ISSEP Training Course

ISSEP Training

Module 1: Systems Security Engineering Foundations

Ground floor for the ISSEP: how systems security engineering relates to systems engineering as a whole, the trust concepts and structural design principles the exam expects you to work from, and the technical management activities β€” configuration management, information management, measurement, quality assurance, procurement, and resource analysis β€” that keep security work aligned with the wider program.

  • 1 What ISSEP Is 8 min Free preview
  • 2 Systems Security Engineering Fundamentals and Trust 10 min πŸ”’
  • 3 Structural Design Principles: NIST and ISO Frameworks 10 min πŸ”’
  • 4 Executing SSE Processes: Hardware, Software, Data 10 min πŸ”’
  • 5 Organizational Security Authorities and Governance 9 min πŸ”’
  • 6 Design Concepts: Open, Proprietary, Modular 8 min πŸ”’
  • 7 Integrating Security into the SDLC 10 min πŸ”’
  • 8 Assurance Methods and Lifecycle Models 9 min πŸ”’
  • 9 Technical Management: CM, Information Management, Measurement, QA 10 min πŸ”’
  • 10 Technology Procurement Management and Supply Chain Risk 9 min πŸ”’
  • 11 Resource Analysis and Cost Estimation 9 min πŸ”’
  • 12 Reliability Metrics: MTBF, MTTF, MTTR, MTD 8 min πŸ”’

Module 2: Risk Management

The ISSEP's risk management responsibility runs twice through the same six-step loop: once for risk to the system itself and once for risk to operations. This module walks through the principles, the loop, and the documentation that keeps risk posture visible to leadership.

  • 1 Security Risk Management Principles 10 min πŸ”’
  • 2 Aligning Security Risk with Enterprise Risk Management 9 min πŸ”’
  • 3 Risk Management Integration Across the Lifecycle 9 min πŸ”’
  • 4 Establishing Risk Context 8 min πŸ”’
  • 5 Identifying System Security Risks 10 min πŸ”’
  • 6 Performing Inherent Risk Analysis 9 min πŸ”’
  • 7 Risk Evaluation and Treatment Decisions 9 min πŸ”’
  • 8 Monitoring Changes to Risk Posture 8 min πŸ”’
  • 9 Documenting Risk Posture: Findings and Decisions 8 min πŸ”’
  • 10 Managing Risk to Operations 9 min πŸ”’

Module 3: Security Planning and Engineering

Where the ISSEP does the most engineering. Analyzing the organizational and operational environment, applying system security principles from resiliency through least privilege, developing the security requirements baseline, and creating a system security design that survives trade studies.

  • 1 Analyzing the Organizational and Operational Environment 9 min πŸ”’
  • 2 Capturing Stakeholder Requirements 9 min πŸ”’
  • 3 Roles, Responsibilities, Constraints, and Assumptions 8 min πŸ”’
  • 4 Preparing the Security Validation Plan 8 min πŸ”’
  • 5 Resiliency and Layered Security 10 min πŸ”’
  • 6 Fail-Safe Defaults and Single Points of Failure 8 min πŸ”’
  • 7 Least Privilege, Economy of Mechanism, and Separation 9 min πŸ”’
  • 8 Automation, SecDevOps, and Software Assurance 9 min πŸ”’
  • 9 Developing System Requirements and Security Context 9 min πŸ”’
  • 10 Documenting the Security Requirements Baseline 8 min πŸ”’
  • 11 Creating the System Security Design and Trade-off Studies 10 min πŸ”’

Module 4: Systems Security Implementation, Verification, and Validation

Where designs become working systems and working systems are proven to satisfy the requirements they were built for. Implementation and integration, CI/CD and DevSecOps discipline, security test planning and execution, and the stakeholder acceptance record.

  • 1 Implementing Security Solutions 9 min πŸ”’
  • 2 Integrating Security into the System 8 min πŸ”’
  • 3 Continuous Integration and Continuous Delivery 9 min πŸ”’
  • 4 DevSecOps in the Engineering Lifecycle 8 min πŸ”’
  • 5 Developing Security Test Plans 8 min πŸ”’
  • 6 Supporting System Security Verification 8 min πŸ”’
  • 7 Verification vs Validation Methods 8 min πŸ”’
  • 8 Reviewing and Updating Risk Analysis Post-Implementation 8 min πŸ”’
  • 9 Documenting Stakeholder Acceptance 7 min πŸ”’
  • 10 Testing AI and Emerging Technology Components 8 min πŸ”’

Module 5: Secure Operations, Change Management, and Disposal

The operational life of the system, from initial secure operations planning through continuous monitoring, incident response, change management under sustained operation, and eventually secure disposal at end of life.

  • 1 Developing the Secure Operations Plan 8 min πŸ”’
  • 2 Security Event Reporting Requirements 7 min πŸ”’
  • 3 Continuous Monitoring Design 8 min πŸ”’
  • 4 Supporting the Incident Response Process 8 min πŸ”’
  • 5 Secure Maintenance and Change Reviews 8 min πŸ”’
  • 6 Change Impact Assessment and Verification 7 min πŸ”’
  • 7 Secure Disposal, Decommissioning, and Data Retention 8 min πŸ”’