The ISSAP Certification is defined by (ISC)2 as the CISSP concentration area that is designed to denote competence and expertise in information security architecture, telecommunications, preservation of business operations, and related security issues.
To qualify for and obtain the ISSAP certification, the candidate must possess the CISSP credential, sit for and pass the ISSAP examination, and maintain the ISSAP credential in good standing.
The ISSAP examination is similar in format to that of the CISSP examination. The questions are multiple choice, with the examinee being asked to select the best answer of four possible answers. The examination comprises 150 questions, 25 of which are experimental questions that are not counted. The candidate is allotted three hours to complete the examination.
The CISSP Architecture Concentration validates detailed, extensive knowledge in the following areas of the CBK:
The key concepts that ISSAP candidates need to understand in these domains are summarized and reviewed in this appendix and in chapters in the text. Most of the information required by ISSAP is already covered in the CISSP. The difference is that ISSAP concentrates on five domain-related areas and goes into a little more detail.
If you did well on your CISSP exam, you will probably do well on the ISSAP too. Go through this book, concentrating on the five ISSAP domain areas discussed in the following sections. We’ve listed the domain areas here with referrals to the related chapter information. We’ve also included a little more information on design requirements analysis, and included some questions at the end of this appendix.
This material is reviewed in Chapter 2.
This material is reviewed in Chapter 3.
This material is reviewed in Chapter 4.
Requirements analysis provides the necessary and sufficient information for the correct design and valid implementation of a system. This process should address both the functional and security requirements of the system.
In general, requirements comprise the following types of information:
Requirements are critical components in verifying that the system meets specifications and validating that the completed system performs as expected in the real world.
As in any endeavor, problems will occur in the requirements analysis process. The two major categories of problems are “essence” problems and accidents. Essence problems refer to the inability to meet essential system requirements. Usually, these problems are not easily solvable, but are handled through techniques such as requirements reviews, proving system properties, knowledge-based methods, and rapid prototyping. Accidents are not inherently related to requirements but are the result of adopting a particular design and implementation approach.
System and security design architectures are the primary high level design processes and are concerned with major system components, functionality, structure, and their interactions. The design architecture derives from the system specifications, but in some instances the design structure must be different from some of the requirements in order to meet real-world operational, time, and cost constraints. The design architecture should include verified design specifications, requirements traceability, control structures, data structures, initial test specifications, initial users’ and operations manuals, and main headings of a maintenance manual. In addition, some unquantifiable elements have to be considered, including ease of use, reliability, reusability, and maintainability.
There are a number of approaches to developing a design architecture, such as functional, process-driven, or object-oriented decomposition into components and subcomponents.
These concepts are presented in Chapters 1 and 15.
These concepts are presented in Chapter 12.
This material is reviewed in Chapter 8.
This material is reviewed in Chapter 10.
You can find the answers to the following questions in Appendix A.
1. |
Which one of the following is not one of the types of information comprised in requirements?
|
|
2. |
What are the two major problem categories in the requirements analysis process?
|
|
3. |
Which one of the high-level design processes includes verified design specifications, requirements traceability, control structures, and data structures?
|
|
4. |
Which one of the following requirements categories stipulates customer-driven constraints such as hardware and software compatibility issues, operating systems, and protocols?
|
|
5. |
Which one of the following activities is not an approach to developing design architecture?
|
|
6. |
Which one of the following processes provides the necessary and sufficient information for the correct design and valid implementation of a system?
|
|
7. |
The design architecture derives from which one of the following:
|
|
8. |
Requirements analysis addresses which of the following issues?
|
|
9. |
Which one of the following requirements addresses issues such as budget control, delivery schedules, training, and acceptance testing?
|
|
10. |
What is a critical component in verifying and validating the completed system?
|
Answers
1. |
Answer: d The design architecture derives from the system specifications. |
2. |
Answer: a Answers b, c, and d are distracters. |
3. |
Answer: a Answers b, c, and d are distracters. |
4. |
Answer: c The answer is c, by definition. |
5. |
Answer: b Answer b is a made-up distracter. |
6. |
Answer: a Answers b, c, and d are distracters. |
7. |
Answer: d |
8. |
Answer: b |
9. |
Answer: b |
10. |
Answer: a |
Part One - Focused Review of the CISSP Ten Domains
Part Two - The Certification and Accreditation Professional (CAP) Credential