If you weren't aware, ISC2 carried out a job task analysis a little while back for the ISSAP exam, and this has now resulted in changes to the exam which were recently published and will take effect on 14th October 2020:
A cursory review of the current and new exam outlines shows that the domains might have been reordered and renamed but are effectively the same. However, comparing the tasks/subtasks in each domain shows a number of changes across most domains. This is in stark contrast to the recent CCSP update where the changes seemed superficial - I'd go so far to say this is quite a comprehensive update, certainly in comparison to the CCSP one.
Both ISSAP exam outlines are available here:
As ever questions will arise about updated training material - particularly an updated CBK! We'll have to wait and see on that (I won't be holding my breath), so in the meantime I'd still recommend to look to the suggested reference list for your learning materials:
Regarding the exam, it is experience based (I can confirm). With the right experience you can take the exam without any big issue. The book is a good reference, but remember that the exam is experience-based. I took the old exam (before 14th of October). I am not sure about the new version but I guess it is still experience-based. Hope my point of view helps to others taking under consideration the exam.
The problem with "experience-based" is that it requires you to have experience (or at lest some decent exposure) in every aspect of every domain. Furthermore, there are wildly different approaches to security architecture between organisations, and my experience won't necessarily be the correct answer. CISSP instructors often caution candidates that the question is asking for the CISSP view of things, not the way your company does it.
See, for example, https://community.isc2.org/t5/Exam-Preparation/ISSAP-fail/m-p/18623/highlight/true#M1993
The results of the exam were even more perplexing, the lowest scoring domains are the ones that I have had the most experience in (10+ years) IAM, security architecture. My highest ones were the ones I have relatively little experience (legal/compliance), DR (we have departments that handle a good portion of this).
Here is a link to the updated course -