Any current ISSEP material?

Looking to take the ISSEP this year. Can anyone recommend any study material for this? I thought the 2nd edition of the ISC2 ISSEP book was supposed to come out a couple of months ago, but nothing ever came out. I do work in the DoD doing C&A (DIACAP) and real familiar with NIST 800 publications, but looking for more specific material. What do you guys recommend?

Find more posts tagged with

Comments

dijital1

If you already work with DIACAP then you have a bit of a leg up on someone that doesn't work in the System Authorization space. You'll have to be very familiar with the Risk Management Framework (SP 800-37 Rev1) and all of the supporting documents. You'll need to know how to categorize an information system based on it's type (Federal, DoD, National Security) and which documents apply in each case.

I can't stress enough how important it is to know and understand the documents. The ISSEP is the only ISC2 exam that I've taken where literally 2 questions in, I was wondering if I was taking the correct exam. Very challenging. I'd look over the current CIB for study material. Know the RMF, know the RMF and know the RMF.

To give you a head start, following is a list of documents that I studied and understood in preparation for the exam:

dijital1@katana:~/ISSEP/ISSEPRefs$ ls -1
CJCSI-6510.01E.pdf
CMMI for Acq v1.2.pdf
CMMI for Dev v1.2.pdf
CMMI for SVC v1.2.pdf
CNSSD_500-1.pdf
CNSSD-502.pdf
CNSSI_1253.pdf
cnssi_4009.pdf
cnssi_4012.pdf
cnssi_4013.pdf
cnssi_4014.pdf
CNSSI_4016.pdf
cnssp_14.pdf
cnssp_15.pdf
CNSSP_22.pdf
CNSSP_24.pdf
CNSSP_25.pdf
CNSSP_6.pdf
CommonCriteria PART1V3.1R3.pdf
CommonCriteria PART2V3.1R3.pdf
CommonCriteria PART3V3.1R3.pdf
DAG_03-18-11.pdf
DoD 522022m.pdf
DoD 832002g.pdf
DoD 857001m.pdf
DoDAF V2 - Volume 1.pdf
DoDAF V2 - Volume 2.pdf
DoDAF V2 - Volume 3.pdf
DoDD 500001p.pdf
DoDD 514401p.pdf
DoDD 810002p.pdf
DoDD 81001p.pdf
DoDD 85001p.pdf
DoDI 500002p.pdf
DoDI 85002p.pdf
DoDI 851001p.pdf
DoDI 855101p.pdf
DoD PMBOK--June 03.pdf
Engineering for SA-Guidebook-v1-Oct2008.pdf
ISSEP_IATF
NIST SP 800-100-Mar07-2007.pdf
NIST SP 800-115.pdf
nist sp 800-12.pdf
nist sp 800-14.pdf
Nist sp 800-18-Rev1-final.pdf
Nist sp 800-23.pdf
nist sp 800-25.pdf
Nist SP 800-27-RevA.pdf
NIST SP 800-30.pdf
Nist sp 800-34-rev1_errata-Nov11-2010.pdf
NIST SP 800-35.pdf
NIST SP 800-36.pdf
Nist sp 800-37-rev1-final.pdf
NIST sp 800-47.pdf
NIST sp 800-53A-rev1-final.pdf
NIST sp 800-53-rev3-Annex1_updated_may-01-2010.pdf
NIST SP 800-53-rev3-Annex2_updated_may-01-2010.pdf
NIST SP 800-53-rev3-Annex3_updated_may-01-2010.pdf
Nist sp 800-53-rev3-final_updated-errata_05-01-2010.pdf
NIST SP 800-59.pdf
NIST SP 800-60_Vol1-Rev1.pdf
NIST SP 800-60_Vol2-Rev1.pdf
NIST SP 800-64-Revision2.pdf
NIST SP 800-65-Final.pdf
NSTISSAM COMPUSEC 1-98.pdf
NSTISSAM infosec_1-00.pdf
nstissam_infosec_2-00.pdf
nstissi_1000.pdf
nstissi_4011.pdf
nstissi_4015.pdf
nstissi_7003.pdf
NSTISSP 101.pdf
nstissp-11-faqs.pdf
nstissp-11_fs.pdf
OMB CIRCULAR NO_ A-130 Revised The White House.mht
omb encryption-guidance.pdf
OMB M-03-22.mht
Public Law 100-235.pdf
Risk Management Guide for DoD Acquisition 6Ed Aug06.pdf
Section 3541 title 44-FISMA-final.pdf
ssecmmv3final.pdf

Hope this helps.

Joel Goldstein

yeah yeah wrote: »

Looking to take the ISSEP this year. Can anyone recommend any study material for this? I thought the 2nd edition of the ISC2 ISSEP book was supposed to come out a couple of months ago, but nothing ever came out. I do work in the DoD doing C&A (DIACAP) and real familiar with NIST 800 publications, but looking for more specific material. What do you guys recommend?

Unfortunately, there is no time frame for when the ISSEP textbook will have a new edition published. There are several reasons for this. The most notable reason is because there may be some changes coming to the ISSEP curriculum in 2014. Due to this possibility, ISC2 does not want to publish a textbook that has a short shelf life in being helpful to candidates. The other notable reason is the DOD’s transition from DIACAP to NIST guidelines.

If you are looking to pursue the ISSEP certification immediately, the first option would be to go through the references in the CIB (aka the Exam Outline). The second option would be to attend training from ISC2.

dijital1

DoD's changes primarily mean they're going to be adopting the RMF (800-37 Rev1) (DIARMF anyone?

) so there's not really a ton of reason to hold of preparing for and sitting this exam. If your plan is to take the exam within the next 3 months, I would go for it based on the current CIB. If you have the money your best option would be to take the Live Online training from ISC2.

If you do opt for the LoL training, try to get the class that Kevin Henry or the other Kevin (I forget his last name) is teaching. They're both top notch instructors.

The big change to the ISSEP happened a few revisions back when the primary process for accrediting non-DoD or NS systems moved to 800-37 Rev 1.

If you study the current CIB and know the material and who it applies to, you should be fine. If you're prepared well enough to be able to pass the current version of the exam, chances are good that you'll also do well in spite of the changes (if any) that happen over the next couple of months. Also, be sure to check ISC2's website for any videos they've posted for the credential that you're interested in. The set that was put online for the CAP was very helpful.

Hope this helps.