ISSEP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Similar documents
ISSMP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard

Certification Exam Outline Effective Date: September 2013

Certification Exam Outline Effective Date: April 2018

Certification Exam Outline Effective Date: July 2017

Certification Exam Outline Effective Date: April 2015

Certification Exam Outline Effective Date: August 1, 2019

Certification Exam Outline Effective Date: April 2015

Certification Exam Outline Effective Date: November 2018

E-guide CISSP Prep: 4 Steps to Achieve Your Certification

CLOUD GOVERNANCE SPECIALIST Certification

CISA EXAM PREPARATION - Weekend Program

CLOUD SECURITY SPECIALIST Certification. Cloud Security Specialist

ITIL 2011 Foundation Course

HCISPP HealthCare Information Security and Privacy Practitioner

"Charting the Course... Certified Information Systems Auditor (CISA) Course Summary

COBIT 5 Implementation

Application for Certification

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager.

CISA Training.

E-guide Getting your CISSP Certification

Advanced Security Tester Course Outline

CompTIA CASP (Advanced Security Practitioner)

Reference Framework for the FERMA Certification Programme

(ISC) 2 Continuing Professional Education (CPE) Handbook

COURSE BROCHURE CISA TRAINING

Driving Global Resilience

SALARY $ $72.54 Hourly $3, $5, Biweekly $8, $12, Monthly $103, $150, Annually

FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

Certified information Systems Security Professional(CISSP) Bootcamp

Synergies of the Common Criteria with Other Standards

PRODUCT SAFETY PROFESSIONAL CERTIFICATION PROGRAM DETAILS. Overview

Project Management Professional (PMP) Exam Preparation elearning Course

We would like to announce to you a number of upcoming changes to the Certified Internal Auditor Exam:

SQA Advanced Unit specification: general information. Professionalism and Ethics in Computing

Cloud Capacity Specialist Certification

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

Exam Preparation Guide HP0-M94: Advanced LoadRunner 9.5 Software Exam

TEL2813/IS2820 Security Management

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

CISM - Certified Information Security Manager. Course Outline. CISM - Certified Information Security Manager. 22 Mar

ISO/IEC Information technology Security techniques Code of practice for information security controls

CompTIA Project+ (2009 Edition) Certification Examination Objectives

Shon Harris s Newly Updated CISSP Materials

EXAM PREPARATION GUIDE

CLOUD PROFESSIONAL Certification

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE

The Common Controls Framework BY ADOBE

THE ISACA CURACAO CHAPTER IS ORGANIZING FOLLOWING INFORMATION SECURITY AND TECHNOLOGY SESSIONS ON MAY 15-MAY :

Certificate Software Asset Management Essentials Syllabus. Version 2.0

Information Security Policy

ISO/IEC INTERNATIONAL STANDARD

INFORMATION ASSURANCE DIRECTORATE

Introduction to CPIP

CISM QAE ITEM DEVELOPMENT GUIDE

ITG. Information Security Management System Manual

TIPA Lead Assessor for ITIL

Certified Information Security Manager (CISM) Course Overview

Fabrizio Patriarca. Come creare valore dalla GDPR

IS305 Managing Risk in Information Systems [Onsite and Online]

WHO SHOULD ATTEND COURSE OUTLINE. Course Outline :: PROJECT MANAGEMENT PROFESSIONAL (PMP) EXAMINATION PREPARATORY COURSE::

What Makes PMI Certifications Stand Apart?

Cyber Security Program

(ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

Microsoft SDL 한국마이크로소프트보안프로그램매니저김홍석부장. Security Development Lifecycle and Building Secure Applications

CompTIA Cybersecurity Analyst+

(ISC) 2 CONTINUING PROFESSIONAL EDUCATION (CPE) POLICIES AND GUIDELINES

Indicate whether the statement is true or false.

Advent IM Ltd ISO/IEC 27001:2013 vs

Department of Homeland Security Customs and Border Protection. Centers of Excellence and Expertise

Professional Qualifications for ITIL PRACTICES FOR SERVICE MANAGEMENT. The ITIL Foundation Certificate in IT Service Management SYLLABUS

C T I A CERTIFIED THREAT INTELLIGENCE ANALYST. EC-Council PROGRAM BROCHURE. Certified Threat Intelligence Analyst 1. Certified

COURSE BROCHURE. COBIT5 FOUNDATION Training & Certification

CAPM TRAINING EXAM PREPARATION TRAINING

Information Technology General Control Review

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

Introduction to CPIP

BCM Program Development

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

IT Governance ISO/IEC 27001:2013 ISMS Implementation. Service description. Protect Comply Thrive

Rethinking Cybersecurity from the Inside Out

Identity Assurance Framework: Realizing The Identity Opportunity With Consistency And Definition

SECURITY+ COMPETITIVE ANALYSIS 1. GIAC GSEC 2. (ISC)2 SSCP 3. EC-COUNCIL CEH

DEFINING FEATURES OF QUALITY CERTIFICATION AND ASSESSMENT-BASED CERTIFICATE PROGRAMS (Draft) Rev. 5.1 August 8, 2007

Invest in. ISACA-certified professionals, see the. rewards.

EXAM PREPARATION GUIDE

10 Cybersecurity Questions for Bank CEOs and the Board of Directors

SOC for cybersecurity

ISSP Sustainability Professional Credentials UPDATE: March 20, 2019

ADIENT VENDOR SECURITY STANDARD

แนวทางการพ ฒนา Information Security Professional ในประเทศไทย

Security Management Models And Practices Feb 5, 2008

EXAM PREPARATION GUIDE

Access Control and Physical Security Management. Contents are subject to change. For the latest updates visit

"Charting the Course... ITIL 2011 Managing Across the Lifecycle ( MALC ) Course Summary

ISO STANDARD IMPLEMENTATION AND TECHNOLOGY CONSOLIDATION

PMI Certification Overview

SOLUTION BRIEF Virtual CISO

Transcription:

Certification Exam Outline Effective Date: March 2018

About CISSP-ISSEP The Information Systems Security Engineering Professional (ISSEP) is a CISSP who specializes in the practical application of systems engineering principles and processes to develop secure systems. An ISSEP analyzes organizational needs, defines security requirements, designs security architectures, develops secure designs, implements system security, and supports system security assessment and authorization for government and industry. The broad spectrum of topics included in the ISSEP Common Body of Knowledge (CBK) ensure its relevancy across all disciplines in the field of security engineering. Successful candidates are competent in the following 5 domains: Security Engineering Principles Risk Management Security Planning, Design, and Implementation Secure Operations, Maintenance, and Disposal Systems Engineering Technical Management Experience Requirements Candidates must be a CISSP in good standing and have 2 years cumulative paid full-time work experience in 1 or more of the 5 domains of the CISSP-ISSEP CBK. Accreditation ISSEP is in compliance with the stringent requirements of ANSI/ISO/IEC Standard 17024. Job Task Analysis (JTA) (ISC)² has an obligation to its membership to maintain the relevancy of the ISSEP. Conducted at regular intervals, the Job Task Analysis (JTA) is a methodical and critical process of determining the tasks that are performed by security professionals who are engaged in the profession defined by the ISSEP. The results of the JTA are used to update the examination. This process ensures that candidates are tested on the topic areas relevant to the roles and responsibilities of today s practicing information security professionals. 2

CISSP-ISSEP Examination Information Length of exam Number of questions Question format Passing grade Exam availability Testing center 3 hours 150 Multiple choice 700 out of 1000 points English Pearson VUE Testing Center CISSP-ISSEP Examination Weights Domains Weight 1. Security Engineering Principles 22% 2. Risk Management 24% 3. Security Planning, Design, and Implementation 4. Secure Operations, Maintenance, and Disposal 5. Systems Engineering Technical Management 22% 21% 11% Total: 100% 3

Domain 1: Security Engineering Principles 1.1 General Security Principles Identify organizational security authority Identify elements of a system security policy Understand trust concepts and hierarchies Determine boundaries governed by security policies Specify complete mediation Determine least common mechanism Understand open design concepts Analyze psychological acceptability/usability Understand the importance of consistent measurement 1.2 Security Risk Management Principles Align security risk management with enterprise risk management Integrate risk management throughout the lifecycle 1.3 System Resilience Principles Apply resilience methods to address threats Understand concepts of layered security Specify fail-safe defaults Avoid single points of failure 1.4 Vulnerability Management Principles Incorporate least privilege concepts Understand economy of mechanism Understand separation of privilege/duties concepts Understand security best practices applicable to the context 4

Domain 2: Risk Management 2.1 Risk Management Process Establish risk context Identify system security risks Perform risk analysis Perform risk evaluation Recommend risk treatment options 2.2 Operational Risk Management Confirm operational risk appetite Identify remediation needs and other system changes Propose remediation for unaccepted security risks Assess proposed remediation or change activities Participate in implementation of the remediation or change Perform verification and validation activities relative to the requirements impacted Update risk assessment documentation to account for the impact of the remediation or change 5

Domain 3: Security Planning, Design, and Implementation 3.1 Stakeholder Requirements Definition Define security roles and responsibilities Understand stakeholders mission/business and operational environment Identify security-relevant constraints and assumptions Identify and assess threats to assets Determine protection needs Document stakeholder requirements Analyze stakeholder requirements 3.2 Requirements Analysis Develop system security context Identify security functions within the security concept of operations Develop system security requirements baseline 3.3 System Security Architecture and Design Perform functional analysis and allocation Maintain mutual traceability between specified design and system requirements Define system security design components 3.4 Implementation, Integration, and Deployment of Systems or System Modifications Perform system security implementation and integration Perform system security deployment activities 3.5 Verification and Validation of Systems or System Modifications Perform system security verification Perform system security validation Analyze and define security constraints Analyze system security requirements for completeness, adequacy, conflicts, and inconsistencies Perform trade-off studies for system components Assess information protection effectiveness 6

Domain 4: Secure Operations, Maintenance, and Disposal 4.1 Secure Operations Document and maintain secure operations strategy Maintain and monitor continuous monitoring processes Support the incident response process 4.2 Secure Maintenance Develop and direct secure maintenance strategy Participate in system remediation and change management processes Perform scheduled security reviews 4.3 Secure Disposal Develop and direct secure disposal strategy Verify proper security protections are in place during the decommissioning and disposal processes Document all actions and results of the disposal process 7

Domain 5: Systems Engineering Technical Management 5.1 Acquisition Process Prepare security requirements for acquisitions Participate in vendor selection Participate in supply chain risk management Participate in contractual documentation development to verify security inclusion Perform acquisition acceptance verification and validation 5.2 System Development Methodologies Integrate security tasks and activities into system development methodologies Verify security requirements are met throughout the process 5.3 Technical Management Processes Identify opportunities for automation of security processes Perform project planning processes Perform project assessment and control processes Perform decision management processes Perform risk management processes Perform configuration management processes Perform information management processes Perform measurement processes Perform quality assurance processes 8

Additional Examination Information Supplementary References Candidates are encouraged to supplement their education and experience by reviewing relevant resources that pertain to the CBK and identifying areas of study that may need additional attention. View the full list of supplementary references at www.isc2.org/certifications/references. Examination Policies and Procedures (ISC)² recommends that ISSEP candidates review exam policies and procedures prior to registering for the examination. Read the comprehensive breakdown of this important information at www.isc2.org/register-for-exam. Legal Info For any questions related to (ISC)² s legal policies, please contact the (ISC) 2 Legal Department at legal@isc2.org. Any Questions? (ISC)² Candidate Services 311 Park Place Blvd, Suite 400 Clearwater, FL 33759 (ISC)² Americas Tel: +1.866.331.ISC2 (4722) Email: info@isc2.org (ISC)² Asia Pacific Tel: +(852) 28506951 Email: isc2asia@isc2.org (ISC)² EMEA Tel: +44 (0)203 300 1625 Email: info-emea@isc2.org ISSEP Certification v1204 Exam Outline 9

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback