April is Volunteer Appreciation Month! We want to thank all of our
volunteers for all the hard work they do! Join us in celebrating!
Showing results for 
Search instead for 
Did you mean: 

CISSP-ISSAP Members: Your Feedback is Requested

Showing results for 
Search instead for 
Did you mean: 

CISSP-ISSAP Members: Your Feedback is Requested

Re: CISSP-ISSAP Members: Your Feedback is Requested

Newcomer III

AP-logo-square.png(ISC)² regularly conducts Job Task Analysis (JTA) studies to review and update the content outline of its credentialing examinations. A JTA is the methodical process used to determine tasks that are performed by credential holders and knowledge and skills required to perform those tasks successfully. Results of the JTA study link a candidate’s examination score directly to the domain knowledge being tested.


A JTA Study Workshop for CISSP-ISSAP has tentatively been scheduled toward the end of March 2019. In preparation for the upcoming study, we would like to hear from our CISSP-ISSAP members. Please comment on any new content and emerging concepts or technology in the security architecture field that needs to be covered by the CISSP-ISSAP exam. This is your opportunity to shape the content of the CISSP-ISSAP exam! Thank you in advance for taking the time to share your feedback and experiences – it will help us ensure the CISSP-ISSAP continues to meet the needs of an ever-evolving security architecture profession.


You can find a copy of the current CISSP- ISSAP Exam Outline online. (ISC)² would appreciate you reviewing this Outline and answering the following questions:


Do you believe that current CISSP-ISSAP exam outline covers all the appropriate domains of the security architecture profession? Are there any domains missing or better covered elsewhere?


If not, what sort of topics and domains must be added to the exam content outline so that the Exam Outline reflects the changing face of security architecture?


Also, please let us know if any important content (tasks, knowledge, and skills) are not covered by the current CISSP-ISSAP Outline. Send your comments to us at Your comments will be compiled and presented to the JTA Committee for further review.


Thank you for your invaluable insights and help!

1 Comment
Community Champion

From my experience:  Without clashing with the CCSP, Cloud Computing and Virtual environments - in particular Software Defined Networks (SDNs), Network Functional Virtualisation (NFV), Microservices, all of which have a need for a very good understanding of Component Modelling, and Operational Modelling, which is increasingly becoming more complex and problematic.   Especially, as you come into the realm of containers, Kubernetes or Docker environments.   All of which have a strong need for very good network engineering and communications skills.  


As an Architectural Thinking instructor, these areas are becoming tied to Cloud Architects, but I often find, they tend to think in terms of services, APIs, without fully understanding the Application Security aspects and virtualisation environment implications. 


Ensuring Cloud Architects, don't merely skip over the components, without realising the risk management implications - the same principles apply to solution design whether it is a enterprise security, or solution design life cycle or application security level.    They are folding into each other very rapidly with the technological advances.


An obvious missing one is Internet of Things (IoT) and Industrial Internet of Things (IIoT), risk management, design, and intrinsic implications, as often they have the same principles and characteristics of major network systems but at miniature or embedded firmware level.    There are major security examples of what goes wrong in the Healthcare environment i.e. Medical Devices, and Internet Service Providers.  Many of these issues stem from the lack of mandatory legislation within the supply chain itself.


Open Source software, obviously related to the CSSLP, but there needs to a very full understanding of the implications within security architectures, across the board from Enterprise through to IoT, Cloud Computing and virtualisation environments.


Other areas the convergence of Privacy by Design and Security by Design; Design Thinking; major implications of developing situations around this area ongoing. 


Blockchain, Quantum Computing and the effects of replacing current public cryptographic algorithms and their implications.


I am sure others can think of others to add.


Having thought about it further, Integration between the different disciplines is crucial - only now have I recently seen a digital badge raised to ensure that all security practitioners follow a set of disciplined criteria through out the entire lifecycle, regardless of which methodology they apply.   One of the key area's is security testing within the Solution Design Lifecycle and how to inject security testing into the Agile sprints and create a backlog to ensure that any issues are resolved.  In some cases automation and Artificial Intelligence (Augmented Intelligence) rather with Machine Learning is applied to pick out patterns as the complexity of identify threats and related vulnerabilities and best practices become paramount, especially with the drive to get the solution out of the door, at least cost without due regard to the consequences and the associated implications.