CISSP-ISSAP Domain Refresh FAQ
Why are changes being made to the ISSAP exam?
(ISC)² has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today's practicing software security professionals.
How is the ISSAP exam changing?
The content of the ISSAP has been refreshed to reflect the most pertinent issues that information security professionals currently face, along with the best practices for mitigating those issues. Some topics have been updated while others have been realigned. The result is an exam that most accurately reflects the technical and practical security knowledge that is required for the daily job functions of the information security architecture professional.
As a result of the content refresh, we have updated the domain names to describe the topics accurately.
|Previous ISSAP Domain Names||New ISSAP Domain Names|
|Domain 1: Access Control Systems & Methodology||Domain 1. Identity and Access Management Architecture|
|Domain 2: Communications & Network Security||Domain 2. Security Operations Architecture|
|Domain 3: Cryptography||Domain 3. Infrastructure Security|
|Domain 4: Security Architecture Analysis||Domain 4. Architect for Governance, Compliance, and Risk Management|
|Domain 5: Technology Related Business Continuity Planning (BCP) & Disaster Recovery Planning (DRP)||Domain 5. Security Architecture Modeling|
|Domain 6: Physical Security Considerations||Domain 6. Architect for Application Security|
The weights for the domains are also changing.
|Major Domains||Weightings (Percentage)|
|Domain 1. Identity and Access Management Architecture||19%|
|Domain 2. Security Operations Architecture||17%|
|Domain 3. Infrastructure Security||19%|
|Domain 4. Architect for Governance, Compliance, and Risk Management||16%|
|Domain 5. Security Architecture Modeling||14%|
|Domain 6. Architect for Application Security||15%|
Why do domains for (ISC)² credential exams change?
Domains change because it is a reflection of a change in the knowledge, skills and abilities, as indicated by experts through the Job Task Analysis process.
When will these changes go into effect?
New training courses will be made available September 2018. The Second Edition ISSAP CBK Textbook will not be updated at this time but is still a comprehensive resource that is relevant in preparing for the ISSAP.
In what language will the refreshed ISSAP exam be available?
The refreshed ISSAP exam will be available in English only.
Will this change the number of questions or the time required to take the ISSAP exam?
No. The ISSAP exam will have the same number of questions, and the time required to take the exam will be the same.
If I have been studying for the ISSAP exam with material that focuses on the current domains, will I be sufficiently prepared to take the new exam without additional study?
(ISC)² exams are experience-based that include experience-based questions that cannot be learned by studying alone. If you already have the CISSP, and have the experience in the domains covered in ISSAP and feel like you have sufficiently studied those domains, you should feel confident that you are qualified to take the new exam and pass it. (ISC)² cannot guarantee you will pass the exam.
Do these updates affect the experience requirement for the ISSAP?
No. For the ISSAP, a candidate is required to be a CISSP in good standing, Demonstrate 2 years of cumulative paid full-time professional experience in one or more domains of this concentration, pass the CISSP-ISSAP examination, and maintain the credential in good standing along with the underlying CISSP.
What impact do these changes have on (ISC)² training materials?
New training courses will be made available late June 2018. The Second Edition ISSAP CBK Textbook will not be updated at this time but is still a comprehensive resource that is relevant in preparing for the ISSAP.