nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

CISSP - ISSEP / ISSAP Study Material

Humbe

Hello once again,

I was wondering if anyone knew the best study material for both exams ?

Thanks!

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Humbe

Any ideas?

wes allen

After you mentioned it in the other thread I started looking into ISSAP a bit, there doesn't seem to be any solid single source books. From what I read, just get their study guide, but be prepared to hit source material, like Common Criteria, and maybe reread those domains in a CISSP book. Depending on where I end up the next couple months, I am really looking into ISSAP - that is the stuff I love to do, though most of my work these days is network infrastructure.

moyondizvo

Hi Humbe, Wes is right, I have had a look around and the only resources I was able to find are on the ISC Store, (ISC)²® Press Publications - Books & literature. It would be great if any of the guys who have passed the CISSP concentrations could shed some light on this.

GoodBishop

I plan to get the ISSAP at the end of the year - I was thinking about re-reading the normal CISSP book as well as the ISSAP book from ISC2.

Humbe

Thanks so much guys.

I've been researching a lot as well and there is not really much out there for the concentrations as they are quite hard to pass.

beads

Keep in mind that both change as of April 2013. The primary difference between the two exams is that the ISSEP is geared more toward the US Federal Government requirements while the ISSAP is geared strictly toward business skipping all that blue or orange book stuff.

The green books are both small and seemingly light on material as you might guess. Still they make for a primer to what you might find on the test in general. Very general at that. The real reason for purchasing one of the concentration test books is all in the bibliography of each section. Not that you have to buy each book or download each entry that's where your going to find the answers to questions on the test.

The test, at least the ISSAP, questions were much to a degree more technical, detailed and lengthy compared to what I saw on the CISSP. In other words: Be prepared to be kicked a bit. This is much more a technical exam than the CISSP.

Getting results. After sitting in my chair for nearly two and a half hours, on a computer (no paper any more), I was eager to get my results. Ummm...no: Please wait 6-8 weeks for the results. Just like the old paper based model. Take the test wait weeks for the results.

Good news is that I passed. The staff at my testing center were just fantastic to test with and friendly beyond belief while being quite professional. Taken tests in gulag type conditions as well. Bad news? Well, having to wait for nearly 8 weeks while someone grades my exam made for a long nervous wait. Spoken to a couple of folks who hadn't passed the ISSAP but had similar thoughts as my own above.

All I can say is "Good Luck!"

- beads

Humbe

Thank you so much beads for your input.

I had no idea the results would take so long. I was hoping seeing something like the CISSP exam to be honest. I was looking more into the ISSEP rather than the ISSAP since they describe the ISSEP as people with experience under Systems Engineer.

Do you have to present your resume again to show your architecture background in case of taking th

AnthonyF

Interesting my ISSMP results printed right out at the test center. Maybe you were an unlucky one who got tagged for some sort of scoring verification?

beads

Not uncommon. Depends on how many people take the exam in the quarter. If enough people take the test to have enough to grade against others you get your results right away. If not the ISC2 is either waiting for enough exam inputs to curve against or they are grading by hand so to say. Its on the website somewhere but its been awhile since I have looked at that section.

- beads

beads

Humbe;

No problem. Its definitely a more stringent exam compared to the CISSP. Took me about as long to complete as the CISSP in general. Best advice is to look for Rao's book on Amazon. Its the big wordy red one that has questions that appear to be overly technical and make hardened criminals cry types of questions. Those questions also correspond very well to what I saw on the ISSAP exam itself. That and all those additional reading entries. Otherwise I would have been completely unprepared. Crypto is very tough to the point of doing mental math, tough.

- beads

Humbe

Thank you so much beads.

I'll go ahead and take a good luck at that book and add it to the collection. Also regarding the verification process, did you have to send your resume again showing all your architecture background or they don't make you go through an endorsement process like in the CISSP?

beads

No problem. Since I was and still am a current CISSP there was no additional verification needed. Received an email congratulating me on passing the exam with my ISSAP number somewhere in the 22,000 range (not the actual number of passing grades, I'm sure). Never seen the number listed on the website, etc. So that's a whatever as the main number is used for cross reference purposes. About a week later I received one of those big cardboard envelopes with a new certificate. Pretty. Too bad I work in a place that hanging certs is seriously frowned upon.

Nothing extraordinary about the rest of the process once you pass.

And yes, the back of my car could once pass as the CISSP lending library for awhile. Still finding CISSP books I need to either recycle or put on a shelf somewhere. OK how about donating to a book collection for redistribution. Doubtful I will ever really need to go back and read any of them to be completely honest. Sounds good but highly unlikely.

- beads

Humbe

Lmao great post !!

I'm a current CISSP as well that's why I was wondering the need to prove the architecture experience.

Again, thank you so much for your guidance. I'll start my studies over the CISSP - ISSAP certification.

emerald_octane

wow i'll have to go for this one...

...someday

Humbe

emerald_octane wrote: »

wow i'll have to go for this one...

...someday

From what I read online not too many people hold this certificate. Making you very marketable out there.

moyondizvo

Really great post from Beads, thanks a lot for posting. Will probably be in next year's schedule as this year seems booked out...

...

wes allen

Got this in my email today - going to sign up!

http://education.isc2.org/concentrate/

dijital1

I would recommend that you really take your time preparing for the ISSEP. It's by far the most difficult exam that ISC2 puts out with initial pass rates hovering between 11 - 25% Unless you have a lot of experience with the systems engineering process as per the guidelines put out by NIST and DOD, prepare to spend a few months prepping for it.

It's unlike the other ISC2 exams in that the correct answer/document is based largely on which type of system you're being asking about (public sector, critical infrastructure, defense, federal, or a combination of them).

You have to understand the certification and accreditation process and which documents support it based on whether the system is for DoD, general gov or private sector.

Get intimately familiar with the NIST SP-800 series documents. Know what document is used for what and who it applies to. Know the FIPS documents; again what's in them and who they apply to. Simply knowing the document title isn't going to be enough.

It is by far the most difficult written exam that I've ever taken. Just make sure that you dedicate 2 - 3 months to prep for it and you should have a pretty good shot. It's much much harder than the CISSP, ISSAP or CSSLP exams.

Hope this helps...