The CISSP-ISSEP security certification recognizes your keen ability to practically apply systems engineering principles and processes to develop secure systems. You have the knowledge and skills to incorporate security into projects, applications, business processes and all information systems.
An ISSEP analyses organisational needs, defines security requirements, designs security architectures, develops secure designs, implements system security, and supports system security assessment and authorization for government and industry.
The broad spectrum of topics included in the ISSEP Common Body of Knowledge (CBK®) ensure its relevancy across all disciplines in the field of security engineering. Successful candidates are competent in the following five domains:
- Systems Security Engineering Foundations
- Risk Management
- Security Planning and Design
- Systems Implementation, Verification and Validation
- Secure Operations, Change Management and Disposal
The CISSP-ISSEP is an ideal credential for proving you know how to incorporate security into all facets of business operations. This security engineering certification recognizes your keen ability to practically apply systems engineering principles and processes to develop secure systems. You have the knowledge and skills to incorporate security into projects, applications, business processes and all information systems.
At the end of this course, you’ll achieve your CISSP-ISSEP Information Systems Security Engineering Professional certification.
You do not need to have passed the CISSP exam to challenge for the ISSEP certification.
If you do not have a CISSP certification:
- You must have at least seven years of experience in two or more of the domains of the ISSEP
- Pass your exam and submit your certification application
- To maintain your ISSEP, you will need to earn 140 CPE credits in each 3-year term
Domain 1: Systems Security Engineering Foundations
1.1 Apply systems security engineering fundamentals
1.2 Execute systems security engineering processes
1.3 Integrate with applicable system development methodology
1.4 Perform technical management
1.5 Participate in the acquisition process
1.6 Design Trusted Systems and Networks (TSN)
- Understand systems security engineering trust concepts and hierarchies
- Identify the relationships between systems and security engineering processes
- Apply structural security design principles
- Integrate security tasks and activities
- Verify security requirements throughout the process
- Integrate software assurance methods
- Perform project planning processes
- Perform project assessment and control processes
- Perform decision management processes
- Perform risk management processes
- Perform configuration management processes
- Perform information management processes
- Perform measurement processes
- Perform Quality Assurance (QA) processes
- Identify opportunities for security process automation
- Identify organizational security authority
- Identify system security policy elements
- Integrate design concepts (e.g., open, proprietary, modular)
- Prepare security requirements for acquisitions
- Participate in selection process
- Participate in Supply Chain Risk Management (SCRM)
- Participate in the development and review of contractual documentation
Domain 2: Risk Management
2.1 Apply security risk management principles
2.2 Address risk to system
2.3 Manage risk to operations
- Establish risk context
- Identify system security risks
- Perform risk analysis
- Perform risk evaluation
- Recommend risk treatment options
- Document risk findings and decisions
- Determine stakeholder risk tolerance
- Identify remediation needs and other system changes
- Determine risk treatment options
- Assess proposed risk treatment options
- Recommend risk treatment options
- Analyse organizational and operational environment
3.2 Apply system security principles
3.3 Develop system requirements
3.4 Create system security architecture and design
Domain 3: Security Planning and Design
- Capture stakeholder requirements
- Identify relevant constraints and assumptions
- Assess and document threats
- Determine system protection needs
- Develop Security Test Plans (STP)
- Incorporate resiliency methods to address threats
- Apply defense-in-depth concepts
- Identify fail-safe defaults
- Reduce Single Points of Failure (SPOF)
- Incorporate least privilege concept
- Understand economy of mechanism
- Understand Separation of Duties (SoD) concept
- Develop system security context
- Identify functions within the system and security Concept of Operations (CONOPS)
- Document system security requirements baseline
- Analyze system security requirements
- Develop functional analysis and allocation
- Maintain traceability between specified design and system requirements
- Develop system security design components
- Perform trade-off studies
- Assess protection effectiveness
Domain 4: Systems Implementation, Verification and Validation
4.1 Implement, integrate and deploy security solutions
4.2 Verify and validate security solutions
- Perform system security implementation and integration
- Perform system security deployment activities
- Perform system security verification
- Perform security validation to demonstrate security controls meet stakeholder security requirements
Domain 5: Secure Operations, Change Management and Disposal
5.1 Develop secure operations strategy
5.2 Participate in secure operations
5.3 Participate in change management
5.4 Participate in the disposal process
- Specify requirements for personnel conducting operations
- Contribute to the continuous communication with stakeholders for security relevant aspects of the system
- Develop continuous monitoring solutions and processes
- Support the Incident Response (IR) process
- Develop secure maintenance strategy
- Participate in change reviews
- Determine change impact
- Perform verification and validation of changes
- Update risk assessment documentation
- Identify disposal security requirements
- Develop secure disposal strategy
- Develop decommissioning and disposal procedures
- Audit results of the decommissioning and disposal process
- Exam included
- Online exam voucher
Frequently asked questions
How can I create an account on myQA.com?
There are a number of ways to create an account. If you are a self-funder, simply select the "Create account" option on the login page.
If you have been booked onto a course by your company, you will receive a confirmation email. From this email, select "Sign into myQA" and you will be taken to the "Create account" page. Complete all of the details and select "Create account".
If you have the booking number you can also go here and select the "I have a booking number" option. Enter the booking reference and your surname. If the details match, you will be taken to the "Create account" page from where you can enter your details and confirm your account.
Find more answers to frequently asked questions in our FAQs: Bookings & Cancellations page.
How do QA’s virtual classroom courses work?
Our virtual classroom courses allow you to access award-winning classroom training, without leaving your home or office. Our learning professionals are specially trained on how to interact with remote attendees and our remote labs ensure all participants can take part in hands-on exercises wherever they are.
We use the WebEx video conferencing platform by Cisco. Before you book, check that you meet the WebEx system requirements and run a test meeting (more details in the link below) to ensure the software is compatible with your firewall settings. If it doesn’t work, try adjusting your settings or contact your IT department about permitting the website.
Learn more about our Virtual Classrooms.
How do QA’s online courses work?
QA online courses, also commonly known as distance learning courses or elearning courses, take the form of interactive software designed for individual learning, but you will also have access to full support from our subject-matter experts for the duration of your course. When you book a QA online learning course you will receive immediate access to it through our e-learning platform and you can start to learn straight away, from any compatible device. Access to the online learning platform is valid for one year from the booking date.
All courses are built around case studies and presented in an engaging format, which includes storytelling elements, video, audio and humour. Every case study is supported by sample documents and a collection of Knowledge Nuggets that provide more in-depth detail on the wider processes.
Learn more about QA’s online courses.
When will I receive my joining instructions?
Joining instructions for QA courses are sent two weeks prior to the course start date, or immediately if the booking is confirmed within this timeframe. For course bookings made via QA but delivered by a third-party supplier, joining instructions are sent to attendees prior to the training course, but timescales vary depending on each supplier’s terms. Read more FAQs.
When will I receive my certificate?
Certificates of Achievement are issued at the end the course, either as a hard copy or via email. Read more here.