Official (ISC)² CBK Training Seminar for the Information Systems Security Engineering Professional (ISSEP)
This course is designed for the CISSP who specializes in the practical application of systems engineering principles and processes to develop secure systems. Drawing from the comprehensive Information Systems Security Architecture Professional (ISSAP) Common Body of Knowledge (CBK®), the course provides a deep understanding of the broad spectrum of topics included in the CBK® and addresses new threats, technologies, regulations, standards and practices. This self-paced training covers the following five domains of the CISSP-ISSEP CBK®:
- • Domain 1: Systems Security Engineering Foundations
- • Domain 2: Risk Management
- • Domain 3: Security Planning and Design
- • Domain 4: Systems Implementation, Verification and Validation
- • Domain 5: Secure Operations, Change Management and Disposal
Course Learning Objectives
At the end of this course, learners will be able to:
- • Understand and apply information system security engineering processes as the Information System Security Engineer on the systems engineering team.
- • Analyze system security risk throughout the system development lifecycle within the context of system operations and organizational risk tolerance.
- • Analyze, design, develop, and evaluate the security design and architecture for systems using security engineering processes and principles.
- • Develop system solutions that employ security functions and provide adequate protection to system functions.
- • Choose the most effective security configurations and designs to ensure system security during operations, change management, and disposal.
Note: Chapter learning objectives provided below.
How this Course Works
This is an interactive online self-paced course offering the learner the flexibility to work through the content and activities at their own pace over a 180-day period. Estimated time to complete the course is 40 hours.
Content will be taught using a series of lecture-based videos, audio presentations, interactive exercises, readings and assessments. In addition to viewing audio and video lectures, learners will be asked to work through and complete the following activities:
- • Approximately 6 hours of multimedia learning resources (videos, narrated power points, scenarios, etc.)
- • 27 Applied Scenarios demonstrating a real-world application of concepts taught in the course.
- • 67 content specific activities (includes knowledge checks and other interactive exercises.)
- • 5 end of chapter quizzes with answer explanation to assess comprehension.
- • 100 question post course assessment with answer explanation highlighting areas for further study.
- • Extensive written content to enhance learning of CISSP-ISSEP CBK® topics.
- • Flashcards
All materials are included in the course.
Requirements for Completion
In order to complete the course, receive a certificate of completion and earn (ISC)2 continuing professional education (CPE) credits learners must:
- • Complete all learning activities within the course.
- • Complete a course evaluation.
- • Score 70% or higher on the end of chapter quizzes and final assessment.
Course content is offered in English.
Self-Paced - Online go at your own pace training with interactive study materials, no instructor, and available 24/7.
40 CPE credits
Pricing available at checkout.
This course covers the following chapters:
Chapter 1: Systems Security Engineering Fundamentals Domain
- Module 1: Apply systems security engineering fundamentals
- • Understand system type terminology.
- • Understand the multidisciplinary nature of systems engineering and the role of security engineering.
- • Analyze and identify systems and system elements.
- • Identify and understand the system -of- interest.
- • Understand the design problem of adequate security.
- • Understand the role of the System Security Engineer.
- • Understand the systems security engineer trust concepts and hierarchy.
- • Analyze the relationship between systems engineering and security engineering.
- • Apply Structural Security Design Principles.
- Module 2: Execute systems security engineering processes
- • Understand and execute the systems security engineering lifecycle processes.
- • Identify organizational security authority.
- • Identify system security policy elements.
- • Understand software design concepts.
- • Integrate design concepts (e.g. open, proprietary, modular).
- Module 3: Integrate with applicable development methodology
- • Understand the lifecycle models.
- • Analyze the complexity model.
- • Understand the lifecycle model types.
- • Characterize lifecycle types.
- • Understand Agile team member roles.
- • Understand Agile feature breakdown.
- • Understand the relationship between planning and lifecycle models.
- • Analyze Waterfall and Agile pros and cons.
- • Integrate with the applicable system development methodology.
- • Integrate with systems security engineering security tasks and activities.
- • Verify security requirements throughout the process.
- • Integrate software assurance methods.
- Module 4: Perform technical management
- •Perform Technical Management processes.
- •Perform project planning processes.
- •Perform project assessment and control processes.
- •Perform decision management processes.
- •Perform the risk management processes.
- •Perform configuration management processes.
- •Perform information management processes.
- •Perform measurement processes.
- •Identify opportunities for security process automation.
- Module 5: Participate in the acquisition process
- •Prepare security requirements for acquisitions.
- •Participate in the selection process.
- •Participate in supply chain risk management (SCRM).
- •Participate in development and review of contractual information.
- Module 6: Design trusted systems and networks (TSN).
- • Understand the basic network architecture design to protect the system.
Chapter 2: Security Architecture Modeling
- Module 1: Apply Security Risk Management Principles
- • Align security risk management with enterprise risk management (ERM).
- • Integrate risk management throughout the lifecycle.
- Module 2: Address the Risk to the System
- • Establish the risk context.
- • Identify system security risks.
- • Perform risk analysis.
- • Perform risk evaluation.
- • Recommend risk treatment options.
- • Document risk findings and decisions.
- Module 3: Manage the Risk to the Operations
- • Determine stakeholder risk tolerance.
- • Identify remediation needs and other system changes.
- • Determine risk treatment options.
- • Assess proposed risk treatment options.
- • Recommend risk treatment options.
Chapter 3: Chapter Security Planning and Design Domain
- Module 1: Analyze Organizational and Operational Environment
- • Capture stakeholder requirements.
- • Identify relevant constraints and assumptions.
- • Assess and document threats.
- • Determine system protection needs.
- • Develop security test plans (STP).
- Module 2: Apply System Security Principles
- • Incorporate resiliency methods to address threats.
- • Apply defense-in-depth concepts.
- • Identify fail-safe defaults.
- • Reduce single points of failure (SPOF).
- • Incorporate least privilege concept.
- • Understand the economy of mechanism.
- • Understand the separation of duties (SoD) concept.
- Module 3: Develop System Security Requirements
- • Develop system security context.
- • Identify functions within the system and security concept of operations (CONOPS).
- • Document a system security requirements baseline.
- • Analyze system security requirements.
- Module 4: Create System Security Architecture Design
- • Develop functional analysis and allocation.
- • Maintain traceability between specified design and system requirements.
- • Develop system security design components.
- • Execute trade-off-studies.
- • Assess protection effectiveness.
Chapter 4: Systems Implementation, Verification and Validation Domain
- Module 1: Implement, Integrate and Deploy Security Solutions
- • Perform system security implementation and integration.
- • Perform system security deployment activities.
- Module 2: Perform System security Deployment Activities
- • Perform system security verification.
- • Perform security validation to demonstrate controls meet stakeholder security requirements.
Chapter 5: Secure Operations, Change Management and Disposal Domain
- Module 1: Develop Secure Operations Strategy
- • Specify requirements for personnel conducting operations.
- • Contribute to the continuous communication with stakeholders for security-relevant aspects of the system.
- Module 2: Participate in Secure Operations
- • Develop continuous monitoring solutions and processes.
- • Support the incident response (IR) process.
- • Develop secure maintenance strategy.
- Module 3: Participate in Change Management
- • Participate in change reviews.
- • Determine change impact.
- • Perform verification and validation changes.
- • Update risk assessment documentation.
- Module 4: Participate in the Disposal Processes
- • Identify disposal security requirements.
- • Develop secure disposal strategy.
- • Develop decommissioning and disposal procedures.
- • Audit results of the decommissioning and disposal process.
Note: Throughout this course, exam domains may be covered in several chapters. Included in the course is a table indicating where the exam outline objectives are covered in this course. Unique icons are also used through the course materials to identify exam outline objectives.
Audience or Who Should Take this Course
This course is for individuals planning to pursue the CISSP-ISSEP certification. The CISSP-ISSEP is a CISSP who analyzes organizational needs, defines security requirements, designs security architectures, develops secure designs, implements system security, and supports system security assessment and authorization for government and industry.
Prior to taking this course the learner should have the following experience, skills, or knowledge obtained while serving in the following roles:
- • Senior systems engineer
- • Information assurance systems engineer
- • Information assurance officer
- • Information assurance analyst
- • Senior security analyst
(ISC)2 Authorized Instructors are available via email to assist learners with content related questions as they work through the course. Additional details are provided in the course.
The following are system requirements needed to enhance your overall learning experience.
A stable and continuous internet connection is required. In order to record your completion of the online learning courses, please ensure you are connected to the internet at all times while taking the course.
- • Processor 2 GHz +
- • RAM 4 GB +
- • Monitor minimum resolution (1024 x 768)
- • Video Card
- • Keyboard and Mouse or other assistive technology.
- • Speakers/Headphones – (Noise-cancelling headset is recommended)
- • Microphone
- • Camera
Supported Operating Systems
- • Macintosh OS X 10.10 to present
- • Windows 10 to present
- • Google Chrome
- • Microsoft Edge
- • Mozilla Firefox
- • Adobe Readers: https://get.adobe.com/reader/
Access Certificate of Completion
An electronic Certificate of Completion will be provided once you have completed the course by meeting all the requirements.We recommend that you download and retain the certificate of completion as proof of credits earned.
To download a PDF version of the certificate, goto the "Awards" tab of (ISC)2Learn (top menu), select the course and then "Generate Certificate".
CPE credits for (ISC)2 credentials must be self-reported by members and associates through the (ISC)2 CPE Portal accessible via www.isc2.org using your member login credentials.
CPE credits earned for this course may be eligible for continuing professional education credits for non-(ISC)² certifications. Please visit the continuing education requirements established by the credentialing organization for eligibility.
For specific questions related to your CPE credits or the CPE portal please contact member support - firstname.lastname@example.org.
If are in North America and want to purchase this course on behalf of someone else or interested in quantity discounts, please contact:
(ISC)2 North America Regional Office - Email: email@example.com or call Phone: +1-866-331-ISC2 (4722) ext. 2
Refunds for any (ISC)2 courses will not be provided
Access to course content 180 days.