Preparing for the ISSEP Exam

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
Welcome back to CyberRays. Yes, of course. I'm your instructor. Bread roads. Let's talk about preparing for the exam. So, having taken the exit exam, I will tell you it's a tough one. Yeah, there is a zoo you've probably guessed throughout the course. A lot of things you need to review, study, cover
00:16
and have at least some familiarity with and can work through issues there. So let's look at those key areas, and I'll give you a top list of those
00:24
toe look at.
00:25
So we're going to give you a top 19 and some test taking tips in this video. Our goal is toe. We'll give you some areas that you should focus on. Thio, you know, build out for those brain dumps. Eso that you are better prepared for the exam.
00:41
So first step you gotta by the sf handbook. We showed that a little bit earlier. You should buy that. It's a great guide. Even though it's older, it's covers a lot of the flow in the process and get you in the ESOP test taking mindset.
00:56
Um, you need to know the outputs from every single section of the S E process. Very, very important. Understand what comes from one step to the next step, right? Similarly same thing with SCLC. You need to know the decision points right and understand that with SCLC
01:11
it's built that way so that we can decide to stop at any time in the system development life cycle process.
01:17
You need to know and understand the system security engineering capability, Maturity model A little bit newer, constructing concept potentially. But you should know those processes. No the ISI process. Understand And remember memorized needs requirements, architecture, design, implementation and draw a circle around that with assess. You need to remember that
01:36
you need to know the SCLC process eso the system development life cycle. You gotta know initiation development, acquisition, implementation option maintenance in disposal Andi then the linkages super important to understand the linkages between all of those. We looked at a chart that helps you map that. But when we think about the new n'est
01:53
uh, special publication 801 60 doubled system life cycle,
01:57
um, processes. They're very similar to S t l C, but also something you need to remember. That's concept development, production, utilization, support and retirement. So six steps versus a five. For the system development life cycle, you need thio remember common criteria and the E A l the evaluation assurance level
02:15
level. So you need to know configuration management. You need to understand that configurations last change. Mint. You understand that you have to decide on
02:22
items you're gonna configuration control and understand. And if you remember, configuration management change Management is literally a cyclical process that goes on throughout the entire life cycle off the system, and that's what this is a responsible for.
02:34
You need to dig into those security roles. The CEO is the CSO's theme. The folks that are going to give you an A t o and authority to operate based on, say, the risk management framework. You need to know those roles on day air defined in the various nous publications.
02:49
What to know 11 to 19? No, the disposal process. Understand the difference between Decommissioning and disposal. De com. I'm going to prepare something to be reused to disposal this. I'm going to get rid of it. I'm going to destroy it and don't destroy it in the dumpster because that might end up being a problem.
03:05
Remember, we do continuous monitoring is is he's right. That's looking at that. The technical and non technical processes, the detective preventive all of the security controls are monitored continuously. It's not just the tech that we use. It's everything else is well, because everything across people, processes and technology actually contributes
03:24
to the whole of our security.
03:27
Remember terms and definitions and don't forget
03:30
cost schedule scope. Remember that trying Remember the CIA? Try out all of those definitions. You need to remember all that stuff and have those locked in really well. Remember the current Isett domains. Remember where there's five of them, Right? We started with foundations at the very beginning. We went through risk management. We talked about planning and design,
03:47
talked about the implementation, verification and validation. Remember there
03:51
vacation on and validation or two separate things. Verification is, Did I do build the system right? Did I get the requirements right? And validation is, Did I meet the mission need? And it's very, Azzawi said many times you can validate or you can verify and not validate your systems. But if you don't meet mission needs,
04:09
remember the arm F six steps categorize, select implement, assess, Authorizing Monitor.
04:14
You should remember those. You should probably memorize those ones. Um, you gotta know the process is specified in this special pub. 801 60. Remember, Agreement processes air like, say, acquisition of supply chain type stuff. That's where we signed an agreement for something.
04:28
Remember organization project enabling tests like HR technical management tasks like project management And, of course, the technical tasks like
04:34
implementation, integration, verification and validation and many more. You need to remember those and know how those Ben's work and know which of them based on words fit into those different pins. Remember the cybersecurity framework and the five steps there. No resilience on then, as a final step in your prep for the mist.
04:54
For that, the S. Of course.
04:56
Aside from going through this awesome course that we built here for you at Cyberia, you probably should sit down and just literally read through NIST Special Publication 801 100. I actually have a hard copy of that. It is a great final review for the exam.
05:12
So you've decided to take Theis IP exam? That's awesome. We're very excited and we hope that you are successful, and in fact we love your feedback to know if you're successful. Um,
05:20
when you're doing some
05:23
high end test taking like this and many of you that have set for the C s SP examine other high end exams are probably well aware of this. But let's talk about a couple of things they're always good to review. Um one. Uh, excuse me.
05:34
Go with your first choice.
05:36
Um, trust your gut. If you think it's right, don't change it. Right. And most of the time you're gonna be right. Um, look for words like best first. Next, these air potential clues. Right? Um, if you get a question that says, you know what is the first step and say the STL? See right. You get a list of things and none of them are initiation. You probably should look for the first step,
05:57
right? Or the best possible answer
05:59
for the first step. Always try to narrow it down. If you have no idea. Don't leave test questions on the table. Don't Don't just skip them, right. There's a potential. You get it right. So narrow it down to the 50 50
06:11
on. Look at that right. Sometimes you might hear things like you know, the longest question is always right. I don't know how much veracity is there is to that, but it's something to consider.
06:19
Slow down and read the question. I am guilty in taking tests of zipping through and missing stuff on test because I didn't read the entire question. I skipped over the not on bond, you know, answered in the affirmative when it should have been in the negative. So obviously you gotta slow down and read.
06:36
And then finally, my biggest test taking tips, especially for a complex set of materials such as this
06:43
is go back through the ISS. Of course, we provided here and look at things that you probably should memorize right on. Then practice those dio brain dumps work through writing everything down so that you have a good a good handle on the material so that when you sit down on the test before you even start answering questions, you take a few minutes, write down everything you can remember, right, and then
07:00
potentially use that as a reference point throughout the exam. So
07:03
again, great test taking tips here. But we are We're super excited. You're gonna take Theis ip exam on. We know that based on what we've covered here, you gotta You got a fair chance to get there, So let's go on to the next one.
07:17
So in this video, we talked about the top 19. What to nose, if you will for Theis. Ip examine. We reviewed some basic test taking tips.
07:27
In the next lesson, we're going to wrap up this module and wrap up the S, of course.
Up Next