CompTIA Advanced Security Practitioner CASP+
Select an option below to show price
CASP is the highest Security Level course offered by CompTIA
Designed for hands-on and performance-based practitioners
Advanced-level training in risk management, enterprise security operations and architecture, research and collaboration and integration of enterprise security
This completes your CompTIA Cyber Security certifications
Average Salary Indicator
CompTIA Advanced Security Practitioner CASP+
The CompTIA Advanced Security Practitioner CASP+ provides advanced-level training in risk management, enterprise security operations and architecture, research and collaboration, and integration of enterprise security. The CASP certification is the highest-level security certification offered by CompTIA.
Advance your skills in the following areas:
- Risk Management
- Enterprise Security Architecture
- Enterprise Security Operations
- Technical Integration of Enterprise Security
- Research, Development and Collaboration
This course is intended for advanced students and Cyber Security practitioners who will implement cyber Security. Successful completion of pre-requisite courses in Security+ and CySA+/PenTest+ is highly recommended.
Module 1 - Risk Management
In this module, you will learn how to identify and mitigate security risks.
1. Summarize business and industry influences and associated security risks.
• In this topic, you will learn about risk management, emerging business strategies, security
concerns of integrating diverse industries, internal and external influences, and the impact
of de-perimeterization on an organization’s security.
2. Compare and contrast security, privacy policies and procedures based on organizational
requirements
• In this topic, you will learn about policy and process life cycle management, supporting
legal compliance, common security-related business documents and their requirements,
general privacy principles, and developing standard security practice policies.
3. Given a scenario, execute risk mitigation strategies and controls
• In this topic, you will learn how to implement CIA in data categorization, impact-level
decisions, and control implementation. You will learn about extreme scenario planning,
making risk determinations, translating technical risks into business terms and
recommending a risk strategy and management process. You will also learn about
continuous process improvement, business continuity planning, IT governance, and
enterprise resilience.
4. Analyze risk metric scenarios to secure the enterprise
• In this topic, you will review the effectiveness of, and deconstruct, existing security
controls, test and analyze security solutions, compare benchmarks to baselines, interpret
cybersecurity trend data, and use judgment to solve problems.
Module 2 - Enterprise Security Architecture
1. Analyze a scenario and integrate network and security components, concepts and architectures
to meet security requirements
• In this topic, you will learn about physical and virtual network and security devices,
application- and protocol-aware technologies, advanced network design concepts and
device configuration, and complex network security solutions. You will also learn about
software-defined networking, network management tools, security zones and network
access control, other network-enabled devices, and critical infrastructure.
2. Analyze a scenario to integrate security controls for host devices to meet security requirements
• In this topic, you will learn about Trust OS, endpoint security, host hardening, boot loader
protection, hardware vulnerabilities, and terminal services.
3. Analyze a scenario to integrate security controls for mobile and small form factor devices to
meet security requirements
• In this topic, you will learn about enterprise mobility management including security and
privacy concerns. You will also learn about wearable technology.
4. Given software vulnerability scenarios, select appropriate security controls
• In this topic, you will learn about application security design considerations, specific
application issues, sandboxing and encrypted enclaves, database activity monitoring,
web application firewalls, client-side and server-side processing, OS vulnerabilities, and
firmware vulnerabilities.
Module 3 - Enterprise Security Operations
1. Given a scenario, conduct a security assessment using the appropriate methods
• In this topic, you will learn about security assessment methodologies and types.
2. Analyze a scenario or output, and select the appropriate tool for a security assessment
• In this topic, you will learn about network, host, and physical security tool types.
3. Given a scenario, implement incident response and recovery procedures
• In this topic, you will learn about e-discovery, data breaches, incident detection and
emergency response, tools for incident response, incident severity and post-incident
response.
Module 4 - Technical Integration of Enterprise Security
1. Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise
architecture
• In this topic, you will adapt data flow security to meet changing business needs,
incorporate standards, address interoperability and resilience issues, describe data security
considerations, and explain resource provisioning. You will also learn about design
considerations during mergers and demergers, secure network segmentation, logical and
physical deployment diagrams, and security implications in storage and enterprise
application integration.
2. Given a scenario, integrate cloud and virtualization technologies into a secure enterprise
architecture
• In this topic, you will learn about technical deployment models, virtualization, cloud
services, the risk of comingling hosts with different security requirements, data security
considerations and resource provisioning/deprovisioning.
3. Given a scenario, integrate and troubleshoot advanced authentication and authorization
technologies to support enterprise security objectives
• In this topic, you will learn about authentication, authorization, attestation, identity
proofing, identity propagation, federation, and trust models.
4. Given a scenario, implement cryptographic techniques
• In this topic, you will learn about different cryptographic techniques and
implementations.
5. Given a scenario, select the appropriate control to secure communications and collaboration
solutions
• In this topic, you will learn about remote access and unified collaboration tools
Module 5 - Research, Development and Collaboration
In this topic, you will update your knowledge of managing Windows 10 in an enterprise, including
managing a mobile workforce and an overview of Enterprise Mobility + Security.
1. Given a scenario, apply research methods to determine industry trends and their impact to the
enterprise
• In this topic, you will learn about performing ongoing research including threat
intelligence, emerging tools, and the global IA industry/community.
2. Given a scenario, implement security activities across the technology life cycle
• In this topic, you will learn about the SDLC and other systems/software development
methodologies, adapt solutions to address emerging threats, and asset management.
3. Explain the importance of interaction across diverse business units to achieve security goals
• In this topic, you will learn how to interpret and communicate security goals with diverse
stakeholders, provide guidance to staff and senior management on security processes
and controls, and establish security collaboration and a governance committee.
Additional information
Course Name | CompTIA Advanced Security Practitioner CASP+ |
---|---|
Course Code | casp-003 |
Awarded By | CompTIA (EXAMS NOT INCLUDED) |
Hours | 28 |
Included In Bundles | Yes |
Access | 12 Months |
Prior courses / experience needed | Minimum 10 years experience in IT administration, including at least five years of hands-on technical security experience. CompTIA Security +, CySA + and PenTest+ Advisable |
Exam Code | CompTIA CASP+ CAS-003 |
Practise Lab Available | CAS-003 CompTIA CASP+ |
Part of a Badge with multiple courses | Yes CompTIA offer Stackable certifications. Get in touch for further details |
Just some of the job roles available
Security Architect
Application Security Engineer
Technical Lead Analyst
Security Engineer
Cyber Security Manager
Find out more about CompTIA certificates
All delivered through our world class learning portal
Navigation and Controls
Our self paced training programmes allow you to study anywhere at any time. Pause, Rewind and play as many times as you like with 24 hour access.
Expert instructor led training
Our instructors are experts in the IT industry with a minimum of 15 years real world experience backed with many certifications in their subject of expertise
Visual demonstrations and multimedia presentations
Expert-led demonstrations and content rich presentations allow ITcertify students to develop their skills based on real world scenarios
Quizzes and exam simulators
Custom made practice exams reflect progress you have made throughout the course. Practice quizzes after each module build your confidence before moving to the next level.
Flash cards and educational games
ITcertify understand every student is unique and learns at a different pace. Our Flashcards and Educational Games are engineered to keep you engaged and 100% focused by providing a bit more fun to learning.