Welcome to the CISSP-ISSAP Certification Study Group.
This is an open discussion forum for those studying for the CISSP-ISSAP certification.This forum provides an opportunity to connect with others preparing for the exam. Please follow all Community Guidelines regarding usage of this group, including adhering to the exam confidentiality policy.
Adhere to (ISC)² Exam Confidentiality
Does anyone know if there's any movement in terms of books for ISSAP?
This is pretty sad that ISC2 points to 10yr old book and there was no update to it. Things have changed so massively over the past few years.
Plenty of people have passed this exam in the absence of an up to date CBK.
It just requires a change to the exam prep method of reading the CBK and then doing a bunch of practice tests (as there aren't any good ones of those either the last time I checked) that many used to pass their CISSP and/or CCSP.
Even if there was an up to date CBK, it would still be recommended to supplement your education and experience using items from the suggested reference list, so my advice would be just to go straight to that.
Yes, you'll probably end up having to read more than one reference, but that's just how it goes.
Still, the newest material is from 2017... But it's what we have 🙂
Another question related to the study material, is there any kind of "CISSP-ISSAP Official ISC2 Student Guide", in the same standards as the CISSP and CCSP trainings (for students who have completed official ISC2 training)?
Would you be able to advise the estimated date for the new ISSAP CBK release date if there is anyone working on it?
Also, will it be possible to purchase a PDF note scripted version of the current Online Training Official (ISC)² CBK Training Seminar for the ISSAP for people who are keen but unable to pay a hefty price of USD 2,669.75 to study for it? I understand that the other online self-paced training from the (ISC)² e.g., for CISSP is around USD 900. Thanks.
So I took the test.....
I paid for and took the online ISSAP CBK Course, I purchased the official CBK book, I went through all of the online resources listed as material that they said I should be familiar with for the test, and I even went through any online resource I could find. I took my time and two and half months worth of study.
And.... I failed the test.
Frankly..... I'm PISSED! Cause none of that study prepared me for what I faced on this test. I am not sure what ISC2 plan is for these concentration but in my opinion the training needs a significant overhaul.
ISC2 should be stressing, particularly in official study materials, that their exams require relevant experience, and that nobody should expect to pass with study alone.
I wholly disagree that study alone shouldn't be enough. I do believe having working experience would help significantly in your success. As ISC2 states on their site:
This type of language clearly puts out the notion that those who should be taking this test do not necessarily need this experience you speak of.
Now before I double down here let me tell you that the content of the CBK course was informative and even the book had plenty of good information but let me repeat "IT DID NOT" prepare you for how the test presented you the information.
I would have expected the Quizes and Post-Course Test to be great resources on how you should be thinking about the information presented you in this course and IMPROVE your chances of SUCCESS and I just can't with confidence tell you that it does that well.
Even if you need experience to get this certification, I have been in IT for 15 years, nine years as an IT Administrator, six as an IT Security Professional, and as an IT Security Professional I have spent three of those as a Cyber Systems Engineer. I honestly don't know how much more experience you would need if that isn't enough.
Tough break man.
As Alec points out the reference sources and exam outline should be consulted for the concentrations, probably more so than the CBK. A lot of these certs I think also get quite esoteric/arcane and the CBK not having been updated for ten years is a bit of a red flag to me, especially with ISC2 pushing it’s training/entry level certs etc. Priorities and focus… but yes the CBK/Curriculum should reflect wat is tested.
On the “Who’s this cert for” blurbs… I’d personally rather go TOGAF/SABSA in this space if I wanted to stand out just as these are really clear, have methodologies, tools and practices built around them. Markitechture from ISC(2) has always been… a bit funny.
DoDD 8570.1 is probably the thing that matters most here, but not American so not sure on the glittering prizes it unlocks.
On the plus side now you know what it’s like you can probably pass on the second writing, and you might seek a mentor to help on technique/areas tested etc.
Goodluck with the retake, or moving on in a different direction.