Home Page Icon
Home Page
Table of Contents for
Cover Page
Close
Cover Page
by Robin Abernathy, Troy McMillan
CompTIA Advanced Security Practitioner (CASP) CAS-003 Cert Guide, Second Edition
Cover Page
About This eBook
Title Page
Copyright Page
Dedication
Contents at a Glance
Table of Contents
About the Authors
Dedication
Acknowledgments
About the Reviewer
We Want to Hear from You!
Reader Services
About the Book
Introduction: The CASP Exam
The Goals of the CASP Certification
The Value of the CASP Certification
CASP Exam Objectives
Steps to Becoming a CASP
CompTIA Authorized Materials Use Policy
Chapter 1. Business and Industry Influences and Associated Security Risks
Risk Management of New Products, New Technologies, and User Behaviors
New or Changing Business Models/Strategies
Security Concerns of Integrating Diverse Industries
Internal and External Influences
Impact of De-perimeterization (e.g., Constantly Changing Network Boundary)
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 2. Security, Privacy Policies, and Procedures
Policy and Process Life Cycle Management
Support Legal Compliance and Advocacy
Common Business Documents to Support Security
Security Requirements for Contracts
General Privacy Principles for Sensitive Information
Support the Development of Policies Containing Standard Security Practices
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 3. Risk Mitigation Strategies and Controls
Categorize Data Types by Impact Levels Based on CIA
Incorporate Stakeholder Input into CIA Impact-Level Decisions
Determine the Aggregate CIA Score
Determine Minimum Required Security Controls Based on Aggregate Score
Select and Implement Controls Based on CIA Requirements and Organizational Policies
Extreme Scenario Planning/Worst-Case Scenario
Conduct System-Specific Risk Analysis
Make Risk Determination Based upon Known Metrics
Translate Technical Risks in Business Terms
Recommend Which Strategy Should Be Applied Based on Risk Appetite
Risk Management Processes
Continuous Improvement/Monitoring
Business Continuity Planning
IT Governance
Enterprise Resilience
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 4. Risk Metric Scenarios to Secure the Enterprise
Review Effectiveness of Existing Security Controls
Reverse Engineer/Deconstruct Existing Solutions
Creation, Collection, and Analysis of Metrics
Prototype and Test Multiple Solutions
Create Benchmarks and Compare to Baselines
Analyze and Interpret Trend Data to Anticipate Cyber Defense Needs
Analyze Security Solution Metrics and Attributes to Ensure They Meet Business Needs
Use Judgment to Solve Problems Where the Most Secure Solution Is Not Feasible
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 5. Network and Security Components, Concepts, and Architectures
Physical and Virtual Network and Security Devices
Application and Protocol-Aware Technologies
Advanced Network Design (Wired/Wireless)
Complex Network Security Solutions for Data Flow
Secure Configuration and Baselining of Networking and Security Components
Software-Defined Networking
Network Management and Monitoring Tools
Advanced Configuration of Routers, Switches, and Other Network Devices
Security Zones
Network Access Control
Network-Enabled Devices
Critical Infrastructure
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 6. Security Controls for Host Devices
Trusted OS (e.g., How and When to Use It)
Endpoint Security Software
Host Hardening
Boot Loader Protections
Vulnerabilities Associated with Hardware
Terminal Services/Application Delivery Services
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 7. Security Controls for Mobile and Small Form Factor Devices
Enterprise Mobility Management
Security Implications/Privacy Concerns
Wearable Technology
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 8. Software Vulnerability Security Controls
Application Security Design Considerations
Specific Application Issues
Application Sandboxing
Secure Encrypted Enclaves
Database Activity Monitor
Web Application Firewalls
Client-Side Processing vs. Server-Side Processing
Operating System Vulnerabilities
Firmware Vulnerabilities
Exam Preparation Tasks
Define Key Terms
Review Questions
Chapter 9. Security Assessments
Methods
Test Types
Exam Preparation Tasks
Define Key Terms
Review Questions
Chapter 10. Select the Appropriate Security Assessment Tool
Network Tool Types
Host Tool Types
Physical Security Tools
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 11. Incident Response and Recovery
E-Discovery
Data Breach
Facilitate Incident Detection and Response
Incident and Emergency Response
Incident Response Support Tools
Severity of Incident or Breach
Post-incident Response
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 12. Host, Storage, Network, and Application Integration
Adapt Data Flow Security to Meet Changing Business Needs
Standards
Interoperability Issues
Resilience Issues
Data Security Considerations
Resources Provisioning and Deprovisioning
Design Considerations During Mergers, Acquisitions and Demergers/Divestitures
Network Secure Segmentation and Delegation
Logical Deployment Diagram and Corresponding Physical Deployment Diagram of All Relevant Devices
Security and Privacy Considerations of Storage Integration
Security Implications of Integrating Enterprise Applications
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 13. Cloud and Virtualization Technology Integration
Technical Deployment Models (Outsourcing/Insourcing/Managed Services/Partnership)
Security Advantages and Disadvantages of Virtualization
Cloud Augmented Security Services
Vulnerabilities Associated with Comingling of Hosts with Different Security Requirements
Data Security Considerations
Resources Provisioning and Deprovisioning
Exam Preparation Tasks
Review All Key Topics
Define Key Terms
Review Questions
Chapter 14. Authentication and Authorization Technology Integration
Authentication
Authorization
Attestation
Identity Propagation
Federation
Trust Models
Exam Preparation Tasks
Review Questions
Chapter 15. Cryptographic Techniques
Techniques
Implementations
Exam Preparation Tasks
Review Questions
Chapter 16. Secure Communication and Collaboration
Remote Access
Unified Collaboration Tools
Exam Preparation Tasks
Define Key Terms
Review Questions
Chapter 17. Industry Trends and Their Impact to the Enterprise
Perform Ongoing Research
Threat Intelligence
Research Security Implications of Emerging Business Tools
Global IA Industry/Community
Exam Preparation Tasks
Define Key Terms
Review Questions
Chapter 18. Security Activities Across the Technology Life Cycle
Systems Development Life Cycle
Software Development Life Cycle
Adapt Solutions
Asset Management (Inventory Control)
Exam Preparation Tasks
Review Questions
Chapter 19. Business Unit Interaction
Interpreting Security Requirements and Goals to Communicate with Stakeholders from Other Disciplines
Provide Objective Guidance and Impartial Recommendations to Staff and Senior Management on Security Processes and Controls
Establish Effective Collaboration Within Teams to Implement Secure Solutions
Governance, Risk, and Compliance Committee
Exam Preparation Tasks
Define Key Terms
Review Questions
Appendix A. Answers
Glossary
Index
Appendix B. Memory Tables
Appendix C. Memory Table Answers
Appendix D. Study Planner
Code Snippets
Where are the companion content files? - Login
Where are the companion content files? - Register
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Next
Next Chapter
About This eBook
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset