suntosunto Posts: 29Member ■■■□□□□□□□
Do we have any CISSP-ISSAP cert holders? Looking for recommendations on study material, or if the ISC2 book is enough.

Disregard: I should have used the search function icon_sad.gif ;)


  • roxerroxer Posts: 130Member ■■■□□□□□□□
    Hello @sunto - I am looking to take that exam myself sometime after July (CRISC comes first). I see varying information with some saying the CBK is enough and others saying it takes more. With a lack of practice tests, it is all reading and hoping you are studying the right stuff. Good luck to you on the exam study journey! Maybe we can post study links here from the various threads?
    2018 Goals:
    To Complete: CISSP-ISSAP | CCSP | CAPM
    Start Master's Degree: WGU - MBA.ITM

    B.S., Business Studies in Computer Information Technology | SNHU
  • csjohnngcsjohnng Posts: 8Member ■■■□□□□□□□
    Hi , just pass the ISSAP today and I only start to study on the official CBK last weekend (bought March 2018), I have also gone through the ISC2 ISSAP FlashCard which give a bit content (and feeling what is about the domain changes). Other than above 2, I did not have or really use other material study. (I have download some NIST, Enterprise Security architecture by John Sherwood, but really don't have the time to study them) my sense, the CBK only cover 70-80% because of the domain change, rest some knowledge will require cloud knowledge where the CCSP material should help. Rest is really my day to day work and experience. I am not saying you should go to study TOGAF, SABSA and Zachman in full, but knowing them in high level will be definitely plus because in the ISSAP exam outline, Framework is clearly mentioned and you should not be surprise if there are questions related will be tested or asked. Disclaimer: I am a holder of CISSP (of course), CCSP and TOGAF.
  • ansionnachclisteansionnachcliste Posts: 70Member ■■■□□□□□□□

    I'm going to purchase the CBK book to hopefully sit the exam soon.

    I'm a CISSP holder but probably don't have much knowledge around security architecture, so I'm curious if you feel you learned a lot from the training materials?
  • csjohnngcsjohnng Posts: 8Member ■■■□□□□□□□
    ansionnachcliste, Not sure for others. Everyone has different situation and different area of expertise.

    I can only speak for myself and honestly for the CBK, not much for me. For a CISSP holder, I have been doing a lot of infrastructure security, architecture, governance, risk management and cloud stuff, the CBK is more or less an "assurance" to me.

    I myself just skim through the material in the CBK and they are not new to me, but more a "revision",  reminder or I should call an "assurance".
    I have printed out the new domain outline and put it side by side with the CBK to see which part of the book is mapped to the new domain to make sure I have covered most of the revised domain. (plus the flash card).

    Of course, the CBK is well written and give basic context and good content, but the old domains are not really in proportion to the new/revised domain which give people a bit headache (eg. in the CBK the whole domain 3 is about Crypto and in the new domain Crypto is only a tiny section and more on app security and cloud in the exam outline). So spend your time wisely is key.

    Unless you are so confident (or bold) to go straight for the exam or willing to pay close to 2K for the ISC2 ISSAP self place online course, reading the CBK is still the next best option. (the flash card is perhap better because it give me more confidence)

    Hope this helps and good luck.
  • ansionnachclisteansionnachcliste Posts: 70Member ■■■□□□□□□□
    That helps alot, thank you.

    I'm a GRC guy, with incident response and web app security, so the typical work experience area for me when it comes to security architecture is little. 

    Perhaps I can gain that assurance from the CBK when it comes to web applications and can fill in the gaps with the rest of the material.

Sign In or Register to comment.