I've just been through the timespan of the official ISC2 ISSMP training. Rather expensive, and not that helpful. I'm passing this on for those that are considering this concentration. I already have ISSAP and looked forward to working on another.
First problem, which probably isn't that common is that the material is entirely for use in the USA. I'm OK with ISC2 being primarily a US organisation but the ISSAP doesn't really have any use outside the US at least based on the material I got through.
Second, the material provided is very simplistic the heavy lifting is done by external links to organisations like NIST or Mitre. Many of these links were broken or to standards that have expired. Also, the course material really gave no indication what the learning outcome of these external links is or how long to spend studying them.
To do justice to all the links and have a full time Cyber security job I don't think a time limit on the material is a good idea. Without employer support it might not be worth the risk, especially if you're risking your own money. On that latter point, you don't get the standard text books even in Kindle form you are expected to buy these on top of the course costs.
Last thing, there is no tutor guidance, only generalities. What does the ISC2 think we should know to do this job well? I honestly couldn't tell.
So, if you just want to pass, buy the books and read them until you can quote them in your sleep. If you want to learn how to be a good ISSMP start with a tutor driven face 2 face course. The online version falls between two posts and is probably best avoided in its current form.
Saddened to hear that you feel the ISSAP is US centric only. For years, many folks have/had worked to ensure that the materials/exams were international in nature.
I am really taken back that the AP is not more generic. Architecture should be architecture regardless (of course that is only my opinion) of location.
As to the ISSMP material not being useful, I believe that information should be passed along to the education folks. We can ask @ToniHahn if she could share you message internally.
Personally I just bought the book and studied that, which was sufficient. A lot of the external references were things I'd read at some time in the past anyway.
I can show this post to the education team
Did you use the ISC2 self-paced course for the ISSAP also? I'm struggling to find any material on this.
If you just buy the book and follow the references at the end of each chapter it's perfectly possible to pass the exam. I'd say it took me about 4 days study, but I'd read a lot of the end of chapter references at some time previously. Buying expensive resources won't in itself make you pass the exam, you simply have to learn the material.
I mentioned a similar concern at Blackhat when I stopped by the (ISC)2 booth. Concentrations' CBKs all are archaic and in desperate need of revision. I want to consider a Concentration, but a $2600 investment isn't worth it. I'd rather buy a CBK, read it, and only after reading a modern CBK would I consider further investment.
CBKs are outdated and embarrassing.
Andrew L. Kahn, CISSP, CCSP
Yet the organisation is sitting on about 70 Million that could be leveraged to produce decent material.