Certified Information Systems Security Architecture Professional

CISSP-ISSAP

The Certified Information Systems Security Architecture Professional (CISSP-ISSAP) certification is an advanced-level credential for information security professionals who specialize in information security architecture.

Focus

The Certified Information Systems Security Architecture Professional certification focuses on Information Security Architecture

Exam Duration

The Certified Information Systems Security Architecture Professional exam duration is 3 hours

Num of Question

The exam contains a total of 100

Exam Fee

The exam fee is $699 (ISC2 members), $899 (non-members).

Exam Validity

The CCRN-Pediatric certification is valid for 3 years.

Prior Certification

• CISSP-ISSAP is a prerequisite for the CISSP-ISSAP CASP+ transition path.

Exam Format

The Certified Information Systems Security Architecture Professional exam is a Proctored, multiple-choice question exam

Passing Conditions

To pass Certified Information Systems Security Architecture Professional exam, applicants must achieve a minimum score of 250 marks or more out of 500 (50%)

Who Should Take

Information security professionals who specialize in information security architecture, security architects, and security leaders.

• Security Architect
• Chief Information Security Officer (CISO)
• Information Security Manager

Prerequisites

At least 5 years of paid full-time work experience in 2 or more of the 8 domains of the CISSP-ISSAP CBK, 3 years can be waived if candidate has a 4-year college degree or regional credentials

Or can substitute with certifications:

• Passing the (ISC)² IA Strategy and Enterprise Architecture (IASEA) course
• Hold a degree in a related field (information assurance, computer science, business administration)

Certification Process

• Register for the exam through ISC2 website or Pearson VUE
• Apply for certification through ISC2 certification portal
• Complete the required experience and education requirements, if any
• Pass the exam by obtaining a minimum of 50%
• Submit the certification application and fees to ISC2

Domains with Weights

• Security and Risk Management (13%): Domain that focuses on the development of a comprehensive security strategy that addresses security management, risk management, and IT governance. The successful candidate will be able to identify and mitigate risks, ensure compliance with relevant laws and regulations, and establish a robust security governance framework.
• Assets Security (10%): Domain that deals with the classification, protection, and control of assets within an organization. The successful candidate will be able to identify, classify, and protect assets, establish asset management practices, and implement access controls.
• Security Architecture and Engineering (17%): Domain that focuses on the design and implementation of secure architectures, including the selection and implementation of security controls, and the integration of security into the enterprise architecture. The successful candidate will be able to design and implement secure architectures, identify and mitigate vulnerabilities, and establish a robust security engineering framework.
• Communication and Network Security (17%): Domain that deals with the security of communication and network infrastructure, including the selection and implementation of security controls, and the establishment of a robust communication and network security framework. The successful candidate will be able to design and implement secure communication and network infrastructure, identify and mitigate vulnerabilities, and establish a robust communication and network security framework.
• Identity and Access Management (IAM) (10%): Domain that focuses on the management of identities and access within an organization, including the control of access to systems, data, and applications. The successful candidate will be able to design and implement IAM systems, manage access controls, and establish a robust IAM framework.
• Incident Management (13%): Domain that deals with the management of security incidents, including the identification, containment, eradication, recovery, and post-incident activities. The successful candidate will be able to design and implement incident response plans, manage security incidents, and establish a robust incident management framework.
• Research and Development (10%): Domain that focuses on the identification and implementation of emerging technologies and trends, including the development of security solutions to address these emerging technologies and trends. The successful candidate will be able to identify and evaluate emerging technologies and trends, develop security solutions, and establish a robust R&D framework.
• Cryptography (10%): Domain that deals with the selection and implementation of cryptographic controls, including encryption, decryption, and digital signatures. The successful candidate will be able to select and implement cryptographic controls, manage cryptographic keys, and establish a robust cryptography framework.