CompTIA Advanced Security Practitioner (CASP)
|Number of Exams:
The CompTIA Advanced Security Practitioner (CASP) CAS-003 certification is a vendor-neutral credential.
The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge.
The CASP exam will certify the successful candidate has the technical knowledge and skills required to:
- Conceptualize, engineer, integrate and implement secure solutions across complex environments to support a resilient enterprise
- Apply critical thinking and judgment across a broad spectrum of security disciplines to propose, implement and advocate sustainable security solutions that map to organizational strategies, balance security requirements with business/regulatory requirements, analyze risk impact and respond to security incidents
The CASP certification is aimed at IT security professionals who have:
- A minimum of ten years of experience in IT administration, including at least five years of hands-on technical security experience
- The following recommended prerequisites: CompTIA Network+, Security+, CySA+ or equivalent experience
1.0 Risk Management
Summarize business and industry influences and associated security risks.
- Risk management of new products, new technologies and user behaviors
- New or changing business models/strategies
- Security concerns of integrating diverse industries
- Internal and external influences
- Impact of de-perimeterization (e.g., constantly changing network boundary
Compare and contrast security, privacy policies and procedures based on organizational requirements.
- Policy and process life cycle management
- Support legal compliance and advocacy by partnering with human resources, legal, management and other entities
- Understand common business documents to support security
- Research security requirements for contracts
- Understand general privacy principles for sensitive information
- Support the development of policies containing standard security practices
Given a scenario, execute risk mitigation strategies and controls.
- Categorize data types by impact levels based on CIA
- Incorporate stakeholder input into CIA impact-level decisions
- Determine minimum-required security controls based on aggregate score
- Select and implement controls based on CIA requirements and organizational policies
- Extreme scenario planning/ worst-case scenario
- Conduct system-specific risk analysis
- Make risk determination based upon known metrics
- Translate technical risks in business terms
- Recommend which strategy should be applied based on risk appetite
- Risk management processes
- Continuous improvement/monitoring
- Business continuity planning
- IT governance
- Enterprise resilience
Analyze risk metric scenarios to secure the enterprise.
- Review effectiveness of existing security controls
- Reverse engineer/deconstruct existing solutions
- Creation, collection and analysis of metrics
- Prototype and test multiple solutions
- Create benchmarks and compare to baselines
- Analyze and interpret trend data to anticipate cyber defense needs
- Analyze security solution metrics and attributes to ensure they meet business needs
- Use judgment to solve problems where the most secure solution is not feasible
2.0 Enterprise Security Architecture
Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
- Physical and virtual network and security devices
- Application and protocol-aware technologies
- Advanced network design (wired/wireless)
- Complex network security solutions for data flow
- Secure configuration and baselining of networking and security components
- Software-defined networking
- Network management and monitoring tools
- Advanced configuration of routers, switches and other network devices
- Security zones
- Network access control
- Network-enabled devices
- Critical infrastructure
Analyze a scenario to integrate security controls for host devices to meet security requirements.
- Trusted OS (e.g., how and when to use it)
- Endpoint security software
- Host hardening
- Boot loader protections
- Vulnerabilities associated with hardware
- Terminal services/application delivery services
Analyze a scenario to integrate security controls for mobile and small form factor devices to meet security requirements.
- Enterprise mobility management
- Security implications/privacy concerns
- Wearable technology
Given software vulnerability scenarios, select appropriate security controls.
- Application security design considerations
- Specific application issues
- Application sandboxing
- Secure encrypted enclaves
- Database activity monitor
- Web application firewalls
- Client-side processing vs. server-side processing
- Operating system vulnerabilities
- Firmware vulnerabilities
3.0 Enterprise Security Operations
Given a scenario, conduct a security assessment using the appropriate methods.
Analyze a scenario or output, and select the appropriate tool for a security assessment.
- Network tool types
- Host tool types
- Physical security tools
Given a scenario, implement incident response and recovery procedures.
- Data breach
- Facilitate incident detection and response
- Incident and emergency response
- Incident response support tools
- Severity of incident or breach
- Post-incident response
4.0 Technical Integration of Enterprise Security
Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture.
- Adapt data flow security to meet changing business needs
- Interoperability issues
- Resilience issues
- Data security considerations
- Resources provisioning and deprovisioning
- Design considerations during mergers, acquisitions and demergers/divestitures
- Network secure segmentation and delegation
- Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
- Security and privacy considerations of storage integration
- Security implications of integrating enterprise applications
Given a scenario, integrate cloud and virtualization technologies into a secure enterprise architecture.
- Technical deployment models (outsourcing/insourcing/ managed services/partnership)
- Security advantages and disadvantages of virtualization
- Cloud augmented security services
- Vulnerabilities associated with comingling of hosts with different security requirements
- Data security considerations
- Resources provisioning and deprovisioning
Given a scenario, integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives.
- Identity proofing
- Identity propagation
- Trust models
Given a scenario, implement cryptographic techniques.
Given a scenario, select the appropriate control to secure communications and collaboration solutions.
- Remote access
- Unified collaboration tools
5.0 Research, Development and Collaboration
Given a scenario, apply research methods to determine industry trends and their impact to the enterprise.
- Perform ongoing research
- Threat intelligence
- Research security implications of emerging business tools
- Global IA industry/community
Given a scenario, implement security activities across the technology life cycle.
- Systems development life cycle
- Software development life cycle
- Adapt solutions to address
- Asset management (inventory control)
Explain the importance of interaction across diverse business units to achieve security goals.
- Interpreting security requirements and goals to communicate with stakeholders from other disciplines
- Provide objective guidance and impartial recommendations to staff and senior management on security processes and controls
- Establish effective collaboration within teams to implement secure solutions
- Governance, risk and compliance committee
Alabama Computer Solutions is your best choice for CompTIA CASP,
CompTIA CASP training,
CompTIA CASP certification,
CompTIA CASP certification boot camp,
CompTIA CASP boot camp,
CompTIA CASP certification training,
CompTIA CASP boot camp training,
CompTIA CASP boot camp certification,
CompTIA CASP certification course,
CompTIA CASP course,
training CompTIA CASP,
certification CompTIA CASP,
boot camp CompTIA CASP,
certification CompTIA CASP boot camp,
certification CompTIA CASP training,
boot camp CompTIA CASP training,
certification CompTIA CASP course.