CompTIA Advanced Security Practitioner (CASP+)

Popis kurzu

In this course, which prepares you for the CompTIA Advanced Security Practitioner exam (CAS-003),you will expand on your knowledge of information security to apply more advanced principles that will keep your organization safe from the many ways it can be threatened. You'll apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement sustainable security solutions that map to organizational strategies; translate business needs into security requirements; support IT governance and risk management; architect security for hosts, networks, and software; respond to security incidents; and more.

In this course, which prepares you for the CompTIA Advanced Security Practitioner exam (CAS-003),you will expand on your knowledge of information security to apply more advanced principles that will keep your organization safe from the many ways it can be threatened. You'll apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement sustainable security solutions that map to organizational strategies; translate business needs into security requirements; support IT governance and risk management; architect security for hosts, networks, and software; respond to security incidents; and more.

Určeno pro

The CASP certification is designed for IT security professionals who have a minimum of ten years of experience in IT administration, including at least five years of hands-on technical security experience. The target audience for this course consists of systems/network/application security professionals that are preparing for the CASP exam. The CASP certification exam is also accredited by ANSI to show compliance with the ISO 17024 standard for individuals who need it. Another audience consists of any IT professional who wants to gain an advanced understanding of how to secure modern enterprises beyond the Security+ or SSCP certifications.

Obsah kurzu

After reading this text, you will be able to:

• Support IT governance in the enterprise with an emphasis on managing risk


• Leverage collaboration tools and technology to support enterprise security


• Use research and analysis to secure the enterprise


• Integrate advanced authentication and authorization techniques


• Implement cryptographic techniques


• Implement security controls for hosts


• Implement security controls for mobile devices


• Implement network security


• Implement security in the systems and software development lifecycle


• Integrate hosts, storage, networks, applications, virtual environments, and cloud technologies in a secure enterprise architecture


• Conduct security assessments


• Respond to and recover from security incidents

COURSE OUTLINE

SUPPORTING IT GOVERNANCE AND RISK MANAGEMENT

• Identify the Importance of IT Governance and Risk Management


• Assess Risk


• Mitigate Risk


• Integrate Documentation into Risk Management

LEVERAGING COLLABORATION TO SUPPORT SECURITY

• Facilitate Collaboration Across Business Units


• Secure Communications and Collaboration Solutions

USING RESEARCH AND ANALYSIS TO SECURE THE ENTERPRISE

• Determine Industry Trends and Their Effects on the Enterprise


• Analyze Scenarios to Secure the Enterprise

INTEGRATING ADVANCED AUTHENTICATION AND AUTHORIZATION TECHNIQUES

• Implement Authentication and Authorization Technologies


• Implement Advanced Identity and Access Management

IMPLEMENTING CRYPTOGRAPHIC TECHNIQUES

• Select Cryptographic Techniques


• Implement Cryptography

IMPLEMENTING SECURITY CONTROLS FOR HOSTS

• Select Host Hardware and Software


• Harden Hosts


• Virtualize Servers and Desktops


• Protect Boot Loaders

IMPLEMENTING SECURITY CONTROLS FOR MOBILE DEVICES

• Implement Mobile Device Management


• Address Security and Privacy Concerns for Mobile Devices

IMPLEMENTING NETWORK SECURITY

• Plan Deployment of Network Security Components and Devices


• Plan Deployment of Network-Enabled Devices


• Implement Advanced Network Design


• Implement Network Security Controls

IMPLEMENTING SECURITY IN THE SYSTEMS AND SOFTWARE DEVELOPMENT LIFECYCLE

• Implement Security Throughout the Technology Lifecycle


• Identify General Application Vulnerabilities


• Identify Web Application Vulnerabilities


• Implement Application Security Controls

INTEGRATING ASSETS IN A SECURE ENTERPRISE ARCHITECTURE

• Integrate Standards and Best Practices in Enterprise Security


• Select Technical Deployment Models


• Integrate Cloud-Augmented Security Services


• Secure the Design of the Enterprise Infrastructure


• Integrate Data Security in the Enterprise Architecture


• Integrate Enterprise Applications in a Secure Architecture

CONDUCTING SECURITY ASSESSMENTS

• Select Security Assessment Methods


• Perform Security Assessments with Appropriate Tools

RESPONDING TO AND RECOVERING FROM INCIDENTS

• Prepare for Incident Response and Forensic Investigations


• Conduct Incident Response and Forensic Analysis

Studijní materiály