Infosec’s four-day accelerated Information Systems Security Architecture Professional (ISSAP) Certification Boot Camp focuses on the key role within the information security department that functionally fits between the upper-managerial level and the implementation of the security program. This training is heavily focused on the technical aspects of security architecture and managing security programs.

You will not only learn the nuts and bolts of the security architecture, you will learn the specifics required to successfully pass the challenging ISSAP Certification exam offered by (ISC)². The ISSAP is a key component in the selection process for management-level information security positions.

• Four days of intense ISSAP training
• Infosec proprietary digital courseware
• ISSAP exam voucher
• 90-day access to replays of daily lessons (Flex Pro)
• Curated videos from other top-rated instructors (add-on)
• 100% Satisfaction Guarantee
• Exam Pass Guarantee (Flex Pro)

Some key advantages of Infosec’s ISSAP Boot Camp:

• Real security expertise by Information System Security Engineers with 10 years or more supporting federal government information assurance needs
• Proven expertise in meeting certification candidates needs: we go beyond the ISSAP CBK and get at how to prep and succeed at the exam
• Courseware materials that help clarify the ISSAP process and ensure that you leave knowing how to implement it

This training is intended for security architecture professionals or those needing security architecture training and certification.

The ISSAP certification is a “concentration area” for CISSP holders. Candidates must be a CISSP in good standing and have two years cumulative paid work experience in one or more of the six domains of the CISSP-ISSAP in order to qualify for certification.

The ISSAP certification is a “concentration area” for CISSPs and extends upon the CISSP Common Body of knowledge by focusing on the following areas:

• Identity and access management architecture
• Security operations architecture
• Infrastructure security
• Architect for governance, compliance and risk management
• Security architecture modeling
• Architect for application security

Infosec’s ISSAP courseware materials are always up to date and synchronized with the latest (ISC)² exam objectives. Our industry-leading curriculum and expert instructors have led to the highest pass rates in the industry. More than 93% of Infosec students pass their certification exams on their first attempt.

Domain 1 – Identity and access management architecture

• Identity management and lifecycle design
• Access control management and lifecycle design

Domain 2 – Security operations architecture

• Security operation capability requirements and strategy determination
• Continuous security monitoring design (e.g., SIEM, insider threat, enterprise log management, cybercrime, advanced persistent threat)
• Continuity, availability and recovery solutions design
• Defining security operations (e.g., interoperability, scalability, availability, supportability)
• Physical security controls integration
• Incident management capabilities design
• Secure communications and networks design

Domain 3 – Infrastructure security

• Infrastructure security capability requirements and strategy determination
• Layer 2/3 architecture design (e.g., access control segmentation, out-of-band management, OSI layers)
• Common services security (e.g., wireless, e-mail, VoIP, unified communications)
• Detective, deterrent, preventative and control systems architecture
• Infrastructure monitoring architecture
• Integrated cryptographic solutions design (e.g., public key infrastructure, identity system integration)

Domain 4 – Architect for governance, compliance and risk management

• Government and compliance architecture
• Threat and risk management capabilities design
• Off-site data use and storage security solutions architecture
• Operating environment (e.g., virtualization, cloud computing)

Domain 5 – Security architecture modeling

• Identifying security architecture approach (e.g., reference architectures, build guides, blueprints, patterns)
• Verify and validate design (e.g., POT, FAT, regression)

Domain 6 – Architect for application security

• Application security software development life cycle (SDLC) integration review (e.g., requirements traceability matrix, security architecture documentation, secure coding)
• Application security review (e.g., custom, commercial off-the-shelf, in-house cloud)
• Application security capability requirements and strategy determination (e.g., open source, cloud service providers, SaaS/IaaS providers)
• Application cryptographic solutions design (e.g., cryptographic API selection, PRNG selection, software-based key management)
• Application controls evaluation against existing threats and vulnerabilities
• Application security approaches establishment and determination for all system components (mobile, web and thick client applications; proxy, application and database services)