What is the CISSP-ISSEP? Information Systems Security Engineering Professional [updated 2021]
The International Information Security Certification Consortium, or (ISC)², provides several renowned standardized information security certifications for IT professionals.
Suppose you already hold the CISSP certification and want to build on your expertise in information security engineering. In that case, you might want to consider the CISSP-ISSEP, a concentration certification exam that validates knowledge and provides an opportunity to prove your ability in applying security engineering principles into the business processes you support.
Earn your CISSP, guaranteed!
What is the ISSEP?
The ISSEP is one of the three CISSP concentration certification exams. It was developed in conjunction with the U.S. National Security Agency (NSA) to recognize those who specialize in the practical application of systems engineering principles and processes to build secure systems.
This concentration proves someone has an elite level of knowledge and expertise in providing satisfactory security controls to meet current information protection needs and the ability to incorporate security in all aspects of business operations.
Who should earn the ISSEP?
According to (ISC)², the ISSEP is ideal for those working in roles such as:
- Senior systems engineers
- Information assurance system engineers
- Information assurance officers
- Information assurance analysts
- Senior security analysts
To sit for the ISSEP examination, you need to have a minimum of two years of experience in engineering and have valid CISSP credentials. One seeking to take the ISSEP exam does not have to have any specific job titles above. Still, practical system engineering experience with a focus on developing highly secure systems is required. The applicant will need to design a robust security architecture, assess organizational security needs, define security requirements and adequately perform security risk assessments.
To schedule an exam, you must first create an account at Pearson VUE; at that point, you’re ready to register and pay for the exam ($599/EUR 555/GBP 479).
CISSP concentrations do not require an endorser when filling out the online application. If candidates already hold an (ISC)² certification, they will not have to pay an additional annual maintenance fee (AMF) of $125. Part of the renewal requirements for those holding the designation is meeting a certain amount of CPE credits (20) annually and throughout the three years.
What are the ISSEP domains?
The five domains of the ISSEP common body of knowledge (CBK) are as follows:
Domain 1: Systems security engineering foundations – 25%
- Apply systems security engineering fundamentals
- Execute systems security engineering processes
- Integrate with applicable system development methodology
- Perform technical management
- Participate in the acquisition process
- Design trusted systems and networks
Domain 2: Risk management – 14%
- Apply security risk management principles
- Address risk to the system
- Manage risk to operations
Domain 3: Security planning and design – 30%
- Analyze the organizational and operational environment
- Apply systems security principles
- Develop system requirements
- Create system security architecture and design
Domain 4: Systems implementation, verification and validation – 14%
- Implement, integrate and deploy security solutions
- Verify and validate security solutions
Domain 5: Secure operations, change management and disposal – 17%
- Develop secure operations strategy
- Participate in secure operations
- Participate in change management
- Participate in the disposal process
The CISSP-ISSEP exam outline covers the domains, weights and subdomains on which you will be tested; the official document has been updated to describe the topics accurately. The certification exam was last updated in November 2020 and now reflects the most pertinent issues that cybersecurity engineering professionals currently face with the content refreshed.
The exam suits those who hold the CISSP designation and have experience, skills or knowledge to do the following:
- Understand and apply information system security engineering processes as the information system security engineer on the systems engineering team.
- Analyze system security risk throughout the system development lifecycle within the context of system operations and organizational risk tolerance.
- Analyze, design, develop and evaluate the security design and architecture for systems using security engineering processes and principles.
- Develop system solutions that employ security functions and provide adequate protection to system functions.
- Choose the most effective security configurations and designs to ensure system security during operations, change management and disposal.
What does the ISSEP exam involve?
The ISSEP is a three-hour exam that consists of 125 multiple-choice questions (100 operational and 25 pre-test items) and requires 700 out of 1,000 points to pass.
The refreshed CISSP-ISSEP exam went into effect on Nov. 13, 2020, and is available in English only.
What are the best ISSEP study resources?
From traditional textbooks and study guides to interactive flashcards and study apps, (ISC)², Inc. offers training and study resources:
- Official (ISC)² CISSP-ISSEP course
- Official ISSEP flashcards
- Official (ISC)² CBK training seminar for the ISSEP
However, you should also review all other options available on the web from reputable training providers to find the best options for your learning style and needs. Training providers who offer ISSEP prep courses can help you get ready and successfully pass your exam. Prep courses can offer dives into the broad spectrum of topics included in the CBK, addressing new threats, technologies, regulations, standards and practices. But also have options to fill any other knowledge gaps you might want to address.
For many, the best approach seems to be using multiple types of study aids and focusing on how the test is structured and the types of vocabulary used.
Earn your CISSP, guaranteed!
Obtaining your ISSEP certification
The ISSEP is one of the CISSP concentrations that tests the security capabilities of system engineers with over two years of experience. The CISSP-ISSEP can help achieve an even higher level of success and possibly higher wages; the average salary is $149,992 per PayScale, although this will vary significantly depending on geographic location, specific job duties and years of experience. The ISSEP is a great addition to any system engineer’s resume.
Sources:
- The Ultimate Guide to the CISSP-ISSEP, (ISC)², Inc.
- Domain Change FAQs for CISSP-ISSEP, (ISC)², Inc.
- CISSP-ISSEP Domain Refresh guide, (ISC)², Inc.
- Get to Know the CISSP-ISSEP, (ISC)², Inc.
- CISSP-ISSEP Exam Outline, (ISC)², Inc.
- (ISC)² Self-Study Resources, (ISC)², Inc.
- CISSP Concentrations, (ISC)², Inc.
- Frequently Asked Questions, (ISC)², Inc.
- Salary for Certification: ISSEP/CISSP, PayScale, Inc.
- What You Need To Know About (ISC)² Exams, (ISC)², Inc.
- Exam Pass Guarantee
- Live expert CISSP instruction
- CISSP exam voucher
In this Series
- What is the CISSP-ISSEP? Information Systems Security Engineering Professional [updated 2021]
- CISSP certification - The ultimate guide [updated 2021]
- The CISSP domains and CBK: An overview
- CISSP certification salary: A comprehensive 2024 salary guide
- Definition & types of access control models & methods (updated 2023)
- CISSP domain 4: Communications and network security — What you need to know for the exam [2022 update]
- CISSP domain 5: Identity and access management — What you need to know for the exam [Updated 2022]
- CISSP domain 7: Security operations — What you need to know for the exam [Updated 2022]
- CISSP domain 6: Security assessment and testing — What you need to know for the exam [Updated 2022]
- CISSP domain 8 overview: Software development security — What you need to know for the exam [Updated 2022]
- CISSP and DoD 8570/8140: What you need to know [Updated 2022]
- Top 10 CISSP interview questions [Updated 2022]
- CISSP domain 1: Security and risk management — What you need to know for the exam
- The ISC2 code of ethics: A binding requirement for certification
- The CISSP experience waiver [updated 2022]
- Earning CPE credits to maintain the CISSP
- Renewal requirements for the CISSP [updated 2022]
- CISSP computerized adaptive testing (CAT): 25 of your questions answered
- CISSP job outlook [updated 2022]
- CISSP resources: Books, practice exams and other study tools [updated 2022]
- CISSP exam questions: 5 drag & drop and hotspot questions
- Risk management concepts and the CISSP (Part 2) [Updated 2022]
- What is the CISSP-ISSAP? Information Systems Security Architecture Professional [updated 2021]
- Average ISSEP Salary in 2021
- Average ISSMP Salary [updated 2021]
- CISSP domain 3: Security engineering CISSP - What you need to know for the exam [2022 update]
- Understanding the CISSP exam schedule: Duration, format, scheduling and scoring [updated 2021]
- Information and asset classification in the CISSP exam
- CISSP domain 2: Asset security - What you need to know for the Exam [updated 2021]
- 8 tips for CISSP exam success [updated 2021]
- Risk management concepts and the CISSP (part 1) [updated 2021]
- Average ISSAP Salary in 2021
- What is the CISSP-ISSMP? Information Security System Management Professional [updated 2021]
- CISSP concentrations (ISSAP, ISSMP & ISSEP) [updated 2021]
- Due care vs. due diligence and the CISSP
- CISSP prep: Security policies, standards, procedures and guidelines
- Vulnerability and patch management in the CISSP exam
- Data security controls and the CISSP exam
- Logging and monitoring: What you need to know for the CISSP
- Data and system ownership in the CISSP exam
- CISSP Prep: Mitigating access control attacks
- CISSP Domain 5 Refresh: Identity and Access Management
- Identity Governance and Administration (IGA) in IT Infrastructure of Today
- CISSP CAT Exam Deep Dive: Study Tips from InfoSec Institute Alum Joe Wauson
- CISSP: Incident management
- CISSP: Business continuity planning and exercises
- CISSP: Perimeter defenses
- CISSP: Secure communication channels
- Environmental controls and the CISSP
- CISSP: Disaster recovery processes and plans
- Change management and the CISSP
