Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.


Information Systems Security Engineering Professional (ISSEP)

via Cybrary


ISSEP training builds on the principles found in CISSP but focuses on the processes used to develop secure systems. This course will provide the student with a solid understanding of the five ISSEP domains along with the key areas of knowledge critical to meeting the rigors of this concentration. While not an exam preparation course, the Cybrary ISSEP course aims to provide a solid starting point for such study.

Target Audience for ISSEP Training

Students who hold the CISSP certification looking to pursue the ISSEP concentration and all others looking to improve their understanding of systems engineering principles related to information and cybersecurity.

Prerequisites for ISSEP Training

Ideally, the student taking this course will have completed the CISSP Certification. If not, equivalent knowledge of CISSP, CASP, and/or CISM materials will support the course goals and learning objectives

ISSEP Training Course Goals

By the end of this course, students should be able to:

  • Understand and describe the components of the ISSEP Domains
  • Describe the Information Systems Security Engineering (ISSE) Process
  • Describe the System Development Life Cycle (SDLC)
  • Describe the key related National Institutes for Standards and Technologies (NIST) standards
  • Create an ISSEP study plan

What is the Information Systems Security Engineering Professional Certification?

The Information System Security Engineering Professional (ISSEP) certification is a vendor-neutral credential that validates an individual's proficiency in designing, creating, and implementing security for information systems, services, and applications. The ISSEP certification is awarded by the Information Security Consortium (ISC2) as a concentration area for the Certified Information System Security Professional (CISSP) credential.

The ISSEP credential ensures that an individual understands the relationship between systems and security engineering and can identify information security needs, design security architecture, create a security design, and implement system security.

What Does the ISSEP Training Cover?

This intermediate-level course covers the ISSEP concentration area of the Certified Information Systems Security Professional program. Students will learn about the five ISSEP domains and the key concepts that pertain to the specific focus of this concentration. In addition to the five domains, the course covers the information systems security engineering process, the system development life cycle (SDLC), and the related National Institutes for Standards and Technologies (NIST) standards. Students should then be able to create an ISSEP study plan that will assist them in preparing for the ISSEP certification exam.

The ISSEP training course is ideal for any students who have already earned the CISSP certification and want to improve their understanding of cybersecurity's engineering side. This may include professionals in the following roles:

• Information assurance officers • Information assurance systems engineers • Information assurance analysts • Senior security analysts • Senior systems engineers

While there are no hard and fast prerequisites for this course, it's recommended that students who enroll have already earned their CISSP certification. If they haven't, then an equivalent working knowledge of CISSP, CompTIA Advanced Security Practitioner (CASP), or Certified Information Security Manager (CISM) skills will be helpful.

Upon finishing this course, students will complete 5 hours and 58 minutes of clock time, earn 6 CEUs/CPEs, and will receive a Certificate of Completion.

Is the CISSP-ISSEP Certification Worth It?

Earning ISC2's Certified Information System Security Professional certification is an accomplishment that comes with many benefits. When a concentration area like ISSEP is added, it opens the door to even more advantages and opportunities. Concentration areas add depth and mastery beyond the CISSP, providing those professionals who hold them with a leg up on specific roles that command better salaries, increased responsibilities, and more career satisfaction.

Here are some reasons that the CISSP-ISSEP certification is worth it:

• Distinguished skillset. Having specialized skills demonstrates a deeper and broader understanding of the common body of knowledge in the cybersecurity industry. • Career advancement opportunities. Credentials in concentration areas demonstrate a higher, more specialized level of expertise that raises credibility, visibility, and opens more doors for career advancement. • Higher salaries. IT professionals who hold certifications are typically paid higher salaries than their uncertified counterparts. • Global recognition. Certifications from ISC2 are globally recognized and held in high regard all over the world.

What Jobs Does the CISSP-ISSEP Certification Prepare You For?

There are various job roles that the CISSP-ISSEP prepares candidates for, including the Information System Security Engineer. While job titles may vary depending on the company, some of the common CISSP-ISSEP jobs are: • Cybersecurity Analyst • Cybersecurity Engineer • Cybersecurity Threat Detection Specialist • Security Architect • Security Engineer • Cybersecurity Program Director

What Salary Does the ISSEP Certification Earn?

In the U.S., the average salary for IT professionals with the CISSP-ISSEP certification is $148,433, according to The exact salary that can be expected depends on the specific organization, its size, a candidate's experience, and other factors. How is it Best to Learn ISSEP?

Our Information System Security Engineering Professional (ISSEP) training course is the ideal starting point for students who want to learn about this CISSP concentration area. While it's not meant to be a certification exam preparation course, it will give students a solid foundation of the five domains included in the exam.

Cybrary is a leading provider of online technology training courses, and we are happy to help students expand their IT knowledge to better their careers. All the courses in our extensive library are online, self-paced, and taught by subject matter experts. This makes Cybrary practical and convenient for students. To learn more about ISSEP, enroll for this training by clicking the Register button at the top right of this screen.


  • Overview
    • Course Overview
    • CISSP Concentrations
    • CISSP Domains Review
    • ISSEP Domains
    • Information Systems Security Engineer Roles
    • Module Summary
  • Domain 1: Systems Security Engineering Foundations
    • Objectives and Introduction to Systems Security Engineering
    • Fundamentals
    • Processes
    • Development Methodologies
    • Technical Management
    • Acquisition Process
    • Trusted Systems and Networks
    • Module Summary
  • Domain 2: Risk Management
    • Objectives and Review of Risk Management
    • Enterprise Risk Management
    • Risk Context, Analysis, and Evaluation
    • Risk Findings and Decisions
    • Stakeholder Risk Tolerance
    • Risk Remediation and System Changes
    • Risk Treatment Options
    • Module Summary
  • Domain 3: Security Planning and Design
    • Objectives and Security Planning and Design Overview
    • Stakeholder Requirements
    • Threats and Resilience
    • System Security Principles
    • Context, CONOPS, and Requirements Documents
    • Functional Analysis
    • Requirements Traceability
    • Trade-Off Studies
    • Module Summary
  • Domain 4: Systems Implementation, Verification and Validation
    • Objectives and Technical Processes
    • Implementation
    • Verification
    • Validation
    • Stakeholder Communications
    • Module Summary
  • Domain 5: Secure Operations, Change Management and Disposal
    • Objectives and Introduction to Operations
    • Secure Operations
    • Continuous Monitoring
    • Secure Maintenance and Supply Chain
    • Incident Response
    • Change Management
    • Disposal Strategies
    • Decommissioning and Disposal Processes
    • Module Summary
  • Information Systems Security Engineering (ISSE) Process
    • Objectives and Generic Systems Engineering (SE)
    • Comparing SE and ISSE Activities
    • Discover Information Protection Needs (Discover Needs)
    • Define System Security Requirements (Define System Requirements)
    • Define System Security Architecture (Define System Architecture)
    • Develop Detailed Security Design (Develop Detailed Design)
    • Implement System Security (Implement System)
    • Assess Information Protection Effectiveness (Assess Effectiveness)
    • Module Summary
  • System Development Life Cycle (SDLC)
    • Objectives and Types of System Development
    • Introduction to the SDLC
    • Initiation
    • Acquisition/Development
    • Implementation and Assessment
    • Assessment - DITSCAP/DIACAP/RMF
    • Operations and Maintenance
    • Disposal
    • Module Summary
  • Key NIST Standards
    • Objectives and Introducing NIST and Standards
    • NIST SP 800-160: Systems Security Engineering
    • NIST SP 800-53: Security and Privacy Controls for Federal Information Systems and Organizations
    • NIST SP 800-88: Guidelines for Media Sanitization
    • NIST SP 800-100: Information Security Handbook: A Guide for Managers
    • NIST Cybersecurity Framework
    • FIPS PUB 140-2: Security Requirements for Cryptographic Modules
    • Module Summary
  • Concentration Insights
    • Objectives and Review of ISSEP Domains
    • Documents that an ISSE Should Know
    • Systems Security Engineering Capability Maturity Model
    • ISSE and SLDC Linkages
    • Preparing for the ISSEP Exam
    • Module Summary

Taught by

Brad Rhodes


Start your review of Information Systems Security Engineering Professional (ISSEP)

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.