Overview
-
Prepare for domain 1 of the CompTIA Advanced Security Practitioner (CASP+) exam. Review topics to better understand risk management and its impact on leaders' decision-making.
Syllabus
-
Introduction
- Welcome
- What you should know
- About the exam
- Risk management fundamentals
- The CIA triad
- Data security classification
- Stakeholders input into CIA decision making
- Access control categories
- Access control types
- The aggregate CIA score
- Extreme scenario and worst-case scenario planning
- Extreme scenario and worst-case scenario example
- System-specific risk analysis
- Risk determination
- Magnitude of impact
- Likelihood of threat
- Return on investment
- Total cost of ownership
- Risk management strategies
- Risk management process
- Continuous improvement and monitoring
- Business continuity planning (BCP)
- IT governance
- Risk management of new products, technologies, and user behaviors
- Business models and strategies
- Partnerships
- Outsourcing
- Third-party outsourcing and security
- Cloud
- Acquisition or mergers and divestiture or demerger
- Integrating diverse industries
- Internal and external influences
- De-perimeterization
- Changes and policy development
- Changes and process or procedure development
- Legal and regulatory compliance
- Risk assessment or Statement of Applicability
- Business Impact Analysis
- Interoperability Agreement and Interconnection Security Agreement
- Memorandum of Understanding
- Service Level Agreement and Operating Level agreement
- Non-Disclosure Agreement
- Business Partnership Agreement
- Master service agreement
- Privacy considerations
- Separation of duties
- Job rotation and mandatory vacations
- Least privilege
- Incident response
- Digital forensics
- Employment and termination procedures
- Continuous monitoring
- User training and awareness
- Auditing requirements and frequency
- Benchmarks and baselines
- Prototyping and multiple test solutions
- Cost benefit analysis
- Metrics collection and analysis
- Analyzing and interpreting trend data
- Reviewing security controls
- Reverse engineering and deconstructing security solutions
- Analyzing security solutions to meet your business' needs
- videos learned and after-action reports
- Solving difficult problems that have no right answer
- Next steps
