lessphp fatal error: load error: failed to find /eno2-website/wp-content/themes/theme49141/bootstrap/less/bootstrap.lesslessphp fatal error: load error: failed to find /eno2-website/wp-content/themes/theme49141/style.less CAP Certification Training | Certified Authorization Professional Training

CAP Certification Training | Certified Authorization Professional Training

Print Friendly, PDF & Email
Introduction

CAP Certification Training or Certified Authorization Professional Training Course Hands-on

Gain the knowledge and skills needed to accurately and effectively apply cost-effective and appropriate security controls based on risk and best practices with this CAP Certification Training or Certified Authorization Professional Training.

CAP Certification Training; Achieving Certified Authorization Professional (CAP) certification validates your qualifications, skills, and experience in applying, assessing, and maintaining information system security using the new National Institute of Standards and Technology (NIST) Risk Management Framework (RMF).

On the path to CAP certification, you will gain the knowledge and skills needed to accurately and effectively apply cost-effective and appropriate security controls based on risk and best practices. The CAP certification is accepted by private and government sectors, and in some organizations, it is required for specific jobs (i.e., DoD Directive 8570).

Our CAP Certification through extensive mentoring and drill sessions, thorough review of all 7 CAP Domains of Knowledge (recently increased from 4), and practical question and answer scenarios, all through a high-energy seminar approach. This CAP Certification Training or Certified Authorization Professional Training class is the product of a wide range of leading industry experts and authors, and our training materials are widely considered the best option available for CAP preparation.

In this CAP Certification Training or Certified Authorization Professional Training course, you will gain an understanding of the new authorization process and prepare for the CAP certification exam, based on the new SP 800-37 process and the new (ISC)2 Common Body of Knowledge (CBK).

Duration: 3 days

CAP Certification Training or Certified Authorization Professional Training Related Courses

Customize It!

• We can adapt this CAP Certification Training course to your group’s background and work requirements at little to no added cost.
• If you are familiar with some aspects of this CAP Certification Training | Certified Authorization Professional Training course, we can omit or shorten their discussion.
• We can adjust the emphasis placed on the various topics or build the CAP Certification Training course around the mix of technologies of interest to you (including technologies other than those included in this outline).
• If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the CAP Certification Training course in manner understandable to lay audiences.

Audience / Target Group

The intended audience for our CAP Certification Training program is IT professionals who are focused on security assessment and authorization and continuous monitoring issues. It’s also a great fit for those who are interested in improving cybersecurity and learning more about the importance of lifecycle cybersecurity risk management. Typically CAP is ideal for those working in roles such as, but not limited to:

• IT Professionals
• Information Security Professionals
• Information Assurance Professionals
• Executives Who Must “Sign-Off” on Authority to Operate (ATO)
• Inspector Generals (IGs) and Auditors Who Perform Independent Reviews
• Program Managers Who Develop or Maintain IT Systems

CAP Certification Training - Prerequisites:

The knowledge and skills that a learner must have before attending this CAP Certification Training course are:

• Required: One to two years of database/systems development/network experience
• Required: Strong familiarity with NIST documentation
• Required: Systems administration
• Required: Technical or auditing experience within government, the U.S. Department of Defense, the financial or health care industries, and/or auditing firms

CAP Certification Training - Objectives:

The goal of the CAP Certification Training or Certified Authorization Professional Training course is to prepare professionals for the challenging CAP exam by covering the objectives of the exam as defined in the (ISC2) common body of knowledge. CAP certification candidates are expected to have a broad range of skills across certification and accreditation concepts and functions. Our program will provide you with a quick and proven method for mastering this huge range of knowledge.

After completing this CAP Certification Training course, attendees will be able to:

• New processes and concepts, including:
• Authorization process (NIST SP 800-37, revision 1)
• Risk assessment process (NIST SP 800-30)
• Risk Management Framework (NIST SP 800-39)
• Incident response and contingency planning (NIST SP 800-65 and SP 800-34)
• Information System Continuous Monitoring(NIST SP 800-53A SP 800-137)
• Individual and organization (Office of Management and Budget, Department of Homeland Security, NIST, and National Security Agency) roles, responsibilities, requirements, and reports
• CAP certification exam preparation
• Common, system-specific, hybrid, and compensating controls
• CyberScope and CyberStat
• Security Content Automation Protocol (SCAP) and methods for media sanitization
• Effective strategies for process implementation and test-taking

CAP Certification Training - Course Content:

Domain 1: Risk Management Framework (RMF)

Security authorization includes a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise. The authorization process incorporates the application of a Risk Management Framework (RMF), a review of the organizational structure, and the business process/mission as the foundation for the implementation and assessment of specified security controls. This authorization management process identifies vulnerabilities and security controls and determines residual risks. The residual risks are evaluated and deemed either acceptable or unacceptable. More controls must be implemented to reduce unacceptable risk. The system may be deployed only when the residual risks are acceptable to the enterprise and a satisfactory security plan is complete.

CAP Certification Training Objectives:

• Describe the Risk Management Framework (RMF)
• Describe and Distinguish between the RMF Steps
• Identify Roles and Define Responsibilities
• Understand and Describe How the RMF Process Relates to Key Factors
• Understand the Relationship between the RMF and System Development Life Cycle (SDLC)
• Understand Legal, Regulatory, and Other Security Requirements

Domain 2: Categorization of Information Systems

Categorization of the information system is based on an impact analysis. It is performed to determine the types of information included within the security authorization boundary, the security requirements for the information types, and the potential impact on the organization resulting from a security compromise. The result of the categorization is used as the basis for developing the security plan, selecting security controls, and determining the risk inherent in operating the system.

CAP Certification Training Objectives:

• Categorize the System
• Describe the Information System
• Register the System

Domain 3: Selection of Security Controls

The security control baseline is established by determining specific controls required to protect the system based on the security categorization of the system. The baseline is tailored and supplemented in accordance with an organizational assessment of risk and local parameters. The security control baseline, as well as the plan for monitoring it, is documented in the security plan (SP).

CAP Training Objectives:

• Identify and Document Common Controls
• Select, Tailor, and Document Security Controls
• Develop Security Control Monitoring Strategy
• Review and Approve SP

Domain 4: Security Control Implementation

The security controls specified in the security plan are implemented by taking into account the minimum organizational assurance requirements. The security plan describes how the controls are employed within the information system and its operational environment. The security assessment plan documents the methods for testing these controls and the expected results throughout the systems life-cycle.

CAP Training Objectives:

• Implement Selected Security Controls
• Document Security Control Implementation

Domain 5: Security Control Assessment

The security control assessment follows the approved plan, including defined procedures, to determine the effectiveness of the controls in meeting security requirements of the information system. The results are documented in the Security Assessment Report.

CAP Certification Training Objectives:

• Prepare for Security Control Assessment
• Develop Security Control Assessment Plan
• Assess Security Control Effectiveness
• Develop Initial Security Assessment Report (SAR)
• Review Interim SAR and Perform Initial Remediation Actions
• Develop Final SAR and Optional Addendum

Domain 6: Information Systems Authorization

The residual risks identified during the security control assessment are evaluated and the decision is made to authorize the system to operate, deny its operation, or remediate the deficiencies. Associated documentation is prepared and/or updated depending on the authorization decision.

CAP Certification Training Objectives:

• Develop Plan of Action and Milestones (POAM)
• Assemble Security Authorization Package
• Determine Risk
• Determine the Acceptability of Risk
• Obtain Security Authorization Decision

Domain 7: Monitoring of Security Controls

After an Authorization to Operate (ATO) is granted, ongoing continuous monitoring is performed on all identified security controls as well as the political, legal, and physical environment in which the system operates. Changes to the system or its operational environment are documented and analyzed. The security state of the system is reported to designated responsible officials. Significant changes will cause the system to re-enter the security authorization process. Otherwise, the system will continue to be monitored on an ongoing basis in accordance with the organization’s monitoring strategy.

CAP Certification Training Objectives:

• Determine Security Impact of Changes to System and Environment
• Perform Ongoing Security Control Assessments
• Conduct Ongoing Remediation Actions
• Update Key Documentation
• Perform Periodic Security Status Reporting
• Perform Ongoing Risk Determination and Acceptance
• Decommission and Remove System

Request More Information

Time Frame: 0-3 Months4-12 Months

No Comments Yet.

Leave a comment

0