By: Shimon Brathwaite
March 24, 2021
ISSEP Training Course Review
By: Shimon Brathwaite
March 24, 2021
What is the ISSEP training course?
The ISSEP stands for Information Systems Security Engineering Professional, a concentration for the CISSP certification, the most popular and in-demand cybersecurity certification globally. The ISSEP certification is vendor-neutral specialty certification that demonstrates an individual’s proficiency in designing, creating, and implementing security for information systems, services, and applications.
This course is designed to give students the foundational knowledge, key concepts, and skills needed to pass the ISSEP exam successfully. Some of the notable things you will cover are the information systems security engineering process, the system development life cycle (SDLC), and information security standards from the National Institute for Standards and Technologies (NIST). The course is instructed by Brad Rhodes, head of Cybersecurity for Zvelo, and serves in the US armed forces as a drilling soldier in the army national guard.
The course itself begins with an overview of the CISSP and ISSEP domains that you will need to be familiar with. Following that, modules 2-10 are focused solely on the course content. It touches on each of the individual topics that you need to know and includes visuals and practical examples to understand how to apply these to exam-style questions.
Systems Security Engineering
This course discusses how to apply the specialty of engineering to the security industry. Security engineers are responsible for implementing security solutions for the company, including firewalls, software tools and acquiring vendor solutions, and implementing them. This content highlights the different development methodologies for properly implementing these systems. It also covers the acquisition process, so you know what you need to consider when thinking of getting a security solution such as Splunk, Cyberark, Devo, etc.
Risk is defined as the potential for loss or damage when a threat exploits a vulnerability within your system. Risk Management refers to your ability to mitigate and protect yourself from risk. This is done by either limiting your vulnerabilities or preventing threats from exploiting your vulnerabilities. This trains you on the best practices for risk management. It highlights how to identify, evaluate, and make decisions that will reduce them in your organization. It also discusses the importance of using threat modeling for identifying your potential threats with frameworks like MITRE or STRIDE.
Systems Implementation, Verification, and Validation
Systems implementation refers to taking a security solution and integrating it into your environment without interfering with business operations. When you are implementing any security solution, you should be careful because any delays could be devastating for a business.
Verification is used to check whether a system conforms to the specifications it was intended to have. In contrast, validation is used to check whether the software meets the customer/stakeholder expectations and requirements. It would help if you understood how to demonstrate and meet both of these expectations as a security engineer.
Systems Development Lifecycle (SDLC)
The SDLC is a model that describes the stages in developing an information system. The course will go through the five steps of SDLC planning, analysis, design, implementation, and maintenance. It will talk about all of the security implications you need to consider during each phase. It is far easier to build security into a system than to add security later on.
NIST stands for the national institute of standards and technology. It is one of the well-respected bodies when it comes to cybersecurity standards. This subject course goes in-depth on some of the most important security engineering standards, privacy, and cryptography. It also discusses general cybersecurity frameworks that you can use to guide your operations.
ISSEP Exam Preparation
The last lesson in module 10 is called “preparing for the ISSEP Exam” and gives specific exam tips and helps you create an actionable study plan on what you need to know to prepare for the ISSEP certification exam.
The ISSEP is ideal for people working in any cybersecurity role where you are designing and implementing new security features. This training course will prepare you with the information you need to be a successful ISSEP candidate and create a study plan that you can follow leading up to the exam. In terms of price, Cybrary costs $49 per month if you pay annually and $59 per month if you are paying monthly and provides unlimited access to this course and the hundreds of courses on the platform. The length of the course is 5 hours and 58 minutes and comes with a certificate of completion.