Sorry to hear that u had fell short. I am preparing for ISSEP and taking it by end of June. Focusing on all the 5 domains (and not planning to read any of the regulatory, Common Criteria stuff), primarily using the public documents listed in the references list, flash cards seems like still has the information from old domains. Best of luck!
From my memory of the exam, leaving out knowing (being able to nearly recite the content nearly verbatim and its source document) of the regulatory information would be a serious mistake. I’m not sure if you said this because you work with it so regularly that you don’t feel the need to study, or you think that it isn’t a relevant portion of the exam.
As a ISSAP and ISSMP the best way to prepare is to get the official text and ensure that you have also read the majority of the references (most are in the public domain) at the end of the chapters. You may find if you've worked in InfoSec any length of time that you already have some of the text books, standards etc. Many of the references are to NIST SP800, RFCs, ISO standards etc, which you'll probably have read at some point.
I would consider self study rather than looking for a boot camp. You simply need the self discipline to get up early and work at it all day, sleep, get up and do the same.
I wholeheartedly agree with Steven.
Even more than the CISSP, these concentrations are deep dives into work roles. If you do not currently do these work roles on a daily basis that would expose you to either the processes or regulations that these exams cover, you will not likely be in a good position to pass.
You will likely need to commit significant time to working with flash cards and taking scenario based practice exams if you don’t currently work in all of the domains for the work role you’re testing for.
Couple of domains were dropped and new topics have been included.(refer https://www.isc2.org/-/media/ISC2/Certifications/Exam-Outlines/ISSEP-Exam-Outline-v1204---March-2018...).
Here is a thread from ChrisBoz** about the changes.
I can tell you that ISC2 is testing on the new 5 domain layout for ISSEP as I found out the hard way yesterday. I had an instructor tell me during my prep course that ISC2 was not changing the exam (even though there was a scheduled date) until they released new training material. Well I followed his advice and only studied for the old 4 domain structure and fell short when I tested yesterday, although I came super close which is encouraging. So for anyone who is planning to test, know the 5 domains and you can forget about stuff like the Federal regulations domain which is a thing of the past. I will study the new areas and plan to test in about 45 days.
Hope this helps...
It looks like you’re missing several NIST/CSRC Special Publications and all of the DoD references besides the “SEF Guide”. You may want to revisit DoD references on “Operational Risk Management” as an overlay to the Risk Management Domain, and then apply them to the IT environment. There are some CBT courses available from the Defense Security Services SPeD program that should fill some gaps in concepts like IT Supply Chain Management with knowledge and input from the Counterintelligence world. I don’t know if these are open to the public or if you have to be affiliated with government. It also couldn’t hurt to lean on the CompTIA IT Project+ materials for the project management objectives.
So for anyone who is planning to test, know the 5 domains and you can forget about stuff like the Federal regulations domain which is a thing of the past. I will study the new areas and plan to test in about 45 days.
I would like to know from any of you who take the test soon, if not knowing the content of these pubs holds true.
For example, even if not knowing “SP 800-37” is the regulation for the “Risk Management Framework”, the framework itself contained in this pub is the basis for several exam Objectives from what I can see in the March 2018 Exam Outline. U.S. Government published Operational Risk Management manual, or “ORM” form the basis of nearly every Risk Management process I’ve seen related to IT engineering risk regardless of if it were public or proprietary.
Ridding the exam of a regulation mapping domain may make it unnecessary to quote which publication a concept came from, but I am wagering that many of the questions on the current exam were adopted directly from these pubs.