CASP+ Exam Overview
- Examination and certification goals
- The five domains of the exam
- Learning techniques
Module 1: Enterprise Security
Identifying security concerns in scenarios
- Exploring cryptographic techniques
- Advanced PKI concepts
Distinguishing between cryptographic concepts
- Entropy
- Confusion and diffusion
- Chain of trust
Securing enterprise storage
- Examining storage types and protocols
- Secure storage management
Analyzing network security architectures
- Designing secure networks
- Employing virtual networking solutions
Troubleshooting security controls for hosts
- Host security: trusted OS (Operating System), endpoint, host hardening
- Vulnerabilities in co-mingling of hosts
Differentiating application vulnerabilities
- Web application security
- Application security concerns
- Mitigating client-side vs. server-side processing
Module 2: Risk Management and Incident Response
Interpreting business and industry influences and risks
- Analyzing risk scenarios
- Identifying the impact of de-perimeterization
Executing risk mitigation planning, strategies, and control
- Assessing the CIA aggregate scores
- Making risk determination
Privacy policies and procedures
- Developing policies to support business objectives
- Safeguarding Personally Identifiable Information (PII)
Conduct incident response and recovery procedures
- Constructing a data inventory with e-discovery
- Minimizing the severity of data breaches
Module 3: Research, Analysis, and Assessment
Determining industry trends impact to the enterprise
- Performing ongoing research to support best practices
- Researching security requirements for contracts
Appropriate security document usage
- Request for Information (RFI)
- Request for Quote (RFQ)
- Request for Proposal (RFP)
Evaluating scenarios to determine how to secure the enterprise
- Conducting cost-benefit and security solution analysis
- Reviewing the effectiveness of existing security controls
Conducting an assessment and analyzing the results
- Determining appropriate tools for data gathering
- Identifying methods to perform assessments
Module 4: Integrating Computing, Communications, and Business Disciplines
Collaborating across diverse business units to achieve security goals
- Communicating with stakeholders
- Interpreting security requirements and providing guidance
- Identifying secure communications goals
Selecting controls for secure communications
- Utilizing unified collaboration tools
- Mobile devices
- Applying over-the-air technologies
Implementing security across the technology life cycle
- Selecting security controls
- Developing Security Requirements Traceability Matrices
Module 5: Technical Integration of Enterprise Components
Integrate devices into a secure enterprise architecture
- Securing data following existing security standards
- Applying technical deployment models
- Integrating storage and applications into the enterprise
Integrating advanced authentication and authorization technologies
- Implementing certificate-based and SSO authentication
- Applying federation solutions