8 minute read
0 Governance, Risk, and Compliance
CASP+ EXAM OBJECTIVES
DOMAINN
Advertisement
• 1.0 Security Architecture • 2.0 Security Operations • 3.0 Security Engineering and Cryptography • 4.0 Governance, Risk, and Compliance • TOTAL
PERCENTAGE OF EXAMINATION
• 29% • 30% • 26% a • 15% a a • 100
CASP+ OVERVIEW
• CompTIA Advanced Security Practitioner (CASP+) is an advanced-level cybersecurity certification • CASP+ is ideal for security architects and senior security engineers charged with leading and improving an enterprise’s cybersecurity readiness • CASP+ is an advanced hands-on, performance-based certification for cybersecurity practitioners — not managers • CASP+ covers both security architecture and engineering which prepares the
SECURITY ARCHITECTURE
TOPICS FOR SECURITY ARCHITECTURE
Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network • IT services • Network Segmentation • Deperimiterization and Zero Trust • Merging Networks from
TOPICS FOR SECURITY ARCHITECTURE
Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design • Scalability • Resiliency • Automation • Performance • Containerization • Virtualization • Content Delivery Network • Caching
TOPICS FOR SECURITY ARCHITECTURE
Given a scenario, integrate software applications securely into an enterprise architecture • Baselines and templates • Software assurance • Considerations
TOPICS FOR SECURITY ARCHITECTURE
Given a scenario, implement data security techniques for securing enterprise architecture • Data loss prevention • Data loss detection • Data classification, labeling, and tagging • Obfuscation • Anonymization • Encrypted vs. unencrypted • Data life cycle • Data inventory and mapping • Data integrity management • Data storage, backup, and recovery
TOPICS FOR SECURITY ARCHITECTURE
Given a set of requirements, implement secure cloud and virtualization solutions • Virtualization strategies • Provisioning and deprovisioning • Middleware • Metadata and tags • Deployment models and considerations • Hosting models • Service models • Cloud provider limitations • Extending appropriate on-premises controls • Storage models
TOPICS FOR SECURITY ARCHITECTURE
Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements • Privacy and confidentiality requirements • Integrity requirements • Non-repudiation • Compliance and policy requirements • Common PKI use cases
TOPICS FOR SECURITY ARCHITECTURE
Biometric impersonation
Explain the impact of emerging technologies on enterprise security and privacy • Artificial intelligence • Machine learning • Quantum computing • Blockchain • Homomorphic encryption • Secure multiparty computation • Distributed consensus • Big data • Virtual and augmented reality • 3-D printing • Passwordless authentication • Nano technology • Deep learning • Biometric impersonation
SECURITY OPERATIONS
TOPICS FOR SECURITY OPERATIONS
Given a scenario, perform threat management activities • Intelligence types • Actor types • Threat actor properties • Frameworks
TOPICS FOR SECURITY OPERATIONS
Given a scenario, perform vulnerability management activities • Vulnerability scans • Security Content Automation Protocol (SCAP) • Self-assessment vs. third-party vendor assessment • Information sources
TOPICS FOR SECURITY OPERATIONS
Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools • Methods • Tools • Dependency management • Requirements
TOPICS FOR SECURITY OPERATIONS
Given a scenario, analyze vulnerabilities and recommend risk mitigations • Vulnerabilities • Inherently vulnerable systems and applications • Attacks
TOPICS FOR SECURITY OPERATIONS
Given a scenario, use processes to reduce risk • Proactive and detection • Security data analytics • Preventive • Application control • Security automation • Physical security
TOPICS FOR SECURITY OPERATIONS
Given an incident, implement the appropriate response • Event classifications • Triage event • Preescalation tasks • Incident response process • Specific response playbooks and processes • Communication plan • Stakeholder management
TOPICS FOR SECURITY OPERATIONS
• Explain the importance of forensic concepts • Legal vs. internal corporate purposes • Forensic process • Integrity preservation • Cryptanalysis • Steganlysis
TOPICS FOR SECURITY OPERATIONS
Given a scenario, use forensic analysis tools • File carving tools • Binary analysis tools • Analysis tools • Imaging tools • Hashing utilities • Live collection vs. post-mortem tools
SECURITY ENGINEERING AND CRYPTOGRAPHY
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY
Given a scenario, apply secure configurations to enterprise mobility • Managed configurations • Deployment scenarios • Security considerations
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY
Given a scenario, configure and implement endpoint security controls • Hardening techniques • Processes • Mandatory access control • Trustworthy computing • Compensating controls
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY
Explain security considerations impacting specific sectors and operational technologies • Embedded systems • ICS/Supervisory Control and Data Acquisition (SCADA) • Protocols • Sectors
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY
Explain how cloud technology adoption impacts organizational security • Automation and orchestration • Encryption configuration • Logs • Monitoring configurations • Key ownership and location • Key life-cycle management • Backup and recovery methods Infrastructure vs. serverless computing • Application virtualization • Software-defined networking • Misconfigurations • Collaboration tools • Storage configurations • Cloud Access Security Broker (CASB)
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY
Given a business requirement, implement the appropriate PKI solution • PKI hierarchy • Certificate types • Certificate usages/profiles/templates • Extensions • Trusted providers • Trust model • Cross-certification • Configure profiles
• Life-cycle management • Public and private keys • Digital signature • Certificate pinning • Certificate stapling • Certificate Signing Requests (CSR) • Online Certificate Status Protocol (OCSP) vs. Certificate
Revocation List (CRL) • HTTP Strict Transport Security (HSTS)
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY
Given a business requirement, implement the appropriate cryptographic protocols and algorithms • Hashing • Symmetric algorithms • Asymmetric algorithms • Protocols • Elliptic Curve Cryptography (ECC) • Forward secrecy • Authenticated encryption with associated data • Key stretching
TOPICS FOR SECURITY ENGINEERING AND CRYPTOGRAPHY
Given a scenario, troubleshoot issues with cryptographic implementations • Implementation and configuration issues • Keys
GOVERNANCE,RISK AND COMPLIANCE
TOPICS FOR GOVERNANCE, RISK, AND COMPLIANCE
Given a business requirement, implement the appropriate cryptographic protocols and algorithms • Given a set of requirements, apply the appropriate risk strategies • Risk assessment • Risk handling techniques • Risk types • Risk management life-cycle • Risk tracking • Risk appetite vs. risk tolerance • Policies and security practices
TOPICS FOR GOVERNANCE, RISK, AND COMPLIANCE
Explain the importance of managing and mitigating vendor risk Shared responsibility model (roles/responsibilities) • Vendor lock-in and vendor lockout • Vendor viability • Meeting client requirements • Support availability • Geographical considerations • Supply chain visibility • Incident reporting requirements • Source code escrows • Ongoing vendor assessment tools • Third-party dependencies • Technical considerations
TOPICS FOR GOVERNANCE, RISK, AND COMPLIANCE
Explain compliance frameworks and legal considerations, and their organizational impact • Security concerns of integrating diverse industries • Data considerations • Geographic considerations • Third-party attestation of compliance • Regulations, accreditations, and standards • Legal considerations • Contract and agreement types
TOPICS FOR GOVERNANCE, RISK, AND COMPLIANCE
Explain the importance of business continuity and disaster recovery concepts • Business Impact Analysis (BIA) • Privacy Impact Assessment (PIA) • Disaster Recovery Plan (DRP) / Business Continuity Plan (BCP) • Incident response plan • Testing plans
RECORDED WEBINAR VIDEO
To watch the recorded webinar video for live demos, please access the link: https://bit.ly/3ozUMOC
ABOUT NETCOM LEARNING
100K+
Professionals trained
96%
Of customers recommend us toothers
Microsoft’s
Worldwidetraining partner of the year
14K+
Corporate clients
8.6/9
Instructor evaluations
80%
Trained ofthe Fortune100
3500
IT, Business & Soft Skillscourses
20+
Leadingvendors recognitions
Top20
ITTraining Company NetCom Learning is an award-winning global leader in managed learning services, training and talentdevelopment.
Founded : 1998 Headquarters : New YorkCity
DeliveryCapability : Worldwide
CEO : RussellSarder
RECOMMENDED COURSES AND MARKETING ASSETS
NetCom Learning offers a comprehensive portfolio for Security » CompTIA Security+ Certification Prep (Exam SY0-601) - Class Scheduled on Nov 1 » CompTIA Network+ Certification Prep (Exam N10-007) - Class Scheduled on Nov 1 »CompTIA A+ Certification Prep (Exam 220-1002) - Class Scheduled on Nov 15 »CompTIA Advanced Security Practitioner (CASP+) Certification Prep (Exam CAS-004) - Class Scheduled on Dec 13
You can also access the below Marketing Assets
» Free 1hr Training - Learn the A to Z of IT Fundamentals with CompTIA A+ Certification » Free On-Demand Training - 3 Key Cyber Threat Tools to Defend Your Data » Blog - CompTIA Security+ Certification For Enterprise Network Security: Advantages
UPCOMING WEBINARS
▪ Getting started with Microsoft Azure Data Fundamentals in 30 Minutes ▪ Microsoft Azure Administrator Master Class is a complimentary 3.5 Hour Instructor-led
Virtual session ▪ Managing Cisco Secure Workload to Protect your Cloud-Native Applications ▪ Architecting on AWS: Master Best Practices in 30 Minutes ▪ AWS Discovery Day - An official introduction to the core concepts of cloud and AWS ▪ Learn the 5 Pillars of CompTIA Advanced Security Practitioner+ (CASP+) and Master the New CASP Exam ▪ Getting started with Microsoft Azure Data Fundamentals in 30 Minutes ▪ Validate your Skills with Cisco DevNet Certification for DevOps ▪ An Introduction to ITIL®4 Managing Professional Transition ▪ AWS Discovery Day - An official introduction to the core concepts of cloud and AWS & More
PROMOTIONS
Access Your Passport To A Year Full Of Learning!
Now fulfill all your training needs without disturbing your business funds. Choose from the bundle of our Learning Saving Pass (LSP) pre-pay plans and get up to 100% value back on your investment. Unlock Now
PROMOTIONS
Free Cybersecurity Training
NetCom Learning brings an immersive two-hour, instructor-led Free Training on Cybersecurity that is designed to help businesses understand the importance of Cybersecurity in today’s digital world and gain expert insights into how security breaches can affect a business.. Learn More
PROMOTIONS
Worry-Free Training with Price Match Guarantee
Our Price Match Guarantee ensures that we'll match the offers of any other authorized training provider if you succeed at finding anyone offering the same publicly scheduled class within 30 days of our schedule at a lower regular price. Learn More
FOLLOWUS ON
LinkedIn Instagram Twitter YouTube
BUILDING AN INNOVATIVE LEARNING ORG.
A BOOK FROM RUSSELL SARDER, CEO AT NETCOM LEARNING
A framework to build a smarter workforce, adapt to change and drive growth.
DOWNLOADe-book
Thankyou
