Preparing for the ISSEP

Jonnyg

I recently obtained my CISSP and have decided to begin studying in preparation for the ISSEP. Has anyone here attempted and passed the ISSEP? If so, what materials did you use and what would you recommend? I have done some research on my own, and these are the materials I intend to use:

- Official CISSP-ISSEP CBK
- The CISSP Prep Guide: Mastering the CISSP and ISSEP Exams
- Virtual Training Environment (VTE) online training course
- CCCure practice questions
- SkillPort practice questions

If anyone has experience with this exam and can share their study plan, recommend additional materials, or their thoughts on the materials I have selected, it would be appreciated!

zxbane

I personally haven't pursued it but I know others here have, best of luck in your pursuit and be sure to let us know how it goes!

Also, I remember your CISSP post, did you already go through the CISSP endorsement process since passing?

Jonnyg

Thanks, zxbane! I have submitted everything on my end for the endorsement process and am just waiting to hear back from them. I know that I will be attempting the ISSEP exam in the future, so I decided I may as well begin studying for it immediately while the CISSP information is still very fresh. I feel as though that would be an advantage, rather than sitting on the CISSP for a long time and then trying to come back at a later date to do the ISSEP.

philz1982

Not to be an ass but some on here get a bit sensitive if you put your CISSP cert on prior to endorsement. Plus I think its against their policy. I know it's annoying as I was in the middle of apply for a job and waiting for my CISSP endorsement approval. Just don't want you to get in any trouble.

-Phil

Jonnyg

Thanks for the input, Phil. I updated it to reflect the pending endorsement since that is technically correct. I will update it again in a week or two to avoid offending anyone on the forum.

zxbane

Just curious, what made you choose the ISSEP concentration versus one of the others?

Jonnyg

This one is the closest to my career path within the DoD contracting world, which deals closely with C&A and ISSE roles.

broli720

Definitely not a lot of highly rated study material out there for this exam so good luck. Let us know how your studies go.

Jonnyg

That's what I've been hearing. I am just hopeful that someone here who has passed can lend some suggestions what to include in a study plan.

broli720

There are a few threads out there, but nothing substantial such as a go to textbook is mentioned. My plan is to re-read the specific domains from my CISSP study notes and textbooks and look at the exam objectives. I have a feeling that my experience will be enough to get me through.

Jonnyg

How long ago did you take the CISSP and when do you plan on taking the ISSEP? I think having done the CISSP recently will be a needed base to build the ISSEP topics on. I am hoping that will give me an advantage. I agree that having direct experience with it will likely make it easier. Good luck on your journey to the exam!

broli720

I took the CISSP a year ago. I probably won't start studying for the ISSEP until August; I need to finish grad school first, but I'll have it done before the end of the year.

kzc

Jonnyg wrote: »

If anyone has experience with this exam and can share their study plan, recommend additional materials, or their thoughts on the materials I have selected, it would be appreciated!

CBK: Outdated, still very applicable (unless there's a new version). Use this.
CCCure Questions: Borderline not applicable, even the "ISSEP" ones. Go through one or two 50-q tests, but don't expect much at ISSEP-depth, because most of it won't be.

I didn't use the other references you listed.

Biggest help for me was core knowledge from flashcards. Just getting the basic fact memorization. Every year every applicable act/memorandum/circular/directive/etc/etc/etc came out and a synopsis of the content, every piece of content you could find in a specific phase of the engineering process, things like that.

Know your basic facts, know the SSE process inside and out, know the systems authorization stuff, and understand how it all applies and how it all fits together. If you know that and you don't have trouble with the CISSP-style questions, you'll breeze through it.

I would also recommend that you build out your own course material based on the CBK and give classes to your dog on it. Or goldfish. Whatever. Generation helps you retain information better than reading it.

Jonnyg

Thanks for the information, kzc! Would you say that the ISSE domain is the most important to know? That seems to be the case, based on the few people I've been able to talk to about it. That is the domain that I am starting with. I hit it hard and am going through as many sources as possible and am making flash cards for everything. It is comforting to hear your comment about breezing through the CISSP-style questions. Did you find that some of the questions were pertaining to "basic CISSP," rather than ISSEP-level questions? If this is the case, it sounds like I should periodically review my CISSP flash cards to keep all of that knowledge current as well.

Jonnyg

I forgot to ask. To what depth would you recommend I be familiar with all of the different documents (i.e., DoD documents, NIST documents, etc.)? To what depth would you recommend I be familiar with Common Criteria? I hear that it is also big on this exam.

kzc

The questions are stylized like the CISSP questions - I don't remember seeing anything CISSP-difficulty, these are all far more in-depth. If you're already comfortable with that style of question, though, then they're just testing what you know, so just know everything from the book.

As far as domain importance: if you don't know SSE inside out and sideways, just send me $399. You'd be throwing it away on the test and I won't charge you taxes or tell you that you failed.

Know your NIST RMF. Your SP 800-18. -30, -37, -39, -53, -60, etc, FIPS 140-2, 199, 200, etc. Be able to speak to the function and a basic overview of the content of each document.

The most important information to know before the test is how every domain impacts the SSE process. Questions won't be from a domain, they'll be from multiple domains at once. You have to make them play nice in the sandbox.

Jonnyg

Thank you everyone for all of the information! After careful consideration, I have decided to first study and attempt the CAP exam and then the ISSEP. I feel as though the studies for the CAP will be directly beneficial to my ISSEP preparation (particularly the C&A/RMF domain). If I am going to know the RMF inside and out for the ISSEP, I may as well learn it well enough to pass the CAP while I'm at it!

If anyone has any further information regarding the CAP or ISSEP, I would really appreciate hearing your experience or recommendations for either cert.

Grafixx01

Johnny,

Just wanted you to know, NOT that I have an issue with it, but I put "pending endorsement" on something prior to being acutally endorsed by ISC2 for my CISSP and they send me emails saying that I had to remove it before they would continue to evaluate my application for endorsement.

Just wanted to let you know.

5ekurity

Jonnyg, hope this link helps you out if you haven't seen it already:

Q1 2014 Offer - 50% Off Live OnLine Training

I plan on going the ISSAP route but I have way too much on my plate as is. ISSAP might have to wait until later this year or even next

Jonnyg

5ekurity wrote: »

Jonnyg, hope this link helps you out if you haven't seen it already:

Q1 2014 Offer - 50% Off Live OnLine Training

I plan on going the ISSAP route but I have way too much on my plate as is. ISSAP might have to wait until later this year or even next

Thanks a lot for the information and good luck on the ISSAP! Right now I am preparing for the CAP through self-study and feel I am almost ready. I will let you know how it goes. Then, I am off to study and attempt the ISSEP, assuming a successful CAP pass.