ISSAP Domain 2:2.2: Verify and Validate Design
“Design is not just what it looks like and feels like. Design is how it works.” — Steve Jobs.
In the world of cybersecurity, how it works determines how secure it truly is. And no matter how elegant your architecture looks on paper, it is only as effective as its verified, validated implementation.
Enter ISSAP Domain 2.2: Verify and Validate Design; an essential skillset for every modern Security Architect and a high-value focus area for ISSAP certification aspirants.
In this guide, we will cover everything: threat modeling, regression testing, Functional Acceptance Testing (FAT), gap analysis, validation methods, and how to align your security design with real-world reliability.
Why Verification and Validation Matter More Than Ever?
According to a 2024 ENISA report, 70% of security flaws in deployed systems were due to poor validation of security design during development. As attack surfaces grow (thanks to cloud, APIs, and third-party integrations), the need to verify and validate the resilience of every system becomes critical.
What Does “Verify and Validate Design” Really Mean?
- Verification: Are we building the system right?
This checks whether the system design and implementation align with documented requirements.
- Validation: Are we building the right system?
This ensures the architecture actually meets business objectives, threat resilience, and operational usability.
Together, they ensure your security solution is complete, functional, and defensible.
Step 1: Start with the Threat Model
Think like an attacker before you build like a defender.
Before you can verify or validate anything, you need to know what you are defending against.
Key Threat Modeling Questions:
- What could go wrong?
- How might an attacker exploit this system?
- What’s the impact if they do?
- What controls are in place, and are they enough?
Example: If your web application accepts file uploads, you must validate that it checks for malware, file type restrictions, and access permissions.
This process should be continuous and updated every time the system changes.
Exam Tip: Understand how to evaluate whether a threat model is complete and covers environmental, technical, and business-specific threats.
Step 2: Proof of Technology & Control Validation
Once you define your risks and controls, it is time to test them.
1. Proof of Technology (PoT)
Verify that each new technology performs its intended function securely and reliably under real-world conditions.
This often involves:
- Vendor documentation reviews
- Pilot testing
- Simulation environments
2. Validation of Security Controls
Are controls operating as expected?
| Area | What to Check |
| Met? | Are the controls present and configured? |
| Implemented Correctly? | Do they follow best practices? |
| Functioning as Intended? | Do they block/allow what they should? |
| Producing the Right Outcomes? | Are alerts accurate? Are threats prevented? |
3. Step 3: Functional Acceptance Testing (FAT)
FAT = Did we build what the users and stakeholders actually needed?
This is often called User Acceptance Testing (UAT) in software, but from a security architecture standpoint, FAT means validating that functional security requirements, like authentication, authorization, logging, or secure communications, are correctly implemented.
Example Scenarios:
- Can only authorized users access sensitive data?
- Is MFA working across platforms?
- Are audit logs immutable and correctly timestamped?
Only after a successful FAT should a system be moved into production.
Exam Tip: Know the difference between FAT (user-functionality focused) and regression testing (change-impact focused).
4. Step 4: Regression Testing
“Regression” is what you do not want; previously fixed issues reappearing.
Whenever a system is updated, regression testing ensures that:
- Past bugs haven’t come back
- Existing features still work as intended
- New features don’t break older functionality
Real-World Relevance: A firewall update might open unintended ports or disable IDS logging. Without regression testing, you would not know until attackers do.
5. Step 5: Gap Analysis & Alternate Solutions
No design is perfect. That is why gap analysis exists.
Gap analysis = Where we are vs. where we should be.
You identify:
- Missing controls
- Poorly implemented features
- Unmet stakeholder requirements
And then recommend:
- Compensating controls
- Design tweaks
- Technology alternatives
Example: You can not implement a certain DLP feature due to system limitations. A compensating control might be endpoint monitoring or encryption enforcement.
TOGAF and the Architecture Validation Lifecycle
The TOGAF framework is not just about design; it is about iterative validation. It includes phases for:
- Gap identification (Phase E)
- Risk analysis
- Evaluation of alternative solutions
- Stakeholder sign-off
- Governance checkpoints
TOGAF’s layered validation ensures that security is not a bolt-on; it is built-in.
Independent Verification and Validation (IV&V)
Independent assessment (e.g., internal audit, external consultants) helps:
- Avoid conflict of interest
- Evaluate whether the system meets both security and business goals
- Assure stakeholders of compliance, control effectiveness, and due care
Types of Validation:
| Type | Purpose |
| Staff | Are personnel certified and trustworthy (e.g., ISSAP, CISSP)? |
| Process | Are procedures documented and repeatable (e.g., CMM levels)? |
| Component | Are vendor tools evaluated (e.g., Common Criteria ISO 15408)? |
| System | Are end-to-end risks acceptable? |
| Vendor | Is your cloud/service provider ISO 27001 or SOC 2 compliant? |
ISSAP Training with InfosecTrain
Designing a security architecture is visionary. Validating it is operationally vital.
You are not just building for compliance. You are building for resilience.
Whether it is functional testing, regression validation, or independent audits, ISSAP Domain 2.2 empowers you to architect security that does not just look good; it performs under fire.
Want to master these design validation techniques?
InfosecTrain’s ISSAP Training Program gives you in-depth guidance, real-world labs, and expert mentorship to not only understand ISSAP Domain 2 but to implement it like a pro.
Build with clarity. Validate with confidence. Lead with purpose.
TRAINING CALENDAR of Upcoming Batches For
| Start Date | End Date | Start - End Time | Batch Type | Training Mode | Batch Status |
|---|