CISSP ISSAP - My Journey

luisbeeluisbee Junior MemberLondonPosts: 23Member ■■■□□□□□□□
So after a long and hard thoughts, i have committed myself to go for the CISSP ISSAP certification. The idea of going after this cert started way back in 2011 when i passed my CISSP exam, but kept on procrastinating and taking up other certs (CISM / CRISC / ISO 27001 LA).

The reason why am going for this cert other than an uplift on salary terms, there has been a proliferation of roles in the UK which do require candidates with this certification. So i have given myself 4 months to go through the Official ISSAP Guide 2nd edition (already purchased). I have gone through the Access Control bit and am liking it thus far. My other study material which i intend to use along the official guide is the Enterprise Security Architecture by J. Sherwood which having read through the many posts on this forum seems to be another good study guide.

Am hoping that once i have finished with these guides, i will test my self using the CISSP June 2018 practise exams by Sybase (already purchased the paperback) and the practise exam questions from my CISSP studies even it was way back in 2011..

I will be active on this forum and update on my studies and hoping that there are other candidates here in the UK, London who are going for this cert as well.

If there are any additional resources that might be of help, please let me know and i can use them in my studies.


  • luisbeeluisbee Junior Member LondonPosts: 23Member ■■■□□□□□□□
    I have seen a couple of comments and posts to also look into the Bibliography from the Official ISSAP Book. Are these the References at the end of each domain and how useful are these in the the studies?

    Also looked at the Security Engineering book by Ross Anderson and it seems to overwhelm me esp. the Crypto stuff, but will give it a go ahead.

    Please let me know if the References are worth looking into as well.
  • gespensterngespenstern Posts: 1,243Member ■■■■■■■□□□
  • zlykotzlykot Posts: 31Member ■■□□□□□□□□

    Im preparing for ISSAP as well, I found the book to be terrible. The content is very cumbersome to read, very little material per page. In fact I decided to review CISSP CBK for the appropriate material instead as I found it had more detail.

    Im preparing for ISSAP as well, I found the book to be terrible. The content is very cumbersome to read, very little substance. In fact I decided to review CISSP CBK for the appropriate material instead as I found it had more detail.

    Good luck
  • Eagle75799Eagle75799 Posts: 5Member ■■□□□□□□□□
    When I took it, I used the CBK and "Security Engineering" by Ross Anderson as well. That, combined with my experience, was sufficient for me. I found both resources to be helpful. However, if you have the experience that is the main factor in passing.

    Expect a lot of application of security architecture questions (such as when or how you would use a technology, what is the biggest risk to this scenario, etc.) Make sure you know your Common Criteria / EAL levels, you will see a few questions on that. I know I missed the last question on my test because I could not remember the difference between EAL 3 and 4.
  • luisbeeluisbee Junior Member LondonPosts: 23Member ■■■□□□□□□□
    Thanks @Eagle75799 for the heads up.

    Still on Domain 1 - IAM Architecture, and so far its going on well. One quick one though, would there be anyone on this forum with the Blue Book [Enterprise Security Architecture by John Sherwood] who can help me by sharing on Google drive or DM'ing where i can get it. After parting with almost 100 pounds, another 60 quid will be a stretch.

    Please help with the Blue Book. All the other texts i have including the CISSP AIO 7th Edition (8th Edition coming out on the 20th Oct, 201icon_cool.gif.
  • luisbeeluisbee Junior Member LondonPosts: 23Member ■■■□□□□□□□
    Update - so i have been using the ISSAP official guide and have backed up with the CISSP AIO 7th Edition and the various bibliography & references within the ISSAP official guide.

    However, to test myself i have started using my CISSP cccure practise tests as there it seems very little ISSAP practise tests out there except for the ones from Edusum / Exam-Labs / ********* / IT Exam Office which one needs to pay for. Has anyone on this forum paid for these and if these are they very useful in one's preparation or these are just money making schemes.
  • luisbeeluisbee Junior Member LondonPosts: 23Member ■■■□□□□□□□
    End of Oct 2018 update - so i was supposed to be finishing the Domain 1 - Identity & Access Management Architecture by end of Oct but this hasn't been achieved as am halfway through the Official study guide. However, i have taken a different approach where i have been writing my own short notes as i go about my reading and also collating all the reference material from the 2nd edition study guide.

    this week i purchased the CISSP All in One 8th Edition study guide and will use this alongside the ISSAP Study Guide and Security Engineering 1st edition (haven't managed to get the 2nd edition though). Am hoping that by mid-Nov i will have finished Domain 1 and start on Domain 2. I have started practising using the Cccure practise tests and the been doing pretty well.

    So far so good except am behind my scheduled study plan but am not worried as i really want to understand the concept first than finishing the study material. I will be updating in 2/3 weeks time on how i rate Domain 1 and questions that i might have then.

    Till then, its back to icon_study.gif and more icon_study.gif...
  • gespensterngespenstern Posts: 1,243Member ■■■■■■■□□□
    luisbee wrote: »
    Security Engineering 1st edition (haven't managed to get the 2nd edition though).

    2nd edition is available for free from the author:

    I recommend jumping on the 2nd as it contains a whole new very important chapter on social engineering and all the human stuff, plus many small updates making it more relevant in the present day.

    Ross Anderson himself pushes the social engineering problem very hard as of recently and is one of the guys behind the new "Decepticon" conference that is dedicated fully to deception and counter-deception.
  • luisbeeluisbee Junior Member LondonPosts: 23Member ■■■□□□□□□□
    Thanks @gespenstern, am on it downloading all the individual chapters and will be going through the Access Control / Multilevel / Multilateral / Biometrics chapters this week.

    I definitely recommend this study guide as it the author really gets into the weeds and in-depth with some practical examples to back it up.
Sign In or Register to comment.