ISSAP passed

ryonryon Registered Users Posts: 4 ■□□□□□□□□□
I passed the ISSAP exam this week. It was a tough exam, personally I was a lot less confident coming out than I had been after CISSP.

Some advice for those planning to take the exam. Don't bother with the ISSAP CBK. It's terrible. Apparently ISC2 are withdrawing it and producing something new. Almost everything you need to know is already in the CISSP CBK.

Obviously I can't disclose any specifics about the exam, but some areas from the Candidate Information Bulletin that I would particularly focus on from my experience:

Enterprise architecture - be familiar with SABSA, Zachmann etc, although you definitely don't need to know them inside out. You should be able to know which definition or attributes describe them.

Crypt - PKI and VPNs. Expect to be tested on digital certificates and how PKI is implemented. As far as VPNs go, I'd particularly recommend knowing about IPSec reasonably well, and generally be able to give a reason for choosing a particular method for protecting data in transit/at rest in a given scenario.

BCP/DR - You'll need to be able to reason why you would choose a particular recovery option given a scenario, etc.

Access control - Again, you'll have to be able to consider what the right solution is for a given scenario. Generally you'll be looking to identify the strongest option.

Common Criteria - know the EAL levels and some general familiarity with CC.

Most of the physical security stuff is straightforward, but revising the fire suppression, alarms, cameras etc from CISSP may be useful.

Thoughts overall - I'd recommend doing this as soon as possible after CISSP while all that information from studying and preparing is still fresh. It doesn't really require that you learn a lot more that what you would for CISSP, but the questions are a lot trickier. As with CISSP, it's often possible to eliminate 2 terrible answers and be left with 2 that seem pretty good.

Comments

  • ErtazErtaz Member Posts: 934 ■■■■■□□□□□
    Thank you for this review! I am definitely considering this as my next certification.
  • gncsmithgncsmith Member Posts: 459 ■■■□□□□□□□
  • renacidorenacido Member Posts: 387 ■■■■□□□□□□
  • sameojsameoj Member Posts: 366 ■■■□□□□□□□
  • gespensterngespenstern Member Posts: 1,243 ■■■■■■■■□□
    Congratz! What's next?
  • DAVIS NGUYENDAVIS NGUYEN Member Posts: 1,472 ■■■□□□□□□□
  • danny069danny069 Member Posts: 1,025 ■■■■□□□□□□
    Congrats and thank you for the write up, there are not many on the concentrations of the CISSP.
    I am a Jack of all trades, Master of None
  • davidhgagnedavidhgagne Registered Users Posts: 3 ■□□□□□□□□□
    Congratulations and thanks for your advice. I am planning to take the ISSAP Mid-April.
  • richymartinrichymartin Member Posts: 28 ■□□□□□□□□□
    Well done!

    I hope you don't mind me asking, whats your job? I'm considering this cert and i'm interested what other people do who go in for it.

    Thanks!
  • CyberscumCyberscum Member Posts: 795 ■■■■■□□□□□
    GJ ryon.

    How in depth was your studies. Did it just brush on topics like the CISSP, or did it dig into the tech side?

    I'm gonna shoot for this one soon.
  • ZzBloopzZZzBloopzZ Member Posts: 192
    Congrats! Do they have an "Associates" program for this? I will only have 1 full year of Engineering experience by August 1... and already starting to forget the CISSP material that I passed the other month.
Sign In or Register to comment.