CASP+ is an advanced-level cybersecurity certification covering technical skills in security architecture and senior security engineering in traditional, cloud, and hybrid environments, governance, risk, and compliance skills, assessing an enterprise’s cybersecurity readiness, and leading technical teams to implement enterprise-wide cybersecurity solutions.
- Distinguish and select among different types of virtualized, distributed and shared computing
- Explain the security implications of enterprise storage
- Integrate hosts, networks, infrastructures, applications and storage into secure comprehensive solutions
- Explain the importance of application security
- Carry out security activities across the technology life cycle
- Carry out relevant analysis for the purpose of securing the enterprise
- To integrate and implement secure solutions across complex environments to support a resilient enterprise
- Use monitoring, detection, incident response and automation to proactively support ongoing security operations in an enterprise environment
- Apply security practices to cloud, on-premises, endpoint and mobile infrastructure, while considering cryptographic technologies and techniques
- Consider the impact of governance, risk and compliance requirements throughout the enterprise
Module 1: Security Architecture
- Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network.
- Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design.
- Given a scenario, integrate software applications securely into an enterprise architecture.
- Given a scenario, implement data security techniques for securing enterprise architecture.
- Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls
- Given a set of requirements, implement secure cloud and virtualization solutions.
- Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements
- Explain the impact of emerging technologies on enterprise security and privacy.
Module 2: Security Operations
- Given a scenario, perform threat management activities.
- Given a scenario, analyze indicators of compromise and formulate an appropriate response
- Given a scenario, perform vulnerability management activities.
- Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools.
- Given a scenario, analyze vulnerabilities and recommend risk mitigations.
- Given a scenario, use processes to reduce risk
- Given an incident, implement the appropriate response.
- Explain the importance of forensic concepts.
- Given a scenario, use forensic analysis tools.
Module 3: Security Engineering and Cryptography
- Given a scenario, apply secure configurations to enterprise mobility.
- Given a scenario, configure and implement endpoint security controls.
- Explain security considerations impacting specific sectors and operational technologies.
- Explain how cloud technology adoption impacts organizational security
- Given a business requirement, implement the appropriate PKI solution.
- Given a business requirement, implement the appropriate cryptographic protocols and algorithms
- Given a scenario, troubleshoot issues with cryptographic implementations.
Module 4: Governance, Risk, and Compliance
- Given a set of requirements, apply the appropriate risk strategies
- Explain the importance of managing and mitigating vendor risk.
- Explain compliance frameworks and legal considerations, and their organizational impact.
- Explain the importance of business continuity and disaster recovery concepts
Security Architect, SOC Manager, Senior Security Engineer, Security Analyst