Hi All,   I have started reading the IATF -  Information Assurance Technical Framework (IATF) Release 3.1, its an excellent document to understand the concepts of Systems Engineering with Security Mindset.   There are a few references to dial up modem based authentications, is there an expectations for exam takers to understand this authentication process and recommended countermeasures.   In the similar context, there are many reference to legacy concepts do we diligently understand these concepts.   Thanks in advance   Regards Vinay View More

If you are reading this, you are starting the journey to get your ISSEP, and I earned my CISSP-ISSAP back in 2018, a requirement for work as a DoD Civilian.    I used the ISC2 self-study course, which was expensive, but the E-Learning Book has content similar to the exam and a practice exam that provides the reason the answer was wrong or correct after you do the practice exam.   The learning course is based on the theme of a security/system engineer in a company, so you get a 360-degree concept of best security and engineering practices.     Kyle     View More

Good day everyone. I am proud to announce that I have passed the CISSP ISSEP certification. The exam was very challenging and prepping for this exam taught me a lot. I was mentally exhausted by the time the examination ended. These are the references I used: CISSP Certified Information Systems Security Professional Official Study Guide Edition Information Assurance Technical Framework 3.1 by National Security Agency Information Assurance Solutions Technical Directors. (Sep, 2002). (Chapters 1-7) ISO/IEC 15408 Common Criteria for Information Technology Security Evaluation by ISO/IEC. Publisher: National Information Assurance Partnership. (Dec, 2017). NIST SP 800-30, Rev. 1, Guide for Conducting Risk Assessments by Joint Task Force Transformation Initiative. (Sep, 2012). NIST SP 800-37, Rev. 2, Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy by Joint Task Force Transformation Initiative. (Dec, 2018). NIST SP 800-39, Managing Information Security Risk: Organization, Mission, and Information System View by Joint Task Force Transformation Initiative. (Mar, 2011). NIST SP 800-40, Rev. 3, Guide to Enterprise Patch Management Technologies Murugiah Souppaya, Karen Scarfone. (Jul, 2013). NIST SP 800-53, Rev. 5, Security and Privacy Controls for Information Systems and Organizations by Joint Task Force Transformation Initiative. (Sep, 2020). NIST SP 800-61, Rev.2 Computer Security Incident Handling Guide NIST SP 800-64, Rev 2. Security Considerations in the System Development Life Cycle NIST SP 800-88, Guidelines for Media Sanitization by Richard Kissel, Andrew Regenscheid, Matthew Scholl, Kevin Stine. (Dec, 2014). NIST SP 800-100 Information Security Handbook: A Guide for Managers NIST SP 800-115, Technical Guide to Information Security Testing and Assessment by Karen Scarfone, Murugiah Souppaya, Amanda Cody, Angela Orebaugh. (Sep, 2008). NIST SP 800-128 Guide for Security-Focused Configuration Management of Information Systems NIST SP 800-160, Vol. 1, Systems Security Engineering: Considerations for a Multidisciplinary Approach in the Engineering of Trustworthy Secure Systems by Ron Ross, Michael McEvilley, Janet Carrier Oren. (Mar, 2018). NIST 800-160, Vol. 1 Rev 1, Engineering Trustworthy Secure Systems NIST 800-160, Vol. 2 Rev 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach NIST SP 800-161, Supply Chain Risk Management Practices for Federal Information System and Organizations by Jon Boyens, Celia Paulsen, Rama Moorthy, Nadya Bartol. (Apr, 2015). FIPS 199/200 A Guide to the Project Management Body of Knowledge (PMBOK Guide), 7th Ed. by Project Management Institute. Publisher: Project Management Institute. (Aug, 2021). PMBOK 7th Edition Tutorial (FREE Course! PMBOK Guide 7th Edition Masterclass) by Alvin the PM https://www.youtube.com/watch?v=-KsyLQ4xWtE Systems Security Engineering Capability Maturity Model SSE-CMM Model Description Document https://apps.dtic.mil/sti/citations/ADA393329 Good luck to anyone in pursuit of this exam! View More

Hey all -  I was thinking about dipping my toe into the waters on ISSEP.  Has anyone taken the cybrary.it ISSEP course?  Was it beneficial?  I don't suspect it is nearly enough to pass ISSEP.   Thanks! View More

Provisionally passed the ISSEP.   Background: 4xISACA, 2xISC2, 2xGIAC,1xIAPP certs. 35 years in the industry.   I always give myself 3 months to study for an exam, I first did the official ISC2 online training (i.e. watched the videos) to get a feel for the course/certification. After that I did the training exam. Then I spent about 1.5 of the 3 months to read all the material. Stopped reading about one week before the exam.   I spent the bulk (80%) of the time reading NIST 800-160, NIST 800-37 and IATF 3.1. I did not read PMBOK or INCOSE at all (except the incose PDF-document that was linked in the course).   I normally use pocketprep but it was not available for ISSEP, tried cccure and udemy practice exams but it felt like those very made for an older version of the exam and the content did not align with the ISC2 course. So I used the training exam instead.   I found the exam very hard, I was convinced I had failed. View More