cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
phil_
Viewer

ISSAP exam preperation and questions

Hello,

 

I'm studying for the ISSAP exam and have been using the ISSAP CBK second edition as a study guide. I know the book is a little outdated due to the change in exam but there's really nothing else I could find.

 

I've been supplementing my study material with some NIST publications such as application security, cloud, virtualization, VOIP security, BYOD, incident response to name a few.

 

I've also found the recommended book Application Security in the ISO 27001 very helpful in understanding SDLC as the CBK book is quite lacking in this regard.

 

Any other books or recommendations for study material?

 

I'm a little confused with some of the topics for domain 5 (Security Architecture Modeling)

Verify and Validate Design (e.g., POT, FAT, regression). What do these acronyms stand for (POT, FAT)?

 

3 Replies
Beads
Advocate I

Let's put the guide part into proper focus, here.

 

This question comes up once maybe twice a year, while the answer remains the same each time - read the bibliography. Everything you actually need to familiarize yourself and know is actually not so much in the book but in the bibliography and Index in the back of the book.

 

No one is expecting you to race out and buy everything listed in the bibliography but unless things have really changed much since I took the exam "way back when" there should be a number of .PDFs and websites related to each chapter you should find helpful.

 

Good luck with the exam.

 

 

CzechM8
Viewer II

To answer your question, I'm not sure what POT stands for, exactly, but given the context, I would guess some sort of penetration test.  FAT would then be Factory Acceptance Test.  This is hinted at because of the use of "regression" in the description. Hope this helps.

AlecTrevelyan
Community Champion

I note there's a JTA planned in the next few months for the ISSAP:

 

https://blog.isc2.org/isc2_blog/2018/12/cissp-issap-members-your-feedback-is-requested.html

 

I'm not sure what the timelines might be for any forthcoming changes to the exam though?