Re: Please review user experience as an ISSMP hope...

ericgeater

Good morning. Will someone at ISC2 please dogfood the UX for looking into the ISSMP study materials?

First, the email I received which should have delivered the "ultimate guide to the ISSMP" delivered the "ultimate guide to the ISSEP".

Next, the "thank you" page for registering for the ultimate guide (found here) includes the November 2022 exam guide. The guide as presented on the link still labels the exam as the CISSP-ISSMP.

I had forgotten that I'd downloaded the ultimate guide back in June, but the "ultimate guide" link I received at that time had a November 2023 date. I saved that download to a specific folder on my PC, so it's a stare-and-compare of side-by-side documents.

This is just a courtesy note. Y'all know my email address if you'd like to ask questions directly!

-----------
A claim is as good as its veracity.

nkeaton

I passed the exam in July. I used the NIST documents and did read the last book just for context. It was not very helpful for the exam but was a good perspective. I think that Luke’s How to Think Like a Manager was also good for framing my mindset. Definitely keeping the exam objectives with me was a positive. I have earned a CISSP and a CISM and seemed like a natural path. I passed the ISSEP last fall but very different from each other. Best wishes.

ericgeater

Thanks for your feedback! Which NIST documents are you describing, by the way?

And I had not heard of Ahmed's book before now. I appreciate the suggestion. It seems that ISSMP doesn't have nearly as much study literature available as CISSP does.

-----------
A claim is as good as its veracity.

nkeaton

I used ISC2's reference list: https://www.isc2.org/certifications/references I was already very familiar with about half of them. I only became familiar with SP 800-160 (very redundant, so can probably be fine after reading only so much of it) because it was a reference for the ISSEP that I earned last year. I think that Luke's book was a good reinforcement for the mindset on answering questions correctly. The former concentrations have very little current out there and just have to use the exam objectives to focus on what need to. Yes, it was more focused. Having a CISSP and a CISM besides experience were probably helpful as well for me. You might want to watch the BrightTalk webinar on it. If you give them your member id, they automatically apply those to your account for CPEs. I don't really usually recommend YouTube videos, but Prabh Nair is one of the few to even address the certification: https://www.youtube.com/watch?v=cbWNrEurZfE. Neither of these may help you pass the exam but is good to have the information to better know what to expect. Also ISC2 has no cost resources such as flashcards and study groups if those help you. They do not help me, but we definitely all learn differently, and they help others. I did read the last CBK at the beginning of my study just to get a perspective, knowing that was not the current testable exam objectives (they call it an exam outline). Feel free to ask questions; I will answer them if I can. Best wishes.

PatrickG78108

Perhaps the NIST documentation listed on the bibliography?

- NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint
Task Force Transformation Initiative. (Sep, 2012).

------------------------------

- NIST SP 800-34 Rev. 1, Contingency Planning Guide for Federal
Information Systems by Marianne Swanson, Pauline Bowen, Amy Wohl Phillips,
Dean Gallup, David Lynes. (May, 2010).

------------------------------

- NIST SP 800-37, Rev. 2, Risk Management Framework for Information
Systems and Organizations: A System Life Cycle Approach for Security and
Privacy by Joint Task Force Transformation Initiative. (Dec, 2018).

------------------------------

- NIST SP 800-39, Managing Information Security Risk: Organization,
Mission, and Information System View by Joint Task Force Transformation
Initiative. (Mar, 2011).

------------------------------

- NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information
Systems and Organizations by Joint Task Force Transformation Initiative.
(Sep, 2020).

------------------------------

- NIST SP 800-55, Rev. 1, Performance Measurement Guide for Information
Security by Elizabeth Chew, Marianne Swanson, Kevin Stine, Nadya Bartol,
Anthony Brown, Will Robinson. (Jul, 2008).

------------------------------

- NIST SP 800-61, Rev. 2, Computer Security Incident Handling Guide by
Paul Cichonski, Tom Millar, Tim Grance, Karen Scarfone. (Aug, 2012).

------------------------------

- NIST SP 800-128, Guide for Security-Focused Configuration Management
of Information Systems by Arnold Johnson, Kelley Dempsey, Ron Ross, Sarbari
Gupta, Dennis Bailey. (Aug, 2011).

------------------------------

- NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations
for a Multidisciplinary Approach in the Engineering of Trustworthy Secure
Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018).
-

PATRICK Gillilan ISSEP, CISSP, CGRC, CISM, C|EH

nkeaton

I included it in my last reply and got the NIST documents from here: https://www.isc2.org/certifications/references I did read the last CBK just to kind of start framing the certification mentally before studying what I knew was on the current exam objectives. I read PMI's Agile Practice Guide but not sure that it really helped me much. I did not read any of the other references and was already very familiar with a few of the NIST documents.

ericgeater

Thank you @nkeaton and @PatrickG78108 for both responding to my question! I'm now adding the list to my library.

-----------
A claim is as good as its veracity.

Please review user experience as an ISSMP hopeful