Recertification
After acquiring the CISSP-ISSAP certification, you must recertify it every three years in order to keep up with the developments that take place in the IT sector. And to do so you have to gather 20 CPE (Continuing Professional Education) credits every year.
ISC2 ISSAP Exam Syllabus Topics:
| Topic | Details |
|---|---|
Architect for Governance, Compliance and Risk Management - 17% | |
| Determine legal, regulatory, organizational and industry requirements | - Determine applicable information security standards and guidelines - Identify third-party and contractual obligations (e.g., supply chain, outsourcing, partners) - Determine applicable sensitive/personal data standards, guidelines and privacy regulations - Design for auditability (e.g., determine regulatory, legislative, forensic requirements, segregation, high assurance systems) - Coordinate with external entities (e.g., law enforcement, public relations, independent assessor) |
| Manage Risk | - Identify and classify risks - Assess risk - Recommend risk treatment (e.g., mitigate, transfer, accept, avoid) - Risk monitoring and reporting |
Security Architecture Modeling - 15% | |
| Identify security architecture approach | - Types and scope (e.g., enterprise, network, Service-Oriented Architecture (SOA), cloud, Internet of Things (IoT), Industrial Control Systems (ICS)/Supervisory Control and Data Acquisition (SCADA)) - Frameworks (e.g., Sherwood Applied Business Security Architecture (SABSA), Service-Oriented Modeling Framework (SOMF)) - Reference architectures and blueprints - Security configuration (e.g., baselines, benchmarks, profiles) - Network configuration (e.g., physical, logical, high availability, segmentation, zones) |
| Verify and validate design (e.g., Functional Acceptance Testing (FAT), regression) | - Validate results of threat modeling (e.g., threat vectors, impact, probability) - Identify gaps and alternative solutions - Independent Verification and Validation (IV&V) (e.g., tabletop exercises, modeling and simulation, manual review of functions) |
Infrastructure Security Architecture - 21% | |
| Develop infrastructure security requirements | - On-premise, cloud-based, hybrid - Internet of Things (IoT), zero trust |
| Design defense-in-depth architecture | - Management networks - Industrial Control Systems (ICS) security - Network security - Operating systems (OS) security - Database security - Container security - Cloud workload security - Firmware security - User security awareness considerations |
| Secure shared services (e.g., wireless, e-mail, Voice over Internet Protocol (VoIP), Unified Communications (UC), Domain Name System (DNS), Network Time Protocol (NTP)) | |
| Integrate technical security controls | - Design boundary protection (e.g., firewalls, Virtual Private Network (VPN), airgaps, software defined perimeters, wireless, cloud-native) - Secure device management (e.g., Bring Your Own Device (BYOD), mobile, server, endpoint, cloud instance, storage) |
| Design and integrate infrastructure monitoring | - Network visibility (e.g., sensor placement, time reconciliation, span of control, record compatibility) - Active/Passive collection solutions (e.g., span port, port mirroring, tap, inline, flow logs) - Security analytics (e.g., Security Information and Event Management (SIEM), log collection, machine learning, User Behavior Analytics (UBA)) |
| Design infrastructure cryptographic solutions | - Determine cryptographic design considerations and constraints - Determine cryptographic implementation (e.g., in-transit, in-use, at-rest) - Plan key management lifecycle (e.g., generation, storage, distribution) |
| Design secure network and communication infrastructure (e.g., Virtual Private Network (VPN), Internet Protocol Security (IPsec), Transport Layer Security (TLS)) | |
| Evaluate physical and environmental security requirements | - Map physical security requirements to organizational needs (e.g., perimeter protection and internal zoning, fire suppression) - Validate physical security controls |
Identity and Access Management (IAM) Architecture - 16% | |
| Design identity management and lifecycle | - Establish and verify identity - Assign identifiers (e.g., to users, services, processes, devices) - Identity provisioning and de-provisioning - Define trust relationships (e.g., federated, standalone) - Define authentication methods (e.g., Multi-Factor Authentication (MFA), risk-based, location-based, knowledge-based, object-based, characteristics-based) - Authentication protocols and technologies (e.g., Security Assertion Markup Language (SAML), Remote Authentication Dial-In User Service (RADIUS), Kerberos) |
| Design access control management and lifecycle | - Access control concepts and principles (e.g., discretionary/mandatory, segregation/Separation of Duties (SoD), least privilege) - Access control configurations (e.g., physical, logical, administrative) - Authorization process and workflow (e.g., governance, issuance, periodic review, revocation) - Roles, rights, and responsibilities related to system, application, and data access control (e.g., groups, Digital Rights Management (DRM), trust relationships) - Management of privileged accounts - Authorization (e.g., Single Sign-On (SSO), rule-based, role-based, attribute- based) |
| Design identity and access solutions | - Access control protocols and technologies (e.g., eXtensible Access Control Markup Language (XACML), Lightweight Directory Access Protocol (LDAP)) - Credential management technologies (e.g., password management, certificates, smart cards) - Centralized Identity and Access Management (IAM) architecture (e.g., cloud-based, on-premise, hybrid) - Decentralized Identity and Access Management (IAM) architecture (e.g., cloud-based, on-premise, hybrid) - Privileged Access Management (PAM) implementation (for users with elevated privileges - Accounting (e.g., logging, tracking, auditing) |
Architect for Application Security - 13% | |
| Integrate Software Development Life Cycle (SDLC) with application security architecture (e.g., Requirements Traceability Matrix (RTM), security architecture documentation, secure coding) | - Assess code review methodology (e.g., dynamic, manual, static) - Assess the need for application protection (e.g., Web Application Firewall (WAF), anti-malware, secure Application Programming Interface (API), secure Security Assertion Markup Language (SAML)) - Determine encryption requirements (e.g., at-rest, in-transit, in-use) - Assess the need for secure communications between applications and databases or other endpoints - Leverage secure code repository |
| Determine application security capability requirements and strategy (e.g., open source, Cloud Service Providers (CSP), Software as a Service (SaaS)/Infrastructure as a Service (IaaS)/ Platform as a Service (PaaS) environments) | - Review security of applications (e.g., custom, Commercial Off-the-Shelf (COTS), in-house, cloud) - Determine application cryptographic solutions (e.g., cryptographic Application Programming Interface (API), Pseudo Random Number Generator (PRNG), key management) - Evaluate applicability of security controls for system components (e.g., mobile and web client applications; proxy, application, and database services) |
| Identify common proactive controls for applications (e.g., Open Web Application Security Project (OWASP)) | |
Security Operations Architecture - 18% | |
| Gather security operations requirements (e.g., legal, compliance, organizational, and business requirements) | |
| Design information security monitoring (e.g., Security Information and Event Management (SIEM), insider threat, threat intelligence, user behavior analytics, Incident Response (IR) procedures) | - Detection and analysis - Proactive and automated security monitoring and remediation (e.g., vulnerability management, compliance audit, penetration testing) |
| Design Business Continuity (BC) and resiliency solutions | - Incorporate Business Impact Analysis (BIA) - Determine recovery and survivability strategy - Identify continuity and availability solutions (e.g., cold, warm, hot, cloud backup) - Define processing agreement requirements (e.g., provider, reciprocal, mutual, cloud, virtualization) - Establish Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) - Design secure contingency communication for operations (e.g., backup communication channels, Out-of-Band (OOB)) |
| Validate Business Continuity Plan (BCP)/Disaster Recovery Plan (DRP) architecture | |
| Design Incident Response (IR) management | - Preparation (e.g., communication plan, Incident Response Plan (IRP), training) - Identification - Containment - Eradication - Recovery - Review lessons learned |
All we know an attractive certification will help you to find a decent job and get a promotion, such as CISSP-ISSAP. CISSP-ISSAP test dump is a kind of certification that you can improve yourself and help you to stand out from other people. If you pass CISSP-ISSAP test dump you will have a good reputation and considerable salary and make friends with different successful men in the bright future. CISSP Concentrations certification can be used in different IT Company and it will be your access to the IT elites. But you may find that the CISSP-ISSAP test dump is difficult for you. You need much time to prepare and the cost of the CISSP-ISSAP test dump is high, you wonder it will be a great loss for you when fail the exam. It will be bad thing. Our TestsDumps will help you to reduce the loss and save the money and time for you.
TestsDumps is a one of the ISC exam questions providers of CISSP-ISSAP test dump in the IT industry that ensure you to pass the CISSP-ISSAP test almostly 100%. We have experienced and professional IT experts to create the latest CISSP-ISSAP test dump and ISC CISSP-ISSAP study guide dump which is approach to the real exam questions. We will provide you the accurate CISSP-ISSAP test dump questions and CISSP-ISSAP practice dump which attach the correct answers and detailed explanation and analysis. You just need to take 20-30 hours to learn the CISSP-ISSAP test CISSP-ISSAP - Information Systems Security Architecture Professional dump questions and know it skillfully; you will pass the exam easily. If you get any problems and doubts about CISSP-ISSAP test dump questions you can contact our customer service freely and they will solve the problems.
You can download the free demo of CISSP-ISSAP test dumps questions before you buy, and you have the right to one-year free update the CISSP-ISSAP test dump questions after you pay. And there are three versions for you choose. The PDF version of CISSP-ISSAP test dump questions means that you can print it out and practice it on the paper, it is very convenient for people who are not available to the computer. For software version, the most advantage is that you can stimulate the real CISSP-ISSAP test dumps scene, you can practice the CISSP-ISSAP test dump like the real test and limit your test time so that you can know your shortcoming and improve your ability. But you can only use the software version on the computer. The third version is On-line APP, the function of On-line CISSP-ISSAP (CISSP-ISSAP - Information Systems Security Architecture Professional) test dump is same as the software version, the difference between the two versions is that On-line APP can use be all electronic products, such as: iPad, iWatch but the CISSP-ISSAP test dump of software version is only used in the computer. So you can choose your best version according to your studying habits.
Our website offers 24/7 customer service assisting to you, in case you may get some problems in the course of learning CISSP-ISSAP test dump. And we adheres the principle of No help, Full refund, and you can get your money back when you fail the CISSP-ISSAP test dump.
After purchase, Instant Download: Upon successful payment, Our systems will automatically send the product you have purchased to your mailbox by email. (If not received within 12 hours, please contact us. Note: don't forget to check your spam.)
Amos 
Joshua 
Porter 
Murphy 
Roy 
Sidney 
Ellis 
Gavin 
Benson 
Hayden 
Quintina 
Omar 
Stephanie 
Justin 
Dominic 
King 
Marsh 
