-40, Rev. 3, Guide to Enterprise Patch Management Technologies Murugiah Souppaya, Karen Scarfone. (Jul, 2013).

  • NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020).

  • NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014).

  • NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh. (Sep, 2008).

  • NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018).

  • NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information System and Organizations by Jon Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol. (Apr, 2015).
PATRICK Gillilan ISSEP, CISSP, CGRC, CISM, C|EH