I'm studying for the ISSAP exam and have been using the ISSAP CBK second edition as a study guide. I know the book is a little outdated due to the change in exam but there's really nothing else I could find.
I've been supplementing my study material with some NIST publications such as application security, cloud, virtualization, VOIP security, BYOD, incident response to name a few.
I've also found the recommended book Application Security in the ISO 27001 very helpful in understanding SDLC as the CBK book is quite lacking in this regard.
Any other books or recommendations for study material?
I'm a little confused with some of the topics for domain 5 (Security Architecture Modeling)
Verify and Validate Design (e.g., POT, FAT, regression). What do these acronyms stand for (POT, FAT)?