ISSAP Training — Information Systems Security Architecture Professional
Architect-level security across governance, modeling, infrastructure, and identity — aligned to the 2025 four-domain ISSAP refresh.
A structured training course covering the (ISC)² Information Systems Security Architecture Professional (ISSAP) Common Body of Knowledge, aligned to the 2025 four-domain refresh. Fifty-one lessons across four modules build the practitioner-level architectural judgment the exam and the role demand — from governance, risk, and compliance through security architecture modeling, infrastructure and system security architecture, and identity and access management architecture.
Module 1: Governance, Risk, and Compliance (GRC)
The architect's remit for translating law, regulation, contracts, and business risk into design decisions — and the artifacts that prove it.
- 1 What ISSAP Is 8 min Free preview
- 2 The Security Architect's Mindset 7 min 🔒
- 3 Exam Mechanics and Study Approach 6 min 🔒
- 4 Identifying Legal, Regulatory, and Industry Requirements 9 min 🔒
- 5 Third-Party and Supply Chain Obligations 8 min 🔒
- 6 Privacy Regulations and Sensitive Data Standards 8 min 🔒
- 7 Designing Resilient Solutions 7 min 🔒
- 8 Assets, Business Objectives, and Stakeholder Mapping 7 min 🔒
- 9 Designing Monitoring, Reporting, and Vulnerability Management 8 min 🔒
- 10 Designing for Auditability and Segregation 7 min 🔒
- 11 Risk Assessment Artifacts and Treatment Advisory 8 min 🔒
Module 2: Security Architecture Modeling
The frameworks, threat models, verification techniques, and validation practices that turn business risk into defensible technical design.
- 1 Scope and Types of Security Architecture 7 min 🔒
- 2 TOGAF for Security Architects 8 min 🔒
- 3 SABSA and the Business-Driven Approach 9 min 🔒
- 4 Service-Oriented Modeling and Reference Architectures 6 min 🔒
- 5 STRIDE Threat Modeling 8 min 🔒
- 6 CVSS, EPSS, and Threat Intelligence 6 min 🔒
- 7 Verifying and Validating Designs 7 min 🔒
- 8 Gaps, Alternative Solutions, and Compensating Controls 6 min 🔒
- 9 Tabletop Exercises, Peer Review, and Simulation 6 min 🔒
- 10 Code Review Methodologies 7 min 🔒
- 11 Domain 2 Review — Modeling in Practice 5 min 🔒
Module 3: Infrastructure and System Security Architecture
The largest ISSAP domain: designing the platforms, networks, storage, cloud, OT, and cryptographic infrastructure that carry the enterprise workload.
- 1 Identifying Infrastructure and System Security Requirements 7 min 🔒
- 2 Deployment Models — On-Premises, Cloud, and Hybrid 8 min 🔒
- 3 IT and Operational Technology Considerations 7 min 🔒
- 4 Physical Security — Perimeter, Zoning, and Environmental Controls 6 min 🔒
- 5 Platform Security — Virtualization and Containers 8 min 🔒
- 6 Platform Security — Firmware, OS, and Hardening 7 min 🔒
- 7 Network Security Architecture — Foundations 8 min 🔒
- 8 Network Security Architecture — Advanced Controls 7 min 🔒
- 9 Storage Security Architecture 6 min 🔒
- 10 Data Repository Security — Databases, Warehouses, and Lakes 7 min 🔒
- 11 Cloud Security Architecture in Depth 8 min 🔒
- 12 OT, ICS, and SCADA — Deeper Architectural Patterns 7 min 🔒
- 13 IoT Architecture Security 6 min 🔒
- 14 Endpoint Security — Mobile, BYOD, and EDR 7 min 🔒
- 15 Secure Shared Services and Third-Party Integrations 6 min 🔒
- 16 Infrastructure Monitoring and Content Inspection 7 min 🔒
- 17 Cryptographic Design and Key Management 9 min 🔒
Module 4: Identity and Access Management (IAM) Architecture
The identity fabric that carries every access decision in modern architectures — identity lifecycle, authentication, federation, authorization models, and accounting.
- 1 IAM Architecture Overview and Identity Lifecycle 7 min 🔒
- 2 Establishing and Verifying Identity 6 min 🔒
- 3 Identifier Assignment — Users, Services, and Devices 5 min 🔒
- 4 Provisioning and Deprovisioning — JML Workflows 6 min 🔒
- 5 Identity Management Technologies 6 min 🔒
- 6 Authentication Approaches — Factors, MFA, and Risk-Based 7 min 🔒
- 7 Authentication Protocols — SAML, OIDC, Kerberos, RADIUS 8 min 🔒
- 8 Authentication Control — Policy, LDAP, and Session Management 5 min 🔒
- 9 Trust Relationships and Federation 6 min 🔒
- 10 Authorization Concepts and Models 6 min 🔒
- 11 Authorization Approaches — RBAC, ABAC, PBAC, and Delegation 7 min 🔒
- 12 Identity Accounting — Audit, Compliance, and SIEM Integration 5 min 🔒
