Industrial Security Professional

• Home • About Us • ExamPrep • Support • Opportunities • Ethics & CSR • Order • Cert Index • Printed Publications •

• CBCP • CPP • Supply Chain Certs • Management Certs • Accounting & Auditing • Contract Management • Security Certs • I.T. Certs • P.M. Certs • Order & FAQ •

CPP PSP ISP CPO

 

According to the NCMS, the basis for the ISP examination is mainly the National Industrial Security Program Operating Manual (NISPOM), the supplements, and other information security concomitant rules and regulations... etc.

ISP ExamFOCUS Study Notes

 

 

The ISP exam has 110 questions that much be answered in 120 minutes. There are 100 mandatory questions that form the core of the exam. All Candidates complete those questions. An additional 10 questions are on electives, with 4 elective areas available, which are COMSEC/TEMPEST, Counterintelligence, Intellectual Property, and OPSEC. Two electives must be chosen, 5 questions each.

The ISP exam has a coverage which is highly extensive - in fact so extensive that I wouldn't recommend taking the exam until you are fully drilled on the relevant topics. A major focus of the exam is on the NISPOM (National Industrial Security Program Operating Manual). There are many terms and definitions covered by this manual that are unknown to those hands-on security practitioners. 

Many ISP candidates are experienced professional who have been in the field of security for years, that they know most of the practical how-tos, and all they need is to learn the principles, concepts and science that are behind the essential security techniques. Going through all the reference material officially listed would be quite overwhelming for these busy professionals.   

ExamFOCUS Study Notes build a solid focus while revisiting key examination topics. Whether you are just starting to study, cramming at the last minute, or simply looking to refresh, this could prove to be a lifesaver!

To succeed in the exam you need to get yourself truly familiar with the most important information by going through sufficiently focused revision. This is where we fill the gap - you may think of our product as the unofficial supplement to the regular training class, or you may view it as a standalone module with a focus on building up your exam readiness.

As an effective learning aid implemented in the format of study notes, the ExamFOCUS ISP Study Notes package is designed to present information in an easy-to-understand, conversational format. Notes are well-written, technically accurate and completely representative of the key information covered by the exam.

The ExamFOCUS ISP Study Notes has TWO parts. Part ONE covers NISPOM specific information and comes in the format of intensive review, while Part TWO deals with Information Security in a broader general context. Below are the TOCs:

 

This product has been updated on 23 June, 2008. Approx page count is 185.

You may download the TOC in Macromedia Flash format HERE.


Part ONE:

For professionals with background in information security, a significant portion of the material presented in the NISPOM is basing on common and well known security principles and is nothing special at all. What could possibly get in the way are the specific terms, definitions and requirements written in the DoD language. After all, the NISPOM is never intended to serve as an exam prep tool.

Part 1 of the ISP ExamFOCUS Study Notes is developed with the goal of delivering only those DoD toned information that would give exam candidates difficulties in picking the right answers. General common-sense type information is not retained, therefore candidates can have their time spent most effectively. Essential topics are arranged in a logical flow to facilitate understanding of the information. Guiding questions are used to help address key exam concerns.

ORIGIN AND BASIC BACKGROUND       

WHAT IS THE NISPOM FOR, AND WHO DEVISED IT?  
WHAT ARE THE LEVELS OF SECURITY CLEARANCES? WHO ADMINISTER SECURITY CLEARANCE? WHO CAN BE GRANTED CLEARANCES?
WHAT DETERMINES ACCESS TO CLASSIFIED INFORMATION?
CAN CLEARANCE BE GRANTED ON A TEMPORARY BASIS? 
WHAT ARE THE VALID CLASSES OF INFORMATION? 
WHAT ARE THE ROLES INVOLVED?
WHAT IF CLEARANCE IS NOT GRANTED? ANY EXCEPTIONS ALLOWED?     

GENERAL REQUIREMENTS       

WHAT IS THE FSO REQUIREMENT? 
WHAT ARE THE RESPONSIBILITIES OF THE CONTRACTORS?  
WHAT ARE TO BE DONE WITH THE SECURITY REVIEWS, AND HOW ARE THEY DONE?  
HOW TO HANDLE DUPLICATIVE SECURITY REVIEWS?      
WHAT IS RISK MANAGEMENT, AND HOW DOES IT WORK?     

REPORTING  

WHAT KINDS OF EVENT MUST BE REPORTED?   
WHO REVIEWS CLASSIFIED/UNCLASSIFIED REPORTS?    
HOW DOES REPORT SUBMISSION WORK?   

FACILITY CLEARANCE      

WHAT IS A FCL, AND HOW IS IT APPLIED?  
HOW IS FCL PROCESSED WHEN A PARENT-SUBSIDIARY RELATIONSHIP EXISTS ON THE SIDE OF THE CONTRACTOR?   
WHAT ARE THE RESPONSIBILITIES OF A CONTRACTOR UNDER A FCL?
WHAT IS A MFO AND HOW WOULD CLEARANCE WORK FOR MFO?   
WHAT IF THE FCL COMES TO AN END? 
WHAT IF SUBCONTRACTORS ARE INVOLVED?

PERSONNEL CLEARANCE

WHO DETERMINES ELIGIBILITY OF ACCESS, AND WHO KEEPS THE RECORD?   
WHAT KINDS OF INVESTIGATION MAY NEED TO TAKE PLACE?     
WHAT GUIDELINES SHOULD A CONTRACTOR FOLLOW WHEN APPLYING FOR PCLS?
WHO ARE FOR SURE NOT ELIGIBLE FOR PCLS?  
WHAT GUIDELINES SHOULD CLEARED PERSONNEL FOLLOW?

FOREIGN INTEREST   

WHAT IS FOCI?    
WHAT IS SPECIAL ABOUT FCL UNDER FOCI?  
HOW ABOUT LIMITED FCL?     
HOW ABOUT SSA?      
WHAT ARE THE REQUIREMENTS WHEN FOCI COMES INTO PLAY?
WHAT IS A GSC AND WHAT DOES IT DO?
WHAT IS TCP? WHO ESTABLISH IT AND HOW DOES IT WORK?

SECURITY TRAINING

WHO PROVIDES THE NECESSARY TRAINING AND BRIEFING? IN WHAT MANNER?
WHAT SHOULD BE COVERED IN THE SECURITY BRIEFINGS?
WHAT IS SF312 AND HOW IS IT PROCESSED? 

INFORMATION CLASSIFICATION

WHAT IS CLASSIFIED INFORMATION AND WHAT IS NOT?
WHAT IS AN ORIGINAL CLASSIFICATION AND WHAT ARE THE MARKING REQUIREMENTS?
HOW ARE DERIVATIVE CLASSIFICATION DECISIONS MADE?
WHO IS RESPONSIBLE FOR PROVIDING THE NECESSARY SECURITY CLASSIFICATION GUIDANCE?
WHAT SHOULD BE COVERED BY A CONTRACT SECURITY CLASSIFICATION SPECIFICATION? WHO SHOULD MAINTAIN IT?
WHAT SHOULD BE DONE UPON CONTRACT COMPLETION?
WHAT SHOULD BE DONE IF THE EXISTING CLASSIFICATION IS BELIEVED TO BE INACCURATE?

CLASSIFICATION MARKINGS

HOW SHOULD MARKING BE DONE IN GENERAL?
WHO IS RESPONSIBLE FOR THE MARKINGS?
HOW SHOULD MARKING BE DONE FOR COMPLEX DOCUMENTS?
HOW ABOUT PORTION MARKING?
WHAT OTHER MARKINGS MAY HAVE TO BE USED?
HOW ABOUT THE PROCESSING MATERIAL?

SAFEGUARDING REQUIREMENTS

WHAT ARE THE SAFEGUARDING REQUIREMENTS FOR THE CONTRACTORS?
WHAT PROCEDURES AND POLICIES WOULD BE NECESSARY?
WHAT ABOUT ACCOUNTABILITY?
WHAT ABOUT TRANSMISSION AND SHIPMENT?
WHAT ABOUT STORAGE?

COMSEC & TEMPEST

 


Part TWO:

SECURITY THEORIES

THE COMPUTER SYSTEM ITSELF AS LARGELY AN UNTRUSTED SYSTEM
DEFENSE IN DEPTH
VULNERABILITIES
SECURITY MEASURES
STANDARDS AND GUIDELINES
THE SARBANESXLEY ACT AND THE COSO FRAMEWORK

INFORMATION SECURITY MANAGEMENT AND GOVERNANCE

IS MANAGEMENT ACTIVITIES
INFORMATION MANAGEMENT POLICY
ORGANIZATIONAL STRUCTURE AND SUPPORT
THE ROLE OF THE INFORMATION SECURITY MANAGER
IS CONTROL CLASSIFICATION
DEVISING YOUR OWN CLASSIFICATION SCHEME
ACCESS CONTROL MODELS
ACLS VERSUS CAPABILITIES
WHAT IS ORANGE BOOK, BY THE WAY?
TYPES OF ACCESS CONTROL
THE AAA CONCEPT
PRACTICAL ACCESS CONTROL MEASURES
ESTABLISHING ACCOUNTABILITY THROUGH EVENT LOGGING
IS GOVERNANCE GUIDANCE
BASIC OUTCOMES OF IS GOVERNANCE

PROTECTION OF INFORMATION ASSETS THROUGH SECURITY POLICY

INFORMATION ASSETS DEFINED
DATA CLASSIFICATIONS AND LAYER OF RESPONSIBILITIES
SECURITY POLICY
SECURITY MODELS AND MODES OF OPERATIONS
EXAMPLE POLICY
EFFECTIVE SECURITY MANAGEMENT PRACTICES AND HR
OWNERSHIP & RESPONSIBILITY
CONSEQUENCES OF VIOLATIONS
EVALUATION
SECURITY AWARENESS TRAINING
CHANGE CONTROL

IS PROGRAM MANAGEMENT, PROJECT MANAGEMENT AND CHANGE MANAGEMENT

INFORMATION SECURITY PLAN
INFORMATION SECURITY BASELINES
GENERAL GUIDELINES
SYSTEM CHANGE CONTROL
SOFTWARE DEVELOPMENT PROCESSES AND MODELS

INCIDENT RESPONSE (IR)

HIPAA

PLATFORM FOR PRIVACY PREFERENCES PROJECT (P3P)

OECD GUIDELINES

CEI COMMANDMENTS OF ETHICS

THE INFOSEC ASSESSMENT METHODOLOGY (IAM)

COVERT CHANNEL ANALYSIS

COMMON CRITERIA (CC)

PHYSICAL AND ENVIRONMENTAL SECURITY

INFORMATION RETENTION & DISPOSAL PROCEDURES
 

 


Special Promotional Offer: only USD$29

* We are NOT affiliated with nor endorsed by the NCMS.

 

 

 

All orders come with LIFE TIME FREE UPDATES. Unless otherwise stated, delivery time for all e-book (electronic delivery) orders is 24-hour after payment confirmation. There is no S/H charges for e-book delivery. Sales tax may apply depending on your location.

Copyright 2008 ExamREVIEW.NET. All rights reserved. Designated trademarks and brands are the property of their respective owners.

Subscribe  Terms of Use  Contact Us