ISSAP Training

ISSAP Training — Information Systems Security Architecture Professional

Architect-level security across governance, modeling, infrastructure, and identity — aligned to the 2025 four-domain ISSAP refresh.

A structured training course covering the (ISC)² Information Systems Security Architecture Professional (ISSAP) Common Body of Knowledge, aligned to the 2025 four-domain refresh. Fifty-one lessons across four modules build the practitioner-level architectural judgment the exam and the role demand — from governance, risk, and compliance through security architecture modeling, infrastructure and system security architecture, and identity and access management architecture.

Module 1: Governance, Risk, and Compliance (GRC)

The architect's remit for translating law, regulation, contracts, and business risk into design decisions — and the artifacts that prove it.

  • 1 What ISSAP Is 8 min Free preview
  • 2 The Security Architect's Mindset 7 min 🔒
  • 3 Exam Mechanics and Study Approach 6 min 🔒
  • 4 Identifying Legal, Regulatory, and Industry Requirements 9 min 🔒
  • 5 Third-Party and Supply Chain Obligations 8 min 🔒
  • 6 Privacy Regulations and Sensitive Data Standards 8 min 🔒
  • 7 Designing Resilient Solutions 7 min 🔒
  • 8 Assets, Business Objectives, and Stakeholder Mapping 7 min 🔒
  • 9 Designing Monitoring, Reporting, and Vulnerability Management 8 min 🔒
  • 10 Designing for Auditability and Segregation 7 min 🔒
  • 11 Risk Assessment Artifacts and Treatment Advisory 8 min 🔒

Module 2: Security Architecture Modeling

The frameworks, threat models, verification techniques, and validation practices that turn business risk into defensible technical design.

  • 1 Scope and Types of Security Architecture 7 min 🔒
  • 2 TOGAF for Security Architects 8 min 🔒
  • 3 SABSA and the Business-Driven Approach 9 min 🔒
  • 4 Service-Oriented Modeling and Reference Architectures 6 min 🔒
  • 5 STRIDE Threat Modeling 8 min 🔒
  • 6 CVSS, EPSS, and Threat Intelligence 6 min 🔒
  • 7 Verifying and Validating Designs 7 min 🔒
  • 8 Gaps, Alternative Solutions, and Compensating Controls 6 min 🔒
  • 9 Tabletop Exercises, Peer Review, and Simulation 6 min 🔒
  • 10 Code Review Methodologies 7 min 🔒
  • 11 Domain 2 Review — Modeling in Practice 5 min 🔒

Module 3: Infrastructure and System Security Architecture

The largest ISSAP domain: designing the platforms, networks, storage, cloud, OT, and cryptographic infrastructure that carry the enterprise workload.

  • 1 Identifying Infrastructure and System Security Requirements 7 min 🔒
  • 2 Deployment Models — On-Premises, Cloud, and Hybrid 8 min 🔒
  • 3 IT and Operational Technology Considerations 7 min 🔒
  • 4 Physical Security — Perimeter, Zoning, and Environmental Controls 6 min 🔒
  • 5 Platform Security — Virtualization and Containers 8 min 🔒
  • 6 Platform Security — Firmware, OS, and Hardening 7 min 🔒
  • 7 Network Security Architecture — Foundations 8 min 🔒
  • 8 Network Security Architecture — Advanced Controls 7 min 🔒
  • 9 Storage Security Architecture 6 min 🔒
  • 10 Data Repository Security — Databases, Warehouses, and Lakes 7 min 🔒
  • 11 Cloud Security Architecture in Depth 8 min 🔒
  • 12 OT, ICS, and SCADA — Deeper Architectural Patterns 7 min 🔒
  • 13 IoT Architecture Security 6 min 🔒
  • 14 Endpoint Security — Mobile, BYOD, and EDR 7 min 🔒
  • 15 Secure Shared Services and Third-Party Integrations 6 min 🔒
  • 16 Infrastructure Monitoring and Content Inspection 7 min 🔒
  • 17 Cryptographic Design and Key Management 9 min 🔒

Module 4: Identity and Access Management (IAM) Architecture

The identity fabric that carries every access decision in modern architectures — identity lifecycle, authentication, federation, authorization models, and accounting.

  • 1 IAM Architecture Overview and Identity Lifecycle 7 min 🔒
  • 2 Establishing and Verifying Identity 6 min 🔒
  • 3 Identifier Assignment — Users, Services, and Devices 5 min 🔒
  • 4 Provisioning and Deprovisioning — JML Workflows 6 min 🔒
  • 5 Identity Management Technologies 6 min 🔒
  • 6 Authentication Approaches — Factors, MFA, and Risk-Based 7 min 🔒
  • 7 Authentication Protocols — SAML, OIDC, Kerberos, RADIUS 8 min 🔒
  • 8 Authentication Control — Policy, LDAP, and Session Management 5 min 🔒
  • 9 Trust Relationships and Federation 6 min 🔒
  • 10 Authorization Concepts and Models 6 min 🔒
  • 11 Authorization Approaches — RBAC, ABAC, PBAC, and Delegation 7 min 🔒
  • 12 Identity Accounting — Audit, Compliance, and SIEM Integration 5 min 🔒