Official (ISC)2® Guide to the ISSAP � CBK, Second Edition ((ISC)2 Press)

You looking to find the "Official (ISC)2 � Guide to the ISSAP® CBK, Second Edition ((ISC)2 Press)" Good news! You can purchase Official (ISC)2� Guide to the ISSAP® CBK, Second Edition ((ISC)2 Press) with secure price and compare to view update price on this product. And deals on this product is available only for limited time.

   

Product Description

Candidates for the CISSP-ISSAP professional certification need to not only demonstrate a thorough understanding of the six domains of the ISSAP CBK, but also need to have the ability to apply this in-depth knowledge to develop a detailed security architecture. Supplying an authoritative review of the key concepts and requirements of the ISSAP CBK, the Official (ISC) 2® Guide to the ISSAP ® CBK , Second Edition provides the practical understanding required to implement the latest security protocols to improve productivity, profitability, security, and efficiency. Encompassing all of the knowledge elements needed to create secure architectures, the text covers the six domains: Access Control Systems and Methodology, Communications and Network Security, Cryptology, Security Architecture Analysis, BCP/DRP, and Physical Security Considerations. Newly Enhanced Design – This Guide Has It All! Only guide endorsed by (ISC) 2 Most up-to-date CISSP-ISSAP CBK Evolving terminology and changing requirements for security professionals Practical examples that illustrate how to apply concepts in real-life situations Chapter outlines and objectives Review questions and answers References to free study resources Read It. Study It. Refer to It Often. Build your knowledge and improve your chance of achieving certification the first time around. Endorsed by (ISC) 2 and compiled and reviewed by CISSP-ISSAPs and (ISC) 2 members, this book provides unrivaled preparation for the certification exam and is a reference that will serve you well into your career. Earning your ISSAP is a deserving achievement that gives you a competitive advantage and makes you a member of an elite network of professionals worldwide.

Official (ISC)2� Guide to the ISSAP � CBK, Second Edition ((ISC)2 Press) Review

Three part review below:

1) 2nd ed. vs. 1st ed text comparison. (NOTE - CIB = Candidate Information Bulletin, downloaded 8/13).
2) Opinion on exam prep usefulness, and what I did to actually pass the ISSAP exam.
3) Opinion on usefulness for the Security Architect role. (ISSAP + SABSA = winner).

PART ONE: After purchasing the prior edition and this edition, I'll run through two sections for this review so you can get an idea of text improvements below. Physically speaking - the 2nd edition has much larger font for the majority of the text - but not the tables and figures. Yes, the font got SMALLER in many of the tables and figures (like the attack vectors table). Some of the figures were visually changed - but not the content.
Note - this is a *reference* text designed to provide *essential* coverage of key topics - it will not replace in depth reading. For example - there are several summary / key points pages on the Common Criteria, which is several hundred pages itself as a source doc. Many of the relevant NIST docs are highly summarized as well.

Technical BCP: In particular, the Technical BCP section has expanded/improved (a common criticism of the 1st edition.) There are many footnotes spread throughout the text to augment the text. There is an improved BIA discussion. The BCP section also now includes an "architecture focused" discussion of the domain. One really nice - and useful in real life - section in the 2nd edition is the "walk through of a DR Plan" with emphasis for the Security Architect.

Security Architecture: Based on the ToC, the domain has changed names; content is similar, though (I don't have the prior ISC2 CIB to know). I did notice some additional paragraphs after the `attack vector' table which makes critical points - vector is NOT the same as payload, for example. Some of the attack vectors were also improved, along with a few new ones. The "Common Criteria" support tables discussion has also improved in content, keeping current w/ updates to the CC. The CMM model has improved, along with changes to the figures and expansion of the text. The architectural solutions section has some updated text, but the figure in the 2nd edition (4.6, 4.3 in the 1st) got smaller! The DODAF 2.02 is now current (improved also, assume it had corrections applied - I assume, I've never read the original DODAF). The 1st edition discussed DODAF 2.0.

PART TWO: I've been in the technical security business (engineering, three SIEM implementations, eDiscovery/incident response, policy/procedure, design, architecture) for 10+ years, have taught the CISSP curriculum for SANS, and participated in two update cycles for the ISC2 CISSP material. With all that, here is what I did to pass the exam. If you have breadth and hands on technical depth in your career, TAKE THE EXAM!!!!

A) Read the "Access Control" and "Security Architecture Analysis" sections completely (get their language).
B) Skimmed the Technical BCP section. (like, 15 minutes).
C) Used the 36 page ISSAP mind maps from "expandingsecurity.com". These were a GREAT resource. Use them and this book. Spent hrs. w/ these.
D) Read the Wikipedia articles for CIB topics that weren't in the book ToC (maybe a few hours).
E) Did not read "telecom" and "physical" chapters - I'd skimmed those a while back, when I got the first edition, glanced at the ToC.
Passed exam.

The other thing that REALLY helped was the SABSA Foundation course - many of the thinking/synthesis concepts in that course are highly relevant to the ISSAP discipline (you can see this in the book). I suggest the "Enterprise Security Architecture" blue book as well for your prep.

Will this textbook help you? Sure it will, especially if you are `young in the tooth' when it comes to technical security architecture. It will help you find your weak spots. It aligns with most of the Q2/2013 CIB. It has been refreshed/updated, with more complete CIB coverage. However, if you want 100% coverage of the CIB, you need to look for a few more resources. For example - I could not find "Service Oriented Modeling Framework" or "Supervisory Control And Data Acquisition" in the ToC, the index (on the CIB), or the most likely sections in the text. I double checked, skimmed - not there, as far as I can tell. No comment if these concepts were on the test or not!

PART THREE: As a principle enterprise and security architect of a Fortune 500 healthcare company, I've often wanted to augment my credential set with the ISC2 ISSAP. About two years ago I attended the SABSA course - and while that course and model is the only preparation I've found for the business focused aspects of the "Security Architect" position, the ISSAP, on the other hand, as described in this text, is focused on assessing if someone has breadth and depth in the technical aspects of security architecture. As a consumer of both - the SABSA course and certification and the ISSAP certification - I am happy to have both, although SABSA is more relevant when it comes to working with the business.

Most of the consumer Reviews tell that the "Official (ISC)2 Guide to the ISSAP CBK, Second Edition ((ISC)2 Press)" are high quality item. You can read each testimony from consumers to find out cons and pros from Official (ISC)2 Guide to the ISSAP � CBK, Second Edition ((ISC)2 Press) ...