The Information Systems Security Architecture Professional (ISSAP) is a CISSP who distinguishes in planning security solutions and offering management with risk-based guidance to achieve organizational goals. They are experts in promoting the alignment of security solutions within the organizational context, such as mission, vision, policies, strategy, change, requirements, and external factors.
CISSP-ISSAP certification is for network security professionals with at least two years of architecture experience. Only those with an excellent CISSP compliance record can sit for the exam. It can be taken into account as official recognition of high expertise in Information Security Architecture. These professionals are positioned at significant roles and usually, design, develop, and analyze a comprehensive security plan.
What are the CISSP-ISSAP Domains?
The CISSP-ISSAP domains include access management systems and methodology, communications and network security, cryptography, security architecture analysis, technology-related business continuity planning, and disaster recovery planning, and physical security considerations.
-
Architect for Governance, Compliance and Risk Management (17%)
-
Security Architecture Modeling (15%)
-
Infrastructure Security Architecture (21%)
-
Identity and Access Management (IAM) Architecture (16%)
-
Architect for Application Security (13%)
-
Security Operations Architecture (18%)
ISSAP Exam Structure
-
Exam Name: ISC2 Information Systems Security Architecture Professional (CISSP-ISSAP)
-
Exam Code: CISSP-ISSAP
-
Exam Price: $599 (USD)
-
Duration: 180 minutes
-
Number of Questions: 125
-
Passing Score: 700/1000
The Skills Tested by the CISSP-ISSAP Exam
The ISSAP exam will validate your skills by measuring your ability to:
-
Develop an architecture that assures the reliability and security of the information systems design of an organization.
-
Categorize and install physical access controls, enabling your organization’s information security model to identify, prevent, and respond to any suspicious activity.
-
Recognize and explain how cryptography can secure organizational data and connection from external and internal threats and your skills to implement it.
-
Choose products for organizational communication by its measures and standards, and execute and monitor for optimal performance.
-
Understand and recognize adverse events that may lead to threatening the standard functioning of the organization.
-
Implement soft and hard concepts to access control methodologies.
The Best Study Resources for CISSP-ISSAP Exam Preparation
Below are some study resources for ISC2 CISSP-ISSAP Exam Preparation:
Study Tips for the CISSP-ISSAP Exam
-
To start with, you must know the basic details about the ISSAP exam by now. But what you need to prepare yourself for is a very difficult exam in itself. Here are some useful study tips that will help you prepare for the exam competently and in a short time frame. Let’s look at some of these tips.
-
Create a study schedule. A study schedule will allow you to outline all study milestones and complete them at the right time. It is essential that you study all six domains thoroughly, and dividing your time into days or weeks for each domain will help in simply accomplishing the goals. Mark your ISC2 CISSP-ISSAP exam date on your office calendar or use a bold font to get reminders consistently.
-
Prepare small notes. Write down all important points and make brief notes for yourself for later revision.
-
Perform practice tests. This will help you create an understanding of how an actual exam is. The more practice tests you take, the more confident you will be while acing the exam. You will also learn to break up your time equally for all ISSAP questions in the exam.
Conclusion
The CISSP-ISSAP certification adds a special badge of expertise and experience for CISSP professionals. An ISSAP certified architect leads an important role in the IT security domain and has responsibilities that lie at the higher managerial tier of the organization. This role not only demands broad knowledge and experience in technology but is also thoroughly concerning the analytical aspect of information security.