Preparing for the ISSEP Exam

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary,
00:00
ISSEP course, I'm your instructor Brad Rhodes.
00:00
Let's talk about preparing for the ISSEP exam.
00:00
Having taken the ISSEP exam,
00:00
I will tell you it's a tough one.
00:00
There is, as you've
00:00
probably guessed throughout the course,
00:00
a lot of things you need to review,
00:00
study, cover, and have
00:00
at least some familiarity
00:00
with and can work through issues there.
00:00
Let's look at those key areas and I'll
00:00
give you a top list of those to look at.
00:00
We're going to give you a top 19 and
00:00
some test-taking tips in this video.
00:00
Our goal is to give you
00:00
some areas that you should focus on
00:00
to build out for those
00:00
brain dumps so that you are better prepared for the exam.
00:00
First step, you got to buy the ISSEP handbook.
00:00
We showed that a little bit earlier
00:00
, you should buy that.
00:00
It's a great guide,
00:00
even though it's older,
00:00
it covers a lot of the flow and the processing,
00:00
gets you in the ISSEP test-taking mindset.
00:00
You need to know the outputs from
00:00
every single section of the ISSE
00:00
process, very important.
00:00
Understand what comes from one step to the next step.
00:00
Similarly, same thing with the SDLC,
00:00
you need to know the decision points,
00:00
and understand that with SDLC,
00:00
that it's built that way so that we can decide to stop at
00:00
anytime in the system development life cycle process.
00:00
You need to know and understand
00:00
the System Security
00:00
Engineering Capability Maturity Model.
00:00
A little bit newer, construct and concept potentially,
00:00
but you should know those processes.
00:00
Know the ISSE process,
00:00
understand and remember, memorize, needs, requirements,
00:00
architecture, design, implementation, and draw a circle
00:00
around that with assess you need to remember that.
00:00
You need to know the SDLC process,
00:00
so the system development lifecycle,
00:00
you got to know initiation, develop an acquisition,
00:00
implementation, often maintenance and disposal.
00:00
Then the linkages,
00:00
super important to understand
00:00
the linkages between all of those.
00:00
We looked at a chart that helps you map that,
00:00
but when we think about
00:00
the new NIST special publication, 800-160,
00:00
the old system lifecycle
00:00
processes there very similar to SDLC,
00:00
but also something you need to remember.
00:00
That's concept development, production,
00:00
utilization, support and retirement.
00:00
Six steps versus say
00:00
five for the system development life cycle.
00:00
You need to remember common criteria and the EAL,
00:00
the evaluation assurance levels.
00:00
You need to know configuration management.
00:00
You need to understand
00:00
that configuration/change management.
00:00
You need to understand that you have to decide on
00:00
items you're going to
00:00
configuration control and understand.
00:00
If you remember, configuration management,
00:00
change management is literally a cyclical process that
00:00
goes on throughout the entire life cycle of a system,
00:00
and that's what the ISSEs are responsible for.
00:00
You need to dig into those security roles,
00:00
the CIOs, the CSOs,
00:00
the folks that are going to give you an ATO,
00:00
an authority to operate based on, say,
00:00
the risk management framework,
00:00
you need to know those roles.
00:00
They are defined in the various NIST publications.
00:00
What to know 11-19,
00:00
know the disposal process.
00:00
Understand the difference between
00:00
decommissioning and disposal.
00:00
Dicom, I'm going to prepare something to be reused.
00:00
Disposal is, I'm going
00:00
to get rid of that, I'm going to destroy it,
00:00
and don't just throw it in the dumpster because
00:00
that might end up being a problem.
00:00
Remember we do continuous monitoring as ISSEs.
00:00
That's looking at the
00:00
technical and non-technical processes,
00:00
the detective preventive, all of
00:00
the security controls are monitored continuously.
00:00
It's not just the tech that we use,
00:00
it's everything else as well
00:00
because everything across people,
00:00
process, and technology
00:00
actually contributes to the whole of our security.
00:00
Remember terms and definitions and don't
00:00
forget cost, schedule, scope.
00:00
Remember that triad, remember
00:00
the CIA triad, all of those definitions.
00:00
You need to remember all that stuff
00:00
and have those locked in really well.
00:00
Remember the current is subdomains,
00:00
remember there's five of them.
00:00
We started with foundations at the very beginning.
00:00
We went through risk management.
00:00
We've talked about planning and design,
00:00
talked about the implementation,
00:00
verification and validation.
00:00
Remember, verification
00:00
and validation are two separate things.
00:00
Verification is did I do build the system right?
00:00
Did I get the requirements right?
00:00
Validation is, did I meet the mission need?
00:00
As we've said many times, you can validate or you can
00:00
verify and not validate your systems,
00:00
but if you don't meet mission need.
00:00
Remember the RMF,
00:00
six steps; categorize,
00:00
select, implement, assess,
00:00
authorize, and monitor, you should remember those.
00:00
You should probably memorize those ones.
00:00
You got to know the process as specified
00:00
in NIST special pub 800-160.
00:00
Remember agreement processes or like say,
00:00
acquisition or supply chain type stuff.
00:00
That's where we signed an agreement off or something.
00:00
Remember organization project enabling tests like HR,
00:00
technical management tasks like
00:00
project management and of course,
00:00
the technical tasks like implementation,
00:00
integration, verification and validation and many more.
00:00
You need to remember those
00:00
and know how those bins work and
00:00
know which of them based on
00:00
words fit into those different bins.
00:00
Remember the cybersecurity framework and
00:00
the five steps there, no resilience.
00:00
Then as a final step in your prep for the NIST,
00:00
for the ISSEP course,
00:00
aside from going through this awesome course
00:00
that we built here for you at sidebar,
00:00
you probably should sit down
00:00
and just literally read through
00:00
NIST special publication 800-100 hundred.
00:00
I actually have a hard copy of that,
00:00
it is a great final review for the ISSEP exam.
00:00
You've decided to take the ISSEP exam, that's awesome.
00:00
We're very excited and we hope that you are successful,
00:00
and in fact, we'd love
00:00
your feedback to know if you're successful.
00:00
When you're doing some high-end test-taking like this,
00:00
and many of you that have sat for
00:00
the CISSP exam and
00:00
other high-end exams are probably well aware of this,
00:00
but let's talk about a couple of things.
00:00
These are always good to review.
00:00
One, [NOISE] go with your first choice.
00:00
Trust your gut. If you think it's right, don't change it.
00:00
Most of the time you're going to be right.
00:00
Look for words like best,
00:00
first, next, these are potential clues.
00:00
If you get a question that says,
00:00
what is the first step and say the SDLC,
00:00
and you get a list of things
00:00
and none of them are initiation,
00:00
you should probably [LAUGHTER] look for the first step,
00:00
or the best possible answer for the first step.
00:00
Always try to narrow it down if you have no idea.
00:00
Don't leave test questions on the table.
00:00
Don't don't just skip them.
00:00
There's a potential you get it right,
00:00
so narrow it down to the 50/50, and look at that.
00:00
Sometimes you might hear things
00:00
like the longest question is always right?
00:00
I don't know how much veracity is there is to that,
00:00
but it's something to consider.
00:00
I slow down and read the question.
00:00
I'm guilty and taking tests of zipping
00:00
through and missing staff on tests
00:00
because I didn't read the entire question.
00:00
I skipped over the not
00:00
and answered in the
00:00
affirmative when it should have been in the negative.
00:00
Obviously, you've got to slow down and read.
00:00
Then finally, my biggest test-taking tip,
00:00
especially for a complex set of materials such as this,
00:00
is go back through the ISSEP course,
00:00
we've provided here and look at things that you
00:00
probably should memorize and then practice those.
00:00
Do brain dumps, work
00:00
through writing everything down so that you
00:00
have a good handle on
00:00
the material so that when you sit down with the test,
00:00
before you even start answering
00:00
questions, you take a few minutes,
00:00
write down everything you can remember,
00:00
and then potentially use that
00:00
as a reference point throughout the exam.
00:00
Again, great test-taking tips here,
00:00
but we're super excited
00:00
you're going to take the ISSEP exam.
00:00
We know that based on what we've covered here,
00:00
you got to you fair chance to get
00:00
there. Let's go on to the next line.
00:00
In this video, we talked about the top 19 what to knows,
00:00
if you will, for the ISSEP exam,
00:00
and we reviewed some basic test-taking tips.
00:00
In the next lesson,
00:00
we're going to wrap up this module and
00:00
wrap up the ISSEP course.
Up Next