Preparing for the ISSEP Exam

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with

Already have an account? Sign In »

5 hours 58 minutes
Video Transcription
Welcome back to CyberRays. Yes, of course. I'm your instructor. Bread roads. Let's talk about preparing for the exam. So, having taken the exit exam, I will tell you it's a tough one. Yeah, there is a zoo you've probably guessed throughout the course. A lot of things you need to review, study, cover
and have at least some familiarity with and can work through issues there. So let's look at those key areas, and I'll give you a top list of those
toe look at.
So we're going to give you a top 19 and some test taking tips in this video. Our goal is toe. We'll give you some areas that you should focus on. Thio, you know, build out for those brain dumps. Eso that you are better prepared for the exam.
So first step you gotta by the sf handbook. We showed that a little bit earlier. You should buy that. It's a great guide. Even though it's older, it's covers a lot of the flow in the process and get you in the ESOP test taking mindset.
Um, you need to know the outputs from every single section of the S E process. Very, very important. Understand what comes from one step to the next step, right? Similarly same thing with SCLC. You need to know the decision points right and understand that with SCLC
it's built that way so that we can decide to stop at any time in the system development life cycle process.
You need to know and understand the system security engineering capability, Maturity model A little bit newer, constructing concept potentially. But you should know those processes. No the ISI process. Understand And remember memorized needs requirements, architecture, design, implementation and draw a circle around that with assess. You need to remember that
you need to know the SCLC process eso the system development life cycle. You gotta know initiation development, acquisition, implementation option maintenance in disposal Andi then the linkages super important to understand the linkages between all of those. We looked at a chart that helps you map that. But when we think about the new n'est
uh, special publication 801 60 doubled system life cycle,
um, processes. They're very similar to S t l C, but also something you need to remember. That's concept development, production, utilization, support and retirement. So six steps versus a five. For the system development life cycle, you need thio remember common criteria and the E A l the evaluation assurance level
level. So you need to know configuration management. You need to understand that configurations last change. Mint. You understand that you have to decide on
items you're gonna configuration control and understand. And if you remember, configuration management change Management is literally a cyclical process that goes on throughout the entire life cycle off the system, and that's what this is a responsible for.
You need to dig into those security roles. The CEO is the CSO's theme. The folks that are going to give you an A t o and authority to operate based on, say, the risk management framework. You need to know those roles on day air defined in the various nous publications.
What to know 11 to 19? No, the disposal process. Understand the difference between Decommissioning and disposal. De com. I'm going to prepare something to be reused to disposal this. I'm going to get rid of it. I'm going to destroy it and don't destroy it in the dumpster because that might end up being a problem.
Remember, we do continuous monitoring is is he's right. That's looking at that. The technical and non technical processes, the detective preventive all of the security controls are monitored continuously. It's not just the tech that we use. It's everything else is well, because everything across people, processes and technology actually contributes
to the whole of our security.
Remember terms and definitions and don't forget
cost schedule scope. Remember that trying Remember the CIA? Try out all of those definitions. You need to remember all that stuff and have those locked in really well. Remember the current Isett domains. Remember where there's five of them, Right? We started with foundations at the very beginning. We went through risk management. We talked about planning and design,
talked about the implementation, verification and validation. Remember there
vacation on and validation or two separate things. Verification is, Did I do build the system right? Did I get the requirements right? And validation is, Did I meet the mission need? And it's very, Azzawi said many times you can validate or you can verify and not validate your systems. But if you don't meet mission needs,
remember the arm F six steps categorize, select implement, assess, Authorizing Monitor.
You should remember those. You should probably memorize those ones. Um, you gotta know the process is specified in this special pub. 801 60. Remember, Agreement processes air like, say, acquisition of supply chain type stuff. That's where we signed an agreement for something.
Remember organization project enabling tests like HR technical management tasks like project management And, of course, the technical tasks like
implementation, integration, verification and validation and many more. You need to remember those and know how those Ben's work and know which of them based on words fit into those different pins. Remember the cybersecurity framework and the five steps there. No resilience on then, as a final step in your prep for the mist.
For that, the S. Of course.
Aside from going through this awesome course that we built here for you at Cyberia, you probably should sit down and just literally read through NIST Special Publication 801 100. I actually have a hard copy of that. It is a great final review for the exam.
So you've decided to take Theis IP exam? That's awesome. We're very excited and we hope that you are successful, and in fact we love your feedback to know if you're successful. Um,
when you're doing some
high end test taking like this and many of you that have set for the C s SP examine other high end exams are probably well aware of this. But let's talk about a couple of things they're always good to review. Um one. Uh, excuse me.
Go with your first choice.
Um, trust your gut. If you think it's right, don't change it. Right. And most of the time you're gonna be right. Um, look for words like best first. Next, these air potential clues. Right? Um, if you get a question that says, you know what is the first step and say the STL? See right. You get a list of things and none of them are initiation. You probably should look for the first step,
right? Or the best possible answer
for the first step. Always try to narrow it down. If you have no idea. Don't leave test questions on the table. Don't Don't just skip them, right. There's a potential. You get it right. So narrow it down to the 50 50
on. Look at that right. Sometimes you might hear things like you know, the longest question is always right. I don't know how much veracity is there is to that, but it's something to consider.
Slow down and read the question. I am guilty in taking tests of zipping through and missing stuff on test because I didn't read the entire question. I skipped over the not on bond, you know, answered in the affirmative when it should have been in the negative. So obviously you gotta slow down and read.
And then finally, my biggest test taking tips, especially for a complex set of materials such as this
is go back through the ISS. Of course, we provided here and look at things that you probably should memorize right on. Then practice those dio brain dumps work through writing everything down so that you have a good a good handle on the material so that when you sit down on the test before you even start answering questions, you take a few minutes, write down everything you can remember, right, and then
potentially use that as a reference point throughout the exam. So
again, great test taking tips here. But we are We're super excited. You're gonna take Theis ip exam on. We know that based on what we've covered here, you gotta You got a fair chance to get there, So let's go on to the next one.
So in this video, we talked about the top 19. What to nose, if you will for Theis. Ip examine. We reviewed some basic test taking tips.
In the next lesson, we're going to wrap up this module and wrap up the S, of course.
Up Next
Information Systems Security Engineering Professional (ISSEP)

This ISSEP course provides students with the foundational knowledge of the concentration area of the CISSP certification that includes a focus on the processes used to develop secure systems. Students will learn key concepts and skills of the five ISSEP domains.

Instructed By