Showing results for 
Show  only  | Search instead for 
Did you mean: 
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Manager

Welcome to the CISSP-ISSAP Study Group

Welcome to the CISSP-ISSAP Certification Study Group. 


This is an open discussion forum for those studying for the CISSP-ISSAP certification.This forum provides an opportunity to connect with others preparing for the exam. Please follow all Community Guidelines regarding usage of this group, including adhering to the exam confidentiality policy. 


View our Community Usage Policies and Guidelines.


Adhere to (ISC)² Exam Confidentiality

  1. Discussing (ISC)² examination items, answers and responses with other individuals is a violation of the (ISC)² Examination Non-Disclosure Agreement that is signed prior to taking an (ISC)² examination. Any posts related to this will be removed, and users found to be in violation may face penalties.
  2. General discussions about exams that do not share specific exam items are permissible. We encourage Community members to help candidates prepare themselves for success and share their own experiences without disclosing any information that could compromise the integrity of the exam process.

ISC2 Community Manager
30 Replies
Viewer II

Does anyone know if there's any movement in terms of books for ISSAP?

This is pretty sad that ISC2 points to 10yr old book and there was no update to it. Things have changed so massively over the past few years.

Newcomer I

Sadly doesn’t seem like there is an update book or material. I have access to the self study course but have yet to start it, also I’m not confident that it will cover all the material required for the exam, it’s disappointing for people who wish to progress their certification
Community Champion

Plenty of people have passed this exam in the absence of an up to date CBK.


It just requires a change to the exam prep method of reading the CBK and then doing a bunch of practice tests (as there aren't any good ones of those either the last time I checked) that many used to pass their CISSP and/or CCSP.


Even if there was an up to date CBK, it would still be recommended to supplement your education and experience using items from the suggested reference list, so my advice would be just to go straight to that.


  1. Review the current exam outline and identify areas where you think you need better knowledge.
  2. Check the ISSAP suggested references looking for any that might help you plug the gaps.

Yes, you'll probably end up having to read more than one reference, but that's just how it goes.


Good luck!


Viewer II

Still, the newest material is from 2017... But it's what we have 🙂
Another question related to the study material, is there any kind of "CISSP-ISSAP Official ISC2 Student Guide", in the same standards as the CISSP and CCSP trainings (for students who have completed official ISC2 training)?

Viewer II

Hi @Kaity and @AndreaMoore


Would you be able to advise the estimated date for the new ISSAP CBK release date if there is anyone working on it? 


Also, will it be possible to purchase a PDF note scripted version of the current Online Training Official (ISC)² CBK Training Seminar for the ISSAP for people who are keen but unable to pay a hefty price of USD 2,669.75 to study for it? I understand that the other online self-paced training from the (ISC)² e.g., for CISSP is around USD 900. Thanks. 



Best Regards,
George Hlaing

Community Manager



I asked for you and we do not have a new ISSAP CBK in the works or a PDF available for the training. 


ISC2 Community Manager
Newcomer I

So I took the test.....


I paid for and took the online ISSAP CBK Course, I purchased the official CBK book, I went through all of the online resources listed as material that they said I should be familiar with for the test, and I even went through any online resource I could find. I took my time and two and half months worth of study.


And.... I failed the test.


Frankly..... I'm PISSED! Cause none of that study prepared me for what I faced on this test. I am not sure what ISC2 plan is for these concentration but in my opinion the training needs a significant overhaul.  

Contributor III

ISC2 should be stressing, particularly in official study materials, that their exams require relevant experience, and that nobody should expect to pass with study alone.

Newcomer I

I wholly disagree that study alone shouldn't be enough. I do believe having working experience would help significantly in your success. As ISC2 states on their site:


  • "Are a life-long learner who craves a new challenge.
  • Want to go beyond the CISSP. You have a competitive spirit and want to stand out from your peers.
  • Want to be seen as a subject matter expert and prove your knowledge in a more focused area.
  • Are looking ahead in your career. The CISSP-ISSAP will help you achieve an even higher level of success.
  • Need this concentration to move into a specific job."

This type of language clearly puts out the notion that those who should be taking this test do not necessarily need this experience you speak of. 


Now before I double down here let me tell you that the content of the CBK course was informative and even the book had plenty of good information but let me repeat "IT DID NOT" prepare you for how the test presented you the information.


I would have expected the Quizes and Post-Course Test to be great resources on how you should be thinking about the information presented you in this course and IMPROVE your chances of SUCCESS and I just can't with confidence tell you that it does that well.


Even if you need experience to get this certification, I have been in IT for 15 years, nine years as an IT Administrator, six as an IT Security Professional, and as an IT Security Professional I have spent three of those as a Cyber Systems Engineer. I honestly don't know how much more experience you would need if that isn't enough.

Community Champion

Tough break man.


As Alec points out the reference sources and exam outline should be consulted for the concentrations, probably more so than the CBK. A lot of these certs I think also get quite esoteric/arcane and the CBK not having been updated for ten years is a bit of a red flag to me, especially with ISC2 pushing it’s training/entry level certs etc. Priorities and focus… but yes the CBK/Curriculum should reflect wat is tested.


On the “Who’s this cert for” blurbs… I’d personally rather go TOGAF/SABSA in this space if I wanted to stand out just as these are really clear, have methodologies, tools and practices built around them. Markitechture from ISC(2) has always been… a bit funny.


DoDD 8570.1 is probably the thing that matters most here, but not American so not sure on the glittering prizes it unlocks.


On the plus side now you know what it’s like you can probably pass on the second writing, and you might seek a mentor to help on technique/areas tested etc.


Goodluck with the retake, or moving on in a different direction.