ISC2 Information Systems Security Architecture Professional® (ISSAP)
Training including examination and certification
.svg)
Machine Learning Engineer
1. Governance, Risk, and Compliance (GRC)
Strategic integration of security architecture within the organization: governance models, risk analysis, regulatory requirements, and the derivation of security architectures from business objectives.
2. Security Architecture Modeling
Methods and frameworks for developing security architectures: architectural principles, reference models, threat modeling, and the structured translation of requirements into scalable security designs.
3. Infrastructure Security Architecture
Designing secure IT infrastructures across all levels—from networks, the cloud, and platforms to zero-trust approaches and resilient system architectures.
4. Identity and Access Management (IAM) Architecture
Architecture of identity and access models: federation, identity lifecycle, privileged access, zero trust, and integration of IAM into enterprise-wide security architectures.
Requirements:
To earn ISSAP® certification, you need a valid CISSP® certification and at least two years of cumulative full-time professional experience in one or more of the four domains of the current ISSAP® exam syllabus.
Alternatively, the following applies:
You have at least seven years of cumulative full-time professional experience in two or more areas of the current ISSAP® exam syllabus. A bachelor’s or master’s degree in computer science, information technology, or a related field, as well as an additional ISC2-recognized certification, can each substitute for one year of the required professional experience. Part-time employment and internships may also be counted toward this requirement.
- Learn how security architectures are derived from and guided by business objectives, governance requirements, and regulatory standards (e.g., ISO 27001, NIST)
- Applying architectural and risk management methods to assess threats and develop risk-based security solutions
- Designing and modeling scalable security architectures using reference models, frameworks, and threat modeling
- Designing secure infrastructure architectures (cloud, network, platforms) with a focus on zero trust, resilience, and defense in depth
- Implementation of comprehensive IAM architectures, including federation, privileged access, and identity lifecycle management
- Analyzing and evaluating architectural decisions in terms of security, business fit, and long-term scalability
- Integrating security requirements into enterprise architectures and coordinating with stakeholders and IT stakeholders
- Prepare for ISSAP® certification through practical architecture cases, scenarios, and exam-relevant questions
This course consists of antraining is led by an instructor who provides live guidance to participants. Theory and practice are taught through live demonstrations and hands-on exercises. The course uses the video conferencing software Zoom.
Exam format
- Exam duration: 3 hours
- Number of questions: 125
- Format: Multiple choice & advanced question types
- Pass rate: 70% (700 out of 1,000 points)
- Language: English
- Exam Content: The 4 Domains
- Domain 1: Governance, Risk, and Compliance (GRC) – 21%
- Domain 2: Security Architecture Modeling – 22%
- Domain 3: Infrastructure Security Architecture – 32%
- Domain 4: Identity and Access Management (IAM) Architecture – 25%
Applying for Certification
Once you have passed the ISSAP® exam, you can apply for the official ISC² certificate. To do so, you must sign the ISC² Code of Ethics, and your professional experience must be verified by an actively certified ISC² professional. Certification must be completed within nine months of the exam date. If you are unable to find a suitable person, ISC2 will assist you in validating your application.
Recertification
The ISSAP® certificate is valid for three years. To maintain your certification, you must continuously earn Continuing Professional Education (CPE) credits and pay the Annual Maintenance Fee (AMF) to ISC2. This ensures that your expertise remains up to date and your status as a Certified Professional remains active.
The ISSAP® certification is ideal for you if you already have extensive security experience and want to take the next step toward architecture and strategic responsibility. It is particularly relevant for:
Leaders
As a CISO, Head of Security, or IT Strategist, you develop security architectures that support business objectives, manage risks, and meet governance requirements.
Architects
As a security, enterprise, or cloud architect, you will deepen your ability to design holistic security architectures and build complex systems that are secure and scalable.
Senior Engineers
As an experienced security engineer or technical , you’ll transition from an implementation-focused role to an architectural one and learn to make design decisions at the strategic level.
consultants
As a security consultant or advisor, you will build your expertise in helping organizations develop and evaluate security architectures and make risk-based decisions.
.svg)
