Categories
Welcome Center
Education & Development
Discussions
Certification Preparation
Recent Posts
Groups
Free Resources
Ebooks
Free Workshops
Trending Certifications Infographic
Infosec Training
IT & Security Training
Live Boot Camps
Security Awareness Training
About Infosec Institute
Home
Certification Preparation
ISC2
SSCP
ISSAP passed
ryon
I passed the ISSAP exam this week. It was a tough exam, personally I was a lot less confident coming out than I had been after CISSP.
Some advice for those planning to take the exam. Don't bother with the ISSAP CBK. It's terrible. Apparently ISC2 are withdrawing it and producing something new. Almost everything you need to know is already in the CISSP CBK.
Obviously I can't disclose any specifics about the exam, but some areas from the Candidate Information Bulletin that I would particularly focus on from my experience:
Enterprise architecture - be familiar with SABSA, Zachmann etc, although you definitely don't need to know them inside out. You should be able to know which definition or attributes describe them.
Crypt - PKI and VPNs. Expect to be tested on digital certificates and how PKI is implemented. As far as VPNs go, I'd particularly recommend knowing about IPSec reasonably well, and generally be able to give a reason for choosing a particular method for protecting data in transit/at rest in a given scenario.
BCP/DR - You'll need to be able to reason why you would choose a particular recovery option given a scenario, etc.
Access control - Again, you'll have to be able to consider what the right solution is for a given scenario. Generally you'll be looking to identify the strongest option.
Common Criteria - know the EAL levels and some general familiarity with CC.
Most of the physical security stuff is straightforward, but revising the fire suppression, alarms, cameras etc from CISSP may be useful.
Thoughts overall - I'd recommend doing this as soon as possible after CISSP while all that information from studying and preparing is still fresh. It doesn't really require that you learn a lot more that what you would for CISSP, but the questions are a lot trickier. As with CISSP, it's often possible to eliminate 2 terrible answers and be left with 2 that seem pretty good.
Find more posts tagged with
Save $250 on 2025 certification boot camps from Infosec!
Book now with code EOY2025
Button
Comments
Ertaz
Thank you for this review! I am definitely considering this as my next certification.
gncsmith
Congrats!
renacido
Congrats!!
sameoj
Congrats
gespenstern
Congratz! What's next?
DAVIS NGUYEN
Congrats!
danny069
Congrats and thank you for the write up, there are not many on the concentrations of the CISSP.
davidhgagne
Congratulations and thanks for your advice. I am planning to take the ISSAP Mid-April.
NOC-Ninja
Congratulations
richymartin
Well done!
I hope you don't mind me asking, whats your job? I'm considering this cert and i'm interested what other people do who go in for it.
Thanks!
Cyberscum
GJ ryon.
How in depth was your studies. Did it just brush on topics like the CISSP, or did it dig into the tech side?
I'm gonna shoot for this one soon.
ZzBloopzZ
Congrats! Do they have an "Associates" program for this? I will only have 1 full year of Engineering experience by August 1... and already starting to forget the CISSP material that I passed the other month.
Quick Links
All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of
INFOSEC Boot Camps
$250
OFF
Use code
EOY2025
to receive $250 off your 2025 certification boot camp!
BROWSE BOOT CAMPS
