Course
digicode: ISSAP
ISC2 Information Systems Security Architecture Professional® (ISSAP®)
Course facts
Download as PDF- Learning how security architectures are derived from and guided by business objectives, governance requirements, and regulatory standards (e.g., ISO 27001, NIST)
- Applying architecture and risk management methods to assess threats and develop risk-based security solutions
- Designing and modelling scalable security architectures using reference models, frameworks, and threat modeling
- Designing secure infrastructure architectures (cloud, network, platforms) taking into account zero trust, resilience, and defense-in-depth
- Implementing holistic IAM architectures, including federation, privileged access, and identity lifecycle management
- Analyzing and evaluating architectural decisions in terms of security, business fit, and long-term scalability
- Integrating security requirements into enterprise architectures and coordinating with business and IT stakeholders
- Preparing for ISSAP® certification through practical architecture cases, scenarios, and exam-relevant questions
1 Governance, Risk, and Compliance (GRC)
Strategic integration of security architecture within the organization: governance models, risk analysis, regulatory requirements, and the derivation of security architectures from business objectives.
2 Security Architecture Modeling
Methods and frameworks for developing security architectures: architectural principles, reference models, threat modeling, and the structured translation of requirements into scalable security designs.
3 Infrastructure Security Architecture
Designing secure IT infrastructures across all levels—from networks, cloud, and platforms to zero-trust approaches and resilient system architectures.
4 Identity and Access Management (IAM) Architecture
Architecture of identity and access models: federation, identity lifecycle, privileged access, zero trust, and integration of IAM into enterprise-wide security architectures.
The ISSAP® certification is ideal for you if you already have extensive security experience and want to take the next step toward architecture and strategic responsibility. It is particularly relevant for:
Executives
As a CISO, Head of Security, or IT strategist, you develop security architectures that support business objectives, manage risks, and meet governance requirements.
Architects
As a security, enterprise, or cloud architect, you deepen your ability to design holistic security architectures and build complex systems that are secure and scalable.
Senior Engineers
As an experienced security engineer or technical lead, you evolve from an implementer to an architectural authority and learn to make design decisions at a strategic level.
Consultants
As a security consultant or advisor, you will strengthen your expertise in supporting organizations with the development and evaluation of security architectures, as well as with risk-based decision-making.
To obtain ISSAP® certification, you need a valid CISSP® certification as well as at least two years of cumulative full-time professional experience in one or more of the four domains of the current ISSAP® exam syllabus.
Alternatively:
You have at least seven years of cumulative full-time professional experience in two or more areas of the current ISSAP® exam syllabus. A bachelor’s or master’s degree in computer science, information technology, or a related field, as well as an additional certification recognized by ISC2, can each substitute for one year of the required professional experience. Part-time employment and internships can also be counted toward this requirement.
Exam format
- Exam duration: 3 hours
- Number of questions: 125
- Format: Multiple choice & advanced question types
- Pass rate: 70% (700/1000 points)
- Language: English
- Exam content: The 4 domains
- Domain 1: Governance, Risk and Compliance (GRC) - 21%
- Domain 2: Security Architecture Modeling – 22%
- Domain 3: Infrastructure Security Architecture – 32%
- Domain 4: Identity and Access Management (IAM) Architecture – 25%
Applying for certification
Once you have passed the ISSAP® exam, you can apply for the official ISC2 certificate. To do so, you must sign the ISC2 Code of Ethics, and your professional experience must be verified by an actively certified ISC2 professional. Certification must be completed within nine months of the exam date. If you are unable to find a suitable person, ISC2 will assist you in validating your application.
Recertification
The ISSAP® certification is valid for three years. To maintain your certification, you must provide proof of continuing professional education (CPE) and pay the annual maintenance fee (AMF) to ISC2. This ensures that your expertise remains up to date and your status as a Certified Professional remains active.