Re: ISSAP: when will there be a new CBK refresh?

Cburdette90 · ‎06-19-2025

I’ve completed both the CISSP and CCSP, and I’m now looking to begin my journey toward the ISSAP. I’d really appreciate a solid, up-to-date study guide to support my preparation. It’s a bit frustrating how outdated the current CBK feels.

Steve-Wilme · ‎06-20-2025

Not all of it is outdated. IT DR/BCP has not fundamentally changed, although CSPs might take away some of that burden (ignored what happens when your CSP has significant downtime), cryptography is pretty much unchanged (quantum is yet a real commercial proposition), physical security is pretty much as it is, telecomms and networks may have advanced with zero trust, but how many organisations are really doing that for everything (most are in a hybrid state), which leaves access control which isn't massively changed (it could say more about biometrics and attribute based access, but it's still a good grounding in the field).

All the ISC2 qualification cover the basics, even the concentrations. If you want to delve deeper you need to read other sources.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS

AlecTrevelyan · ‎06-20-2025

I replied to a similar query a number of years ago here:

https://community.isc2.org/t5/Exams/Future-of-CISSP-Concentrations/m-p/41177/highlight/true#M1226

To summarise the salient points from my post:

In terms of being able to read a single book and then considering yourself to be a specialist that really isn't how I believe it should work.

Even when the CBKs were current, people used to complain they didn't cover everything they needed to know for the exam, so you were always encouraged to supplement your knowledge and experience by studying additional references - this is true of all ISC2 exams.

If you really want to study for the ISSAP, read the exam outline, identify any gaps in your knowledge and experience, choose books from the suggested reference list that will help you plug the gaps.

Current exam outline: https://edge.sitecorecloud.io/internationf173-xmc4e73-prodbc0f-9660/media/Project/ISC2/Main/Media/do...

New exam outline from 1st August 2025: https://edge.sitecorecloud.io/internationf173-xmc4e73-prodbc0f-9660/media/Project/ISC2/Main/Media/ce...

Suggested references: https://www.isc2.org/certifications/References

Cburdette90 · ‎06-21-2025

Thanks for the helpful information! I agree with most of it.

That said, I still don’t think it’s unreasonable to expect an updated CBK for this exam, especially now that it’s no longer just a concentration. The CBK link provided by ISC2 points to a book published back in 2013, according to Amazon.

Hopefully, when the exam is refreshed in August, we’ll finally see a new CBK released.

nkeaton · ‎06-23-2025

@Cburdette90 While that is a reasonable request, the CBK for the ISSAP is much more up to date than the one for the ISSEP. I did read the latest CBK for the ISSEP and ISSMP just for a historical perspective knowing that most of what I read was not testable. For these I made sure that I knew the exam objectives, and I read the NIST documents that I was not familiar with. I am planning for the ISSAP and did read the latest CBK for it as well as review the exam objectives and the NIST documents that I was not familiar with. Architecture is my weakest discipline of the three, but I want to at least try this and am approaching it the same way that I did the other two. These three exams do not comprise a lot of people; so I can understand why ISC2 would spend more time on the other certifications for currency. None of the former concentrations have ever had a book from Sybex, the current ISC2 publisher. All books available were through CRC. The CCSP will help you some for the cloud portion of architecture. Now that they are standalone certifications, maybe ISC2 will approach them differently but would not wait on that to happen. They also have a project to make all of the exams align better. Best wishes.

DJExamTeam · ‎06-24-2025

Thank you for contacting the ISC2 Community Board

The ISSAP Exam will be based on a new exam outline on August 1, 2025. Please view the new ISSAP Exam Outline for details.

Narsil · ‎08-26-2025

@Cburdette90 wrote:

Hopefully, when the exam is refreshed in August, we’ll finally see a new CBK released.

To your point, after a gap of 12 years since the release of "Official (ISC)2® Guide to the ISSAP® CBK - 2nd Edition" in 2013, ISC2 has overnight quietly released the following:

Cannot help but notice a VERY disappointing detail that states "365-day access" for both of the items.

ISC2....what were you thinking with this? There is also no information regarding the depth of of the content, or as simple as the number of pages.

nkeaton · ‎08-27-2025

@Narsil I wonder if that is the same eTextbook that comes with ISC2 training. Honestly for the former concentrations, it takes a lot more than a textbook for sure. I passed both the ISSEP and ISSMP without one with recommended NIST documents and lots of experience. The CGRC (formerly CAP) really does not have one. I waited for the one that came out to take my exam in 2012. It was clearly completely worthless and should not have waited to take my exam. It added zero to my studies or knowledge. I will guess that there is an eTextbook for it as well. The timing is actually not odd on this. All of the former concentrations changed exam objectives on August 1. So they had to come up with something for their training. Anything from CRC is the old ISC2 publisher. Sybex is the current official publisher of hard copy books.

Narsil · ‎08-27-2025

@nkeaton wrote:
@Narsil I wonder if that is the same eTextbook that comes with ISC2 training. Honestly for the former concentrations, it takes a lot more than a textbook for sure. I passed both the ISSEP and ISSMP without one with recommended NIST documents and lots of experience. The CGRC (formerly CAP) really does not have one. I waited for the one that came out to take my exam in 2012. It was clearly completely worthless and should not have waited to take my exam. It added zero to my studies or knowledge. I will guess that there is an eTextbook for it as well. The timing is actually not odd on this. All of the former concentrations changed exam objectives on August 1. So they had to come up with something for their training. Anything from CRC is the old ISC2 publisher. Sybex is the current official publisher of hard copy books.

Correct. If you click the links you will see each page does state that these are resources you get if you buy their digital course training for ISSAP.

To be honest the timing is not really related if you take into account history. They've been updating the domain content and exams for many years over the past 13 years since the last CBK, and never previously bothered to address the lack of official study materials. Even this course was a recent-ish addition.

Normally I'd say something is better than nothing, but this 365 day limitation is just ridiculous. If people are going to share things, they'll share things. They would've been better off water-marking the items at checkout, but even that only goes so far. One would think they'd want to encourage people take these more obscure courses, now that they stopped being concentrations for some time.

Time will tell.

nkeaton · ‎08-28-2025

@Narsil Thank you for your thoughts on this. I think that have offered an eBook on their training for a long time. I don’t think but not sure if ever offered practice questions for them. I am not aware of them selling it separately except for the CC. I can see offering a hard copy book for the more common exams such as the CISSP, but the former concentrations are only attempted by very few. Digital is definitely much mire common now. Best wishes in your journey.