ISSAP passed

ryonryon Registered Users Posts: 4 ■□□□□□□□□□
I passed the ISSAP exam this week. It was a tough exam, personally I was a lot less confident coming out than I had been after CISSP.

Some advice for those planning to take the exam. Don't bother with the ISSAP CBK. It's terrible. Apparently ISC2 are withdrawing it and producing something new. Almost everything you need to know is already in the CISSP CBK.

Obviously I can't disclose any specifics about the exam, but some areas from the Candidate Information Bulletin that I would particularly focus on from my experience:

Enterprise architecture - be familiar with SABSA, Zachmann etc, although you definitely don't need to know them inside out. You should be able to know which definition or attributes describe them.

Crypt - PKI and VPNs. Expect to be tested on digital certificates and how PKI is implemented. As far as VPNs go, I'd particularly recommend knowing about IPSec reasonably well, and generally be able to give a reason for choosing a particular method for protecting data in transit/at rest in a given scenario.

BCP/DR - You'll need to be able to reason why you would choose a particular recovery option given a scenario, etc.

Access control - Again, you'll have to be able to consider what the right solution is for a given scenario. Generally you'll be looking to identify the strongest option.

Common Criteria - know the EAL levels and some general familiarity with CC.

Most of the physical security stuff is straightforward, but revising the fire suppression, alarms, cameras etc from CISSP may be useful.

Thoughts overall - I'd recommend doing this as soon as possible after CISSP while all that information from studying and preparing is still fresh. It doesn't really require that you learn a lot more that what you would for CISSP, but the questions are a lot trickier. As with CISSP, it's often possible to eliminate 2 terrible answers and be left with 2 that seem pretty good.


Sign In or Register to comment.