CompTIA Advanced Security Practitioner (CASP) CAS-003

Video description

18+ Hours of Video Instruction

More than 18 hours of video instruction to prepare you for the new CASP CAS-003 exam.

Overview
The CompTIA Advanced Security Practitioner (CASP) CAS-003 Complete Video Course is an engaging, self-paced video training solution that provides learners with 18 hours of personal, visual instruction from expert trainer Michael J. Shannon. Through the use of topic-focused instructional videos, you will gain an in-depth understanding of each objective in the CompTIA CASP CAS-300 exam as well as a deeper understanding of advanced security principles.

This title covers every key topic in the exam, including risk management, enterprise security architecture, enterprise security operations, technical integration of enterprise security, research, development, and collaboration. Michael Shannon also includes demos throughout the training so you can see first hand how to approach real-world security problems. This is the perfect training solution to learn all of the advanced security topics that appear on the test and real security knowledge and skills to help you do your work as a security practitioner. Full of live trainer discussions, hands-on demos, lightboard elaborations, and deep-dive discussions, this course covers security in a way that is easy to access and even fun.

In addition to covering every objective in the CompTIA CASP CAS-003 exam this title includes a full practice exam, module quizzes so you can test yourself throughout your training, and hands-on performance-based exercises so you have everything you need.

About the Instructor

Michael J. Shannon began his IT career when he transitioned from recording studio engineer to network technician for a major telecommunications company in the early 1990s. He soon began to focus on security, and was one of the first 10 people to attain the HIPAA Certified Security Specialist. Throughout his 30 years in IT he has worked as an employee, contractor, and consultant for several companies including Platinum Technologies, Fujitsu, IBM, State Farm, MindSharp, and Skillsoft, among others. Mr. Shannon has authored several books, training manuals, published articles, and CBT modules over the years as well. He has attained the CISSP, PCNSE7, CCNP Security, ITIL Intermediate SO and RCV, and Security+ certifications in the security field.

Skill Level
CompTIA requires that anyone taking the CASP exam have 10 years of experience in IT administration, including at least 5 years of hands-on technical security experience.

Learn How To
  • Integrate network and security components, concepts, and architectures
  • Integrate security controls for host devices
  • Integrate controls for mobile and small form factor devices
  • Select software security controls
  • Conduct security assessments
  • Select the proper security assessment tools
  • Implement incident response and recovery
  • Integrate hosts, storage, and applications in the enterprise
  • Integrate cloud and virtualization technologies in the enterprise
  • Integrate and troubleshoot advanced AAA technologies
  • Implement cryptographic techniques
  • Secure communication and collaboration solutions
  • Apply research methods for trend and impact analysis
  • Implement security activities across the technology lifecycle
  • Interact across diverse business units
Who Should Take This Course
  • IT security professionals who have a minimum of 10 years of experience in IT administration, including at least 5 years of hands-on technical security experience
  • Systems/network/application security professionals who are preparing for the CASP exam
  • Any IT professional who wants to gain an advanced understanding of how to secure modern enterprises beyond the Security+ or SSCP certifications
Course Requirements
Recommended prerequisites: CompTIA Network+, Security+, CSA+, or equivalent experience

Lesson descriptions
Lesson 1, "Business and Industry Influences and Risks," covers risk management of new products, new technologies, and user behaviors as well as risks involved with new or changing business models and strategies.

Lesson 2, "Organizational Security Privacy Policies and Procedures," explores advanced organizational security and privacy policies.

Lesson 3, "Risk Mitigation Strategies and Controls," delves into advanced decisions based on confidentiality, integrity, and availability along with system-specific risk worst-case scenario analysis.

Lesson 4, "Risk Metric Scenarios for Enterprise Security," presents risk metric scenarios for enterprise security.

Lesson 5, "Integrating Network and Security Components, Concepts, and Architectures," reviews physical and virtual network and security devices along with application and protocol-aware technologies.

Lesson 6, "Integrating Security Controls for Host Devices," reviews trusted operating systems and endpoint security software.

Lesson 7, "Integrating Controls for Mobile and Small Form Factor Devices," covers enterprise mobility management, security implications, and privacy concerns of a wide array of mobile and cloud-connected devices, plus a survey of wearable technology.

Lesson 8, "Selecting Software Security Controls," examines application security design considerations along with specific application issues.

Lesson 9, "Conducting Security Assessments," examines a wide number of security assessments and types, including reconnaissance, fingerprinting, white-black-and-gray box testing as well as red and blue team penetration testing.

Lesson 10, "Selecting the Proper Security Assessment Tools," reviews network tool types like various scanners and host tool types, such as file integrity monitoring and log analysis tools along with physical security tools.

Lesson 11, "Implementing Incident Response and Recovery," covers e-discovery and data breaches along with facilitating incident detection and response.

Lesson 12, "Integrating Hosts, Storage, and Applications in the Enterprise," shows the concepts of adapting data flow security to meet changing business needs and different types of standards.

Lesson 13, "Integrating Cloud and Virtualization Technologies in the Enterprise," examines technical deployment models like outsourcing/insourcing/managed services/and partnership.

Lesson 14, "Integrating and Troubleshooting Advanced AAA Technologies," covers the topics of authentication and authorization, attestation, identity proofing and propagation, federations, and trust models.

Lesson 15, "Implementing Cryptographic Techniques," explores advanced cryptographic techniques such as digital signatures, code signing, and perfect forward secrecy.

Lesson 16, "Secure Communication and Collaboration Solutions," covers remote access and unified collaboration tools, unified communication, presence, telephony and VOIP integration, and social media.

Lesson 17, "Applying Research Methods for Trend and Impact Analysis," looks at performing ongoing research, threat intelligence investigation, researching security implications of emerging business tools, and global information assurance industry and communities.

Lesson 18, "Implementing Security Activities Across the Technology Life Cycle," reviews the systems development life cycle and software development life cycle.

Lesson 19, "Interacting Across Diverse Business Units," interprets security requirements and goals to communicate with stakeholders from other disciplines, such as sales staff, HR, and legal.

About Pearson Video Training
Pearson publishes expert-led video tutorials covering a wide selection of technology topics designed to teach you the skills you need to succeed. These professional and personal technology videos feature world-leading author instructors published by your trusted technology brands: Addison-Wesley, Cisco Press, Pearson IT Certification, Prentice Hall, Sams, and Que Topics include IT Certification, Network Security, Cisco Technology, Programming, Web Development, Mobile Development, and more. Learn more about Pearson Video training at http://www.informit.com/video.

Table of contents

  1. Introduction
    1. CASP: Introduction
  2. Module 1: Risk Management
    1. Module introduction
  3. Lesson 1: Business and Industry Influences and Risks
    1. Learning objectives
    2. 1.1 Risk Management of New Initiatives
    3. 1.2 Business and Industry Policies
    4. 1.3 Internal and External Influences
    5. 1.4 Impacts of De-perimiterization
  4. Lesson 2: Organizational Security Privacy Policies and Procedures
    1. Learning objectives
    2. 2.1 Policy and Process Life Cycle Management
    3. 2.2 Partnering with HR, Legal, and the C-Suite
    4. 2.3 Common Business Documentation
    5. 2.4 Security Requirements for Contracts
    6. 2.5 General Principles for Sensitive Information
    7. 2.6 Developing Standard Policies and Security Practices
  5. Lesson 3: Risk Mitigation Strategies and Controls
    1. Learning objectives
    2. 3.1 CIA-based Decisions for the Organization
    3. 3.2 System-specific Worst-case Analysis
    4. 3.3 Risk Determination
    5. 3.4 Translating Risk into Business Terms
    6. 3.5 Risk Treatment
    7. 3.6 Risk Management Proces: Overview
    8. 3.7 Risk Management Process: OCTAVE and ISO/IEC 31000:2009 Methodologies
    9. 3.8 Risk Management Process: Key Terminology
    10. 3.9 Business Continuity Planning
    11. 3.10 IT Governance and Frameworks
    12. 3.11 Enterprise Resilience and Continual Improvement
  6. Lesson 4: Risk Metric Scenarios for Enterprise Security
    1. Learning objectives
    2. 4.1 Reviewing Control Effectiveness
    3. 4.2 Reverse Engineering and Deconstruction
    4. 4.3 Collecting and Analyzing Metrics
    5. 4.4 Prototypes, Benchmarks, and Baselines
    6. 4.5 Analyzing Cyber Defense Trends
    7. 4.6 Analyzing Solution Metrics for Business Needs
    8. 4.7 Analyzing Solution Metrics for Business Needs: Cisco and Palo Alto Solutions
  7. Module 2: Enterprise Security Architecture
    1. Module introduction
  8. Lesson 5: Integrating Network and Security Components, Concepts, and Architectures
    1. Learning objectives
    2. 5.1 Physical and Virtual Network and Security Devices: Switches, Routers, and Firewalls
    3. 5.2 Physical and Virtual Network and Security Devices: Zone-based Policy Firewall Demo
    4. 5.3 Application and Protocol-aware Technologies: PAN, WAF, DAM, NIDS/NIPS
    5. 5.4 Application and Protocol-aware Technologies: WLAN Controllers, UTM, NAP/NAC, SIEM, Load Balancers, HAIPE/INE Devices, HSMs
    6. 5.5 Advanced Network Design: Cryptographic Solutions
    7. 5.6 Advanced Network Design: Clientless SSL VPN Demo
    8. 5.7 Advanced Network Design: Networking Solutions
    9. 5.8 Complex Solutions for Data Flow
    10. 5.9 Secure Configuration and SDN
    11. 5.10 Network Management and Montioring Tools
    12. 5.11 Advanced Configuration of Infrastucture Devices: Configuration and Zoning
    13. 5.12 Advanced Configuration of Infrastructure Devices: Routing Protocol Security Exercise
    14. 5.13 Advanced Configuration of Infrastructure Devices: Network-enabled Service and System Security Concerns
  9. Lesson 6: Integrating Security Controls for Host Devices
    1. Learning objectives
    2. 6.1 Implementing Trusted O/S
    3. 6.2 Endpoint Security Software
    4. 6.3 Hardening Hosts: Administrative Controls
    5. 6.4 Hardening Hosts: Peripheral Protection
    6. 6.5 Boot Loader Protections
    7. 6.6 Terminal Services and Application Delivery Services
  10. Lesson 7: Integrating Controls for Mobile and Small Form Factor Devices
    1. Learning objectives
    2. 7.1 Enterprise Mobility Management: MDM
    3. 7.2 Enterprise Mobility Management: MAM
    4. 7.3 Mobility Security and Privacy Concerns: Data Storage
    5. 7.4 Mobility Security and Privacy Concerns: Peripherals
    6. 7.5 Mobility Security and Privacy Concerns: Authentication
    7. 7.6 Wearable Technology
  11. Lesson 8: Selecting Software Security Controls
    1. Learning objectives
    2. 8.1 Application Security Design Considerations
    3. 8.2 Specific Application Issues: Attacks and Exploits
    4. 8.3 Specific Application Issues: Common Vulnerabilities
    5. 8.4 Specific Application Issues: Sandboxing and Firewalls
    6. 8.5 Client-side Processing vs. Server-side Processing
    7. 8.6 O/S and Firmware Vulnerabilities
  12. Module 3: Enterprise Security Operations
    1. Module introduction
  13. Lesson 9: Conducting Security Assessments
    1. Learning objectives
    2. 9.1 Security Assessment Methods: Strategies
    3. 9.2 Security Assessment Methods: Techniques
    4. 9.3 Security Assessment Types: Testing and Assessment
    5. 9.4 Security Assessment Types: Exercises
  14. Lesson 10: Selecting the Proper Security Assessment Tools
    1. Learning objectives
    2. 10.1 Scanners
    3. 10.2 Additional Security Assessment Tools: Overview
    4. 10.3 Additional Security Assessment Tools: Creating a Phishing Campaign
    5. 10.4 Types of Host Tools: Scanners and Crackers
    6. 10.5 Types of Host Tools: Monitoring and Analysis
    7. 10.6 Physical Security Tools
  15. Lesson 11: Implementing Incident Response and Recovery
    1. Learning objectives
    2. 11.1 E-discovery
    3. 11.2 Data Breach Procedures
    4. 11.3 Facilitating Incident Detection and Response
    5. 11.4 Incident and Emergency Response
    6. 11.5 Business Continuity and Disaster Recovery
    7. 11.6 Incident Response Support Tools
    8. 11.7 Incident or Breach Severity
    9. 11.8 Post-incident Response
  16. Module 4: Technical Integration of Enterprise Security
    1. Module introduction
  17. Lesson 12: Integrating Hosts, Storage, and Applications in the Enterprise
    1. Learning objectives
    2. 12.1 Adapting Data Flow Security
    3. 12.2 Data Flow Security Standards
    4. 12.3 Interoperability Issues
    5. 12.4 Resilience Issues
    6. 12.5 Data Security Considerations
    7. 12.6 Resource Provisioning and De-provisioning
    8. 12.7 Merger and Acquisition Design Considerations
    9. 12.8 Logical Network Segmentation and Diagramming
    10. 12.9 Security Issues with Enterprise Application Integration
  18. Lesson 13: Integrating Cloud and Virtualization Technologies in the Enterprise
    1. Learning objectives
    2. 13.1 Technical Deployment Models: Cloud/Virtualization Considerations and Hosting Options
    3. 13.2 Technical Deployment Models: Cloud Service Models
    4. 13.3 Pros and Cons of Virtualization
    5. 13.4 Cloud Augmented Security Services
    6. 13.5 Host Comingling Vulnerabilities
    7. 13.6 Data Security Considerations
  19. Lesson 14: Integrating and Troubleshooting Advanced AAA Technologies
    1. Learning objectives
    2. 14.1 Authentication
    3. 14.2 Authorization
    4. 14.3 Attestation, Proofing, and Propagation
    5. 14.4 Federation Services
    6. 14.5 Trust Models
  20. Lesson 15: Implementing Cryptographic Techniques
    1. Learning objectives
    2. 15.1 Cryptographic Techniques: Hashing and Signing
    3. 15.2 Cryptographic Techniques: Data Protection
    4. 15.3 Cryptographic Techniques: Encryption in Action
    5. 15.4 Implementing Cryptography: SSH and SSL/TLS
    6. 15.5 Implementing Cryptography: Application and Implementation
    7. 15.6 Implementing Crytography: Certificate Services
  21. Lesson 16: Secure Communication and Collaboration Solutions
    1. Learning objectives
    2. 16.1 Remote Access
    3. 16.2 Unified Collaboration Tools
  22. Module 5 Research, Development and Collaboration
    1. Module introduction
  23. Lesson 17: Applying Research Methods for Trend and Impact Analysis
    1. Learning objectives
    2. 17.1 Ongoing Research and Threat Intelligence
    3. 17.2 Emerging Tools and Global IA
  24. Lesson 18: Implementing Security Activities Across the Technology Life Cycle
    1. Learning objectives
    2. 18.1 Systems Development Life Cycle
    3. 18.2 Software Development Life Cycle: Frameworks and Code Security
    4. 18.3 Software Development Life Cycle: Testing and Documentation
    5. 18.4 Adapting Solutions for Emerging Disruptive Trends
    6. 18.5 Asset Management and Inventory Control
  25. Lesson 19: Interacting Across Diverse Business Units
    1. Learning objectives
    2. 19.1 Interpreting Data from Other Disciplines
    3. 19.2 Forming Guidance, Collaboration, and Other Committees
  26. Summary
    1. CASP: Summary

Product information

  • Title: CompTIA Advanced Security Practitioner (CASP) CAS-003
  • Author(s): Michael J. Shannon
  • Release date: January 2018
  • Publisher(s): Pearson IT Certification
  • ISBN: 0134855612