Official (ISC)2Ю Guide to the CISSP-ISSEPЮ CBKЮ provides an inclusive analysis of all of the topics covered on the newly created ISSEP Exam. The first fully comprehensive guide to the test, it promotes understanding of the four ISSEP domains. It explains ISSE by comparing it to a traditional Systems Engineering model, enabling readers to see the correlation of how security fits into the design and development process. It also details key points of more than 50 U.S. government policies and procedures, which need to be understood in order to gain ISSEP certification. According to Jim Wiggins of SAIT/IMT who used the book to pass the test, which is typically passed by only 30 percent of applicants, "I'd say you've done a pretty good job in writing a book that helps prepare candidates for the test as well as provide them a great resource for understanding much of the process of the Federal Government relating to IA…."
When I started to write this book, my goal was to provide one reference source for information system security practitioners that would be preparing to take the Information Systems Security Engineering Professional® (ISSEP) exam. As the book began to take shape, I realized it was developing into more than just a study book for the ISSEP exam. It had become an encompassing overview of information systems security for the federal government sector, which has been the focus of my career as an information systems security professional.
By the time I took the Certified Information Systems Security Professional (CISSP®) exam in September 2000, I had already been working for several years as a government contractor performing information systems security work for the U.S. government (USG). An important part of my job is to read, understand, and interpret federal laws, regulations, and guidance. In addition to staying current on this wide array of information, I must also adequately provide guidance on how to make it apply and fit within a government agency. Since 1998, I have been working as a contractor for the U.S. Department of State at the Diplomatic Security Training Center. The primary focus of my professional work is on training and mentoring employees who have responsibility for adequately protecting information systems. The recently created ISSEP concentration exam has similar aims in that it tests the knowledge and skills of security professionals in the federal sector. My practical experience in designing and conducting training courses requires that I am well versed in the federal requirements for information systems security, thus the ISSEP exam provided me an opportunity to integrate my experience, practical knowledge, and the documented research in this field into a new publication.