I'm studying for the ISSAP exam and have been using the ISSAP CBK second edition as a study guide. I know the book is a little outdated due to the change in exam but there's really nothing else I could find.
I've been supplementing my study material with some NIST publications such as application security, cloud, virtualization, VOIP security, BYOD, incident response to name a few.
I've also found the recommended book Application Security in the ISO 27001 very helpful in understanding SDLC as the CBK book is quite lacking in this regard.
Any other books or recommendations for study material?
I'm a little confused with some of the topics for domain 5 (Security Architecture Modeling)
Verify and Validate Design (e.g., POT, FAT, regression). What do these acronyms stand for (POT, FAT)?
Let's put the guide part into proper focus, here.
This question comes up once maybe twice a year, while the answer remains the same each time - read the bibliography. Everything you actually need to familiarize yourself and know is actually not so much in the book but in the bibliography and Index in the back of the book.
No one is expecting you to race out and buy everything listed in the bibliography but unless things have really changed much since I took the exam "way back when" there should be a number of .PDFs and websites related to each chapter you should find helpful.
Good luck with the exam.
To answer your question, I'm not sure what POT stands for, exactly, but given the context, I would guess some sort of penetration test. FAT would then be Factory Acceptance Test. This is hinted at because of the use of "regression" in the description. Hope this helps.
I note there's a JTA planned in the next few months for the ISSAP:
I'm not sure what the timelines might be for any forthcoming changes to the exam though?