Professional Training

It is an advanced level of cybersecurity certification which cover technical skills in security architecture and senior security engineering in traditional, cloud, and hybrid environments, as governance, risk, and compliance skills. CASP+ practitioner assesses an enterprise cybersecurity readiness and leads the technical team to implement enterprise-wide cybersecurity solutions.

Curriculum

Domain 1—SECURITY ARCHITECTURE (30%)

• Services
• Segmentation
• Deperimeterization/zero trust
• Merging of networks from various organizations
• Software-defined network (SDN)
• Scalability
• Resiliency
• Automation
• Performance
• Containerization
• Virtualization
• Content delivery network
• Caching
• Baseline and templates
• Software Assurance
• Considerations of integrating enterprise applications
• Integrating security into the development life cycle
• Data loss prevention
• Data loss detection
• Data classification, labeling, and tagging.
• Obfuscation
• Anonymization
• Encrypted vs are unencrypted.
• Data life cycle
• Data inventory and mapping
• Data integrity management
• Data storage, backup, and recovery
• Credential management
• Password policies
• Federation
• Access control
• Protocols
• Multifactor authentication (MFA)
• One-time password (OTP)
• Hardware root of trust
• Single sign-on (SSO)
• JavaScript Object Notation (JSON) web token (JWT)
• Virtualization strategies
• Provisioning and de-provisioning
• Middleware
• Metadata and tags
• Deployment models and considerations
• Hosting models
• Service models
• Cloud provider limitations
• Extending appropriate on-premises controls
• Storage models
• Privacy and confidentiality requirements
• Integrity requirements
• Non-repudiation
• Compliance and policy requirements
• Common cryptography use cases
• Common PKI use cases
• Artificial intelligence
• Machine learning
• Quantum computing
• Blockchain
• Homomorphic
• Secure multiparty computation
• Distributed consensus
• Big Data
• Virtual/augmented reality
• 3-D printing
• Passwordless authentication
• Nanotechnology
• Deep learning
• Biometric impersonation

Domain 2—SECURITY OPERATIONS (30%)

• Intelligence types
• Actor types
• Threat actor properties
• Frameworks
• Indicators of compromise
• Response
• Vulnerability scans
• Security Content Automation Protocols (SCAP)
• Self-assessment vs third-party vendor assessment
• Patch management
• Information sources
• Vulnerability assessment and penetration testing methods and tools
• Dependencies management
• Requirements
• Vulnerabilities
• Inherently vulnerable system/application
• Attacks
• Processes to reduce risk (Proactive and detection, security data analysis, prevention, application control, security automation, physical security)
• Implementing the appropriate response to an incident (Event classifications, Triage event, pre-escalation task, incident response process, specific response play/processes, Communication plan, Stakeholder management)
• Importance of forensic concepts (legal vs internal corporate purposes, integrity preservation, Cryptanalysis, Steganalysis)
• Forensic analysis tools (File carving tools, Binary analysis tools, Analysis tools, imaging tools, Hashing utilities, Live collection vs post-mortem tools)

Domain 3—SECURITY ENGINEERING AND CRYPTOGRAPHY (26%)

• Managed configurations
• Deployment scenarios
• Security considerations
• Hardening techniques
• Processes
• Mandatory access control
• Trustworthy computing
• Compensating controls
• Security considerations impacting the specific sector and operational techniques (Embedded, ICS/supervisory control and data acquisition, Protocols, Sectors)
• How cloud technology adoption impacts organizational security
• Business requirement, implement the appropriate PKI.
• Implementing the appropriate protocols and algorithms
• Troubleshooting issues with cryptographic implementations

Domain 4—GOVERNANCE, RISK, AND COMPLIANCE (15%)

• Given a set of requirements, apply the appropriate risk strategies.
• Managing and mitigating vendor risk
• Explain compliance framework and legal consideration and their organizational impact.
• Disaster recovery concepts.

Domain 5—COMPLIANCE AND ASSESSMENT (13%)

• Privacy vs security
• Audit and assessment

Who should learn CASP+?

• Security Architect
• Security Engineer
• Technical lead Analyst
• Application Security Engineer

What will I be able to do at the end of the training?

• Implement security controls for the host.
• Implement security controls for mobile devices.
• Implement network security.
• Implement cryptography techniques.
• Integrate advanced authentication and authorization techniques.
• Use research and analysis to secure the enterprise.
• Conduct security assessment.
• Respond to and recover from a security incident.