Description

Overview

The CompTIA CASP+ is a highly specialized program and validates conceptualize, design and engineer secure IT solutions in an enterprise environment. Because of this, it’s highly valued among many employers, including financial corporations, government institutions and military departments.It is also ideally suited to top-level professionals employed by specialist cybersecurity solution providers.

When an organization suffers a security breach, they lose trust with the public and ultimately end up losing money. Organizations trust individuals with the CASP+ certification to protect their infrastructure and data and maintain their integrity for customers past, present, and future.

Cybersecurity is top of mind for nearly every organization out there and if it isn’t, it should be. Hands-on cybersecurity expertise is not just valuable, but also highly sought after. For those who have the skills, knowledge, and wherewithal, the CASP+ certification could prove to be a highly lucrative investment with major payoff in the end.

  • 63:55:00 Hours
  • 12 Months Access
  • Presented by highly qualified, industry leading experts

Course Details

Objectives

  • Implement cryptographic techniques.
  • Use research and analysis to secure the enterprise.
  • Integrate advanced authentication and authorization techniques.
  • Support IT governance in the enterprise with an emphasis on managing risk.
  • Implement security controls for hosts.
  • Leverage collaboration tools and technology to support enterprise security.
  • Implement network security.
  • Implement security in the systems and software development lifecycle.
  • Integrate hosts, storage, networks, applications, virtual environments, and cloud technologies in secure enterprise architecture.
  • Respond to and recover from security incidents.
  • Conduct security assessments.

Audience

  • IT professionals whose primary job responsibility is to secure complex enterprise environments.
  • Existing cybersecurity practitioners who wish to grow their skills to become top-level experts in their field.
  • Technical IT professionals that wish to grow their skills in areas such as Risk Management, Enterprise Security Architecture, Operations, Technical Integration of Enterprise Security Research, Development and Collaboration.

Prerequisites

  • Before starting your journey to become CompTIA Linux+ certified, we recommend that you meet the following prerequisites:

Prior tostartingCASP+ exam preparation

  • CompTIA Security+ certification.
  • CySA+ and PentTest+ is strongly recommended.
  • Minimum of 10 years of experience in atechnical IT role.

Prior to taking the CompTIA CASP+ exam:

  • Completion of ourCompTIA CASP+ training program.
  • At least five years of hands-on experience working with IT security in an enterprise environment.
  • Thorough understanding of all topics detailed in the exam objectives.

Course Outline

A thorough understanding of the CASP+ curriculum is an absolute must to pass your certification exam. Objectives of the CASP+ curriculum include establishing a solid understanding of risk management, clarifying enterprise security architecture, and growing research and collaboration skills to boost technical development of enterprise security.

Risk Management

  • Summarize business and industry influences and associated security risks.
  • Compare and contrast security, privacy policies and procedures based on organizational requirements.
  • Given a scenario, execute risk mitigation strategies and controls.
  • Analyze risk metric scenarios to secure the enterprise.

Enterprise Security Architecture

  • Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirements.
  • Analyze a scenario to integrate security controls for host devices to meet security requirements.
  • Analyze a scenario to integrate security controls for mobile and small form factor devices to meet security requirements.
  • Given software vulnerability scenarios, select appropriate security controls.

Enterprise Security Operations

  • Given a scenario, conduct a security assessment using the appropriate methods.
  • Analyze a scenario or output, and select the appropriate tool for a security assessment.
  • Given a scenario, implement incident response and recovery procedures.

Technical Integration of Enterprise Security

  • Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture.
  • Given a scenario, integrate cloud and virtualization technologies into a secure enterprise architecture.
  • Given a scenario, integrate and troubleshoot advanced authentication and authorization technologies to support enterprise security objectives.
  • Given a scenario, implement cryptographic techniques.
  • Given a scenario, select the appropriate control to secure communications and collaboration solutions.

Research, Development and Collaboration

  • Given a scenario, apply research methods to determine industry trends and their impact to the enterprise.
  • Given a scenario, implement security activities across the technology life cycle.
  • Explain the importance of interaction across diverse business units to achieve security goals.

Top of Form

SUPPORTING IT GOVERNANCE AND RISK MANAGEMENT

  • Overview
  • So You Want To Setup a Lab
  • Begin At The Beginning – Confidentiality
  • Begin at the Beginning – Integrity
  • Begin At The Beginning – Availability
  • Governance And Risk Management: Overview
  • Governance and Risk Management Risk Vocabulary
  • Governance and Risk Management Risk Management
  • Governance And Risk Management: Risk Analysis
  • Assess Risks: What is a Security Framework
  • Assess Risks: System Specific Risk Analysis
  • Assess Risks: Risk Determination
  • Assess Risks System Specific Risk Analysis
  • Risk Mitigation: What Is A Aggregate CIA Score
  • Risk Mitigation: What Are The CVSS And CVE
  • Risk Mitigation: Risk Responses
  • Risk Management Documentation: Best Practices
  • Risk Management Documentation: BCP
  • Risk Management Documentation: What Is A BIA
  • Risk Management Documentation: Downtime
  • Risk Management Documentation: Documents
  • T. Governance And Risk Management – Key Points

RESPONDING TO AND RECOVERING FROM INCIDENTS

  • Assess Risks ESA Framework Assessment Process
  • Incident Response Facilitators
  • Incident Response Facilitators Part 2
  • E-Discovery
  • Incident Response Review Questions
  • What is COOP
  • CSIRTs and Common Tools
  • Evidence Collection and Handling
  • Types of Evidence
  • Five Rules Of Evidence 5 B’s
  • Principles of Criminalistics
  • Investigation Process
  • Forensic Analysis of Compromised Systems
  • What is the Order of Volatility
  • Conducting Forensic Analysis with Autopsy
  • Responding To Incidents – Key Points

LEVERAGING COLLABORATION TO SUPPORT SECURITY

  • Collaboration: GRC And Controls
  • Collaboration: What Is An SCA
  • Collaboration: Solutions
  • Leveraging Collaboration – Key Points

USING RESEARCH AND ANALYSIS TO SECURE THE ENTERPRISE

  • Research And Analysis: Industry Trends
  • Research And Analysis: Artificial Intelligence
  • Research and Analysis Requirements for Contracts
  • Analyze Scenarios to Secure the Enterprise
  • Using Research And Analysis – Key Points

INTEGRATING ADVANCED AUTHENTICATION AND AUTHORIZATION TECHNIQUES

  • Authentication and Access Control
  • Authentication Factors and Controls
  • Authentication Types
  • Centralized Remote Authentication Services
  • Deep Dive: RADIUS
  • Deep Dive: 802.1X
  • What Is Authorization/OAuth2.0
  • What is XACML
  • Trusts Models and Kerberos
  • Trust Models and Kerberos Part 2
  • Directory Services and LDAP
  • Hands On: Establishing Peer Trusts
  • Authentication And Authorization Review Questions
  • Advanced Identity Concepts and Vocabulary
  • Identity Federation Methods
  • Advanced Identity Review Questions
  • Authentication And Authorization: Key Points

IMPLEMENTING CRYPTOGRAPHIC TECHNIQUES

  • Encryption
  • Hashing
  • Digital Signatures
  • Blockchain and Bitcoin
  • Hands On: Configuring A Blockchain
  • Public Key Infrastructure PKI – Design
  • Public Key Infrastructure PKI – Concepts
  • Cryptography Concepts
  • Stream Vs. Block Ciphers
  • Implement Cryptography
  • Implementing Cryptographic Techniques – Key Points

IMPLEMENTING SECURITY CONTROLS FOR HOSTS

  • Host Concepts and Vocabulary
  • Product Evaluation Models – TCSEC
  • Product Evaluation Models – ITSEC
  • Product Evaluation Models – Common Criteria
  • What is a Trusted OS
  • Types of Security Models
  • Bell-LaPadula
  • Biba
  • Clark-Wilson and Others
  • Access Control Concepts
  • Role-Based Access Control (RBAC)
  • Other Access Control Models
  • Endpoint Security
  • Host Review Questions
  • Hardening Hosts Concepts and Vocabulary
  • Peripherals
  • Full Disk Encryption
  • Hands-On: Hardening Windows Hosts, AppLocker
  • Virtualization Concepts and Vocabulary
  • Common VM Vulnerabilities
  • Hands-On: Creating Securing VM Using Virtualbox
  • Boot Loader Concepts and Vocabulary
  • Hands-On: Protecting Boot Loaders
  • Implementing Security Controls Hosts Key Points

SECURITY CONTROLS FOR MOBILE DEVICES

  • Mobile Deployment Models
  • MDM Concepts and Vocabulary
  • MDM Concepts and Vocabulary Part 2
  • Storage
  • Concepts and Vocabulary
  • Concepts and Vocabulary Part 2
  • Security Controls For Mobile Devices – Key Points
  • Concepts And Vocabulary

IMPLEMENTING NETWORK SECURITY

  • IDSs Vs IPSs Casp
  • What is a SIEM system
  • Network Security Concepts and Vocabulary
  • Hands-On Deploy Network Security Platform OPNsense
  • SoC, BASs, ICS and SCADA
  • Network-Enabled Devices Review Questions
  • Remote Access and IPv6
  • Network Authentication
  • Network Topologies and SDN
  • Optimizing Resource Placement
  • Advanced Network Design Review Questions
  • Network Security Controls Concepts Vocabulary
  • VLANS and Network Data Flow
  • DPI and HTTPS Inspection
  • Network Device Configurations
  • NAC and Alerting
  • Hands On: Implementing Network Monitoring Ntopng
  • Implementing Network Security – Key Points

IMPLEMENTING SECURITY IN THE SYSTEMS AND SOFTWARE DEVELOPMENT LIFECYCLE

  • What Is The Systems Development Life Cycle SDLC
  • Development Methodologies
  • What are the SDLC Phases
  • Security Requirements Traceability Matrix SRTM
  • Common Software Development Approaches
  • Common Software Development Methods
  • What about Validation and Acceptance Testing
  • SDLC Review Questions
  • Secure vs Insecure Direct Object References
  • Error Exception Handling Try…Catch Statements
  • What is Privilege Escalation
  • Overflows and Canaries
  • Memory Leaks
  • Races and Exhaustion
  • What is SQL Injection
  • What Is Session…
  • What is a Cross-Site Scripting XSS Attack
  • Cross-Site Request Forgery XSRF/CSRF Attack
  • What about Clickjacking and Cookie Hijacking
  • What is security by
  • Input Validation Fuzzing Application Sandboxing
  • WS-Security DAM and Software Assurance Tech
  • Implementing Security In The SDLC – Key Points

INTEGRATING ASSETS IN A SECURE ENTERPRISE ARCHITECTURE

  • Integrate Best Practices in Enterprise Security
  • Technical Deployment Models: What Is A Model
  • Technical Deployment Models: What Is Cloud
  • Cloud Security Services in the Enterprise
  • Secure Design: Vocabulary And Concepts
  • Secure Design: Vocabulary And Concepts Part 2
  • Secure Design: Review Questions
  • Data Security: Owners, Processors And Sovereignty
  • Data Security: Data Flow Security
  • Data Security: Data Remanence
  • Data Security: Provisioning And Deprovisioning
  • Data Security: Review Questions
  • Enterprise Applications: What are They
  • Enterprise Applications: Directory Svcs, DNS
  • Enterprise Applications: Directory Svsc, DNS Pt.2
  • Enterprise Applications: Hands On With DNS RRs
  • DNSSEC, Zone Transfers And TSIGs
  • DNSSEC, Zone Transfers And TSIG Part 2
  • DNSSEC, Zone Transfers And TSIG Part 3
  • Hands on With DNSSEC
  • Enterprise Applications: Configuration Management
  • Enterprise Applications: Review Questions
  • Integrating Assets – Key Points

CONDUCTING SECURITY ASSESSMENTS

  • Security Assessments: Types
  • Security Assessments: Application Code Review
  • Going Deeper: Vulnerability Scanning
  • Going Deeper: Testing Software
  • Software Testing Types
  • Software Testing Types Part 2
  • Logs, Memory And Debugging
  • Social Engineering
  • OSINT, Self-Assessments And Teaming
  • Security Assessments – Review Questions
  • Vulnerability Scanner (Nikto)
  • Port Scanner (Zenmap)
  • Protocol Analyzer (Wireshark)
  • Network Enumerator (Zenmap)
  • Password Cracker (John The Ripper)
  • Using a Fuzzer in Kali Linux
  • HTTP Interceptor (Burp Suite)
  • Exploitation Framework (Social-Engineer Toolkit)
  • Log Analysis In Kali (Grep And Cut)
  • OpenSCAP
  • Reverse Engineering (Strace)
  • Conducting Security Assessments – Key Points