Information Systems Security Engineering Professional (ISC2 ISSEP)


Seminar - Ziel

The Information Systems Security Engineering Professional (ISSEP) is a security leader who specializes in the practical application of systems engineering principles and processes to develop secure systems. An ISSEP analyzes organizational needs, defines security requirements, designs security architectures, develops secure designs, implements system security, and supports system security assessment and authorization for government and industry.
The broad spectrum of topics included in the ISSEP body of knowledge ensure its relevancy across all disciplines in the field of security engineering.

Teilnehmer - Zielgruppe

The CISSP-ISSEP is ideal for those working in roles such as:

  • Senior systems engineer
  • Information assurance systems engineer
  • Information assurance officer
  • Information assurance analyst
  • Senior security analyst

Kurs - Voraussetzungen

Candidates must be a CISSP in good standing and have two years' cumulative, full-time experience in one or more of the five domains of the current ISSEP outline.
Candidates must have a minimum of seven years' cumulative, full-time experience in two or more of the domains of the current ISSEP outline. Earning a post-secondary degree (bachelor's or master's) in computer science, information technology (IT) or related fields or an additional credential from the ISC2 approved list may satisfy one year of the required experience. Part-time work and internships may also count towards the experience requirement.


  • 3 Tage
  • 09:00 Uhr bis 17:00 Uhr


  • nach Absprache

Seminar-Inhalt / Agenda

Domain 1: Systems Security Engineering Foundations
1.1 Apply systems security engineering fundamentals

  • Understand systems security engineering trust concepts and hierarchies
  • Identify the relationships between systems and security engineering processes
  • Apply structural security design principles

1.2 Execute systems security engineering processes

  • Identify organizational security authority
  • Identify system security policy elements
  • Integrate design concepts (e.g., open, proprietary, modular)

1.3 Integrate with applicable system development methodology

  • Integrate security tasks and activities
  • Verify security requirements throughout the process
  • Integrate software assurance methods

1.4 Perform technical management

  • Perform risk management processes
  • Perform project assessment and control processes
  • Perform decision management processes
  • Perform risk management processes
  • Perform configuration management processes
  • Perform information management processes
  • Perform measurement processes
  • Perform Quality Assurance (QA) processes
  • Identify opportunities for security process automation

1.5 Participate in the acquisition process

  • Prepare security requirements for acquisitions
  • Participate in selection process
  • Participate in Supply Chain Risk Management (SCRM)
  • Participate in the development and review of contractual documentation

1.6 Design Trusted Systems and Networks (TSN)

Domain 2: Risk Management
2.1 Apply security risk management principles

  • Align security risk management with Enterprise Risk Management (ERM)
  • Integrate risk management throughout the lifecycle

2.2 Address risk to system

  • Establish risk context
  • Identify system security risks
  • Perform risk analysis
  • Perform risk evaluation
  • Recommend risk treatment options
  • Document risk findings and decisions

2.3 Manage risk to operations

  • Determine stakeholder risk tolerance
  • Identify remediation needs and other system changes
  • Determine risk treatment options
  • Assess proposed risk treatment options
  • Recommend risk treatment options

Domain 3: Security Planning and Design

3.1 Analyze organizational and operational environment

  • Capture stakeholder requirements
  • Identify relevant constraints and assumptions
  • Assess and document threats
  • Determine system protection needs
  • Develop Security Test Plans (STP)

3.2 Apply system security principles

  • Incorporate resiliency methods to address threats
  • Apply defense-in-depth concepts
  • Identify fail-safe defaults
  • Reduce Single Points of Failure (SPOF)
  • Incorporate least privilege concept
  • Understand economy of mechanism
  • Understand Separation of Duties (SoD) concept

3.3 Develop system requirements

  • Develop system security context
  • Identify functions within the system and security Concept of Operations (CONOPS)
  • Document system security requirements baseline
  • Analyze system security requirements

3.4 Create system security architecture and design

  • Develop functional analysis and allocation
  • Maintain traceability between specified design and system requirements
  • Develop system security design components
  • Perform trade-off studies
  • Assess protection effectiveness

Domain 4: Systems Implementation, Verification and Validation
4.1 Implement, integrate and deploy security solutions

  • Perform system security implementation and integration
  • Perform system security deployment activities

4.2 Verify and validate security solutions

  • Perform system security verification
  • Perform security validation to demonstrate security controls meet stakeholder security requirements

Domain 5:Secure Operations, Change Management and Disposal
5.1 Develop secure operations strategy

  • Specify requirements for personnel conducting operations
  • Contribute to the continuous communication with stakeholders for security relevant aspects of the system

5.2 Participate in secure operations

  • Develop continuous monitoring solutions and processes
  • Support the Incident Response (IR) process
  • Develop secure maintenance strategy

5.3 Participate in change management

  • Participate in change reviews
  • Determine change impact
  • Perform verification and validation of changes
  • Update risk assessment documentation

5.4 Participate in the disposal process

  • Identify disposal security requirements
  • Develop secure disposal strategy
  • Develop decommissioning and disposal procedures
  • Audit results of the decommissioning and disposal process

Weitere Schulungen zu Thema ISC2

Certified Cloud Security Professional (ISC2 CCSP)

- u.a. in Nürnberg, Berlin, Stuttgart, München, Köln

ISC2 developed the Certified Cloud Security Professional (CCSP) credential to ensure that cloud security professionals have the required knowledge, skills, and abilities in cloud security design, implementation, architecture, operations, controls, and compliance with regulatory ...

Certified Information Systems Security Professional (ISC2 CISSP)

- u.a. in Nürnberg, Berlin, Stuttgart, München, Köln

The Certified Information Systems Security Professional (CISSP) is the most globally recognized certification in the information security market. CISSP validates an information security professional’s deep technical and managerial knowledge and experience to effectively ...

Certified in Governance, Risk and Compliance (ISC2 CGRC)

- u.a. in Frankfurt am Main, Leipzig, Essen, Heidelberg, Mannheim

A professional earning the Certified in Governance, Risk and Compliance (CGRC) is an information security practitioner who advocates for security risk management in pursuit of information system authorization to support an organization’s mission and operations in accordance ...

Information Systems Security Management Professional (ISC2 ISSMP)

- u.a. in Frankfurt am Main, Köln, Essen, Darmstadt, Virtual Classroom

The Information Systems Security Management Professional (ISSMP) is security leader who specializes in establishing, presenting and governing information security programs and demonstrates management and leadership skills. ISSMPs direct the alignment of security programs with ...