ISC2 ISSEP (2021 Update) Learning Path

Learn all aspects of system security engineering while preparing for the exam.

9 hours, 22 minutes

Quick facts

About this learning path

  • courses

    100% online

  • Duration

    9 hours, 22 minutes

  • Assessment


About ISC2 ISSEP (2021 Update)

Explore the ISSEP certification. CISSPs who are awarded this additional concentration have demonstrated their knowledge in the practical application of system and security engineering principles and the processes to develop a secure system. An ISSEP analyzes organizational needs, defines security requirements, designs security architectures, develops secure designs, implements system security and supports system security assessment and authorization for government and industry.



CISSP-ISSEP Practice Exam

Assessment - 125 questions

Introduction to System Security Engineering

Course - 01:41:00

Is all engineering created equal? In a sense, yes. Generally speaking, each of the discrete engineering processes we see today evolved from ancient engineering practices. Over 7,000 years ago, humans were defining problem spaces and creating solutions to solve the problems. While our approach today might seem more sophisticated, the core principles still hold true. The object of these discussions is to familiarize you with these engineering practices. The principles and practices presented herein will serve you well for both the certification prep and for building engineering knowledge.
Domain 1: Systems Security Engineering Foundations

Course - 01:48:00

Trust being the key word here: we can build trust into our enterprises, but it requires a good understanding of the basic principles presented in these sessions. Assurance is achieved by incorporating both risk and security management practices into all business processes. Domain 1 focuses on applying, executing and integrating security into the engineering process.
Domain 2: Risk Management

Course - 01:35:00

All current "best" practice organizations today are promoting a risk-based approach to managing security. Risk management has been identified as a critical component for success. The institutionalization of both risk and security management practices into every system development life cycle promote a risk- and security-aware culture for the organization. Your knowledge of risk management strategies and frameworks will aid you not only in the test, but also in the course of your work.
Domain 3: Security Planning and Design

Course - 01:04:00

As an ISSEP, you will work closely with security architects to provide solutions to address your organizational risk. To be effective, you must know how to translate requirements into design and then into solutions. You must work with your stakeholders to address their security needs. In Domain 3, we address several core principles including, but not limited to, the necessity of understanding your environment, applying core security principle, developing security requirements and creating your security architecture.
Domain 4: Systems Implementation, Verification and Validation

Course - 00:27:00

There are three mandatory requirements when considering security controls: They must be implemented correctly; they must be functioning as designed; and above all, they must achieve the control objective. Every control that is implemented into our cyber-ecosystem should be both verified and validated. In this domain, we explore the requirements laid out in NIST SP800-37 Rev. 2 and NIST SP800-53A Rev. 5.
Domain 5: Secure Operations, Change Management and Disposal

Course - 01:45:00

Implementing any program starts with the creation of a high-level plan. Our security program is the day-to-day execution of our security strategy. Secure operations deals with our evolving cybersecurity ecosystem. The operational environment is fluid, changing constantly; the ISSEP should be familiar with all operational considerations. In this domain, we hit the highlights of several important operational activities.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Learn about scholarships and financing with

Affirm logo