ISSEP Training
Module 1: Systems Security Engineering Foundations
Ground floor for the ISSEP: how systems security engineering relates to systems engineering as a whole, the trust concepts and structural design principles the exam expects you to work from, and the technical management activities β configuration management, information management, measurement, quality assurance, procurement, and resource analysis β that keep security work aligned with the wider program.
- 1 What ISSEP Is 8 min Free preview
- 2 Systems Security Engineering Fundamentals and Trust 10 min π
- 3 Structural Design Principles: NIST and ISO Frameworks 10 min π
- 4 Executing SSE Processes: Hardware, Software, Data 10 min π
- 5 Organizational Security Authorities and Governance 9 min π
- 6 Design Concepts: Open, Proprietary, Modular 8 min π
- 7 Integrating Security into the SDLC 10 min π
- 8 Assurance Methods and Lifecycle Models 9 min π
- 9 Technical Management: CM, Information Management, Measurement, QA 10 min π
- 10 Technology Procurement Management and Supply Chain Risk 9 min π
- 11 Resource Analysis and Cost Estimation 9 min π
- 12 Reliability Metrics: MTBF, MTTF, MTTR, MTD 8 min π
Module 2: Risk Management
The ISSEP's risk management responsibility runs twice through the same six-step loop: once for risk to the system itself and once for risk to operations. This module walks through the principles, the loop, and the documentation that keeps risk posture visible to leadership.
- 1 Security Risk Management Principles 10 min π
- 2 Aligning Security Risk with Enterprise Risk Management 9 min π
- 3 Risk Management Integration Across the Lifecycle 9 min π
- 4 Establishing Risk Context 8 min π
- 5 Identifying System Security Risks 10 min π
- 6 Performing Inherent Risk Analysis 9 min π
- 7 Risk Evaluation and Treatment Decisions 9 min π
- 8 Monitoring Changes to Risk Posture 8 min π
- 9 Documenting Risk Posture: Findings and Decisions 8 min π
- 10 Managing Risk to Operations 9 min π
Module 3: Security Planning and Engineering
Where the ISSEP does the most engineering. Analyzing the organizational and operational environment, applying system security principles from resiliency through least privilege, developing the security requirements baseline, and creating a system security design that survives trade studies.
- 1 Analyzing the Organizational and Operational Environment 9 min π
- 2 Capturing Stakeholder Requirements 9 min π
- 3 Roles, Responsibilities, Constraints, and Assumptions 8 min π
- 4 Preparing the Security Validation Plan 8 min π
- 5 Resiliency and Layered Security 10 min π
- 6 Fail-Safe Defaults and Single Points of Failure 8 min π
- 7 Least Privilege, Economy of Mechanism, and Separation 9 min π
- 8 Automation, SecDevOps, and Software Assurance 9 min π
- 9 Developing System Requirements and Security Context 9 min π
- 10 Documenting the Security Requirements Baseline 8 min π
- 11 Creating the System Security Design and Trade-off Studies 10 min π
Module 4: Systems Security Implementation, Verification, and Validation
Where designs become working systems and working systems are proven to satisfy the requirements they were built for. Implementation and integration, CI/CD and DevSecOps discipline, security test planning and execution, and the stakeholder acceptance record.
- 1 Implementing Security Solutions 9 min π
- 2 Integrating Security into the System 8 min π
- 3 Continuous Integration and Continuous Delivery 9 min π
- 4 DevSecOps in the Engineering Lifecycle 8 min π
- 5 Developing Security Test Plans 8 min π
- 6 Supporting System Security Verification 8 min π
- 7 Verification vs Validation Methods 8 min π
- 8 Reviewing and Updating Risk Analysis Post-Implementation 8 min π
- 9 Documenting Stakeholder Acceptance 7 min π
- 10 Testing AI and Emerging Technology Components 8 min π
Module 5: Secure Operations, Change Management, and Disposal
The operational life of the system, from initial secure operations planning through continuous monitoring, incident response, change management under sustained operation, and eventually secure disposal at end of life.
- 1 Developing the Secure Operations Plan 8 min π
- 2 Security Event Reporting Requirements 7 min π
- 3 Continuous Monitoring Design 8 min π
- 4 Supporting the Incident Response Process 8 min π
- 5 Secure Maintenance and Change Reviews 8 min π
- 6 Change Impact Assessment and Verification 7 min π
- 7 Secure Disposal, Decommissioning, and Data Retention 8 min π
