We offer virtual course in official (ISC)2 certified authorization professional included exam. The training provides a comprehensive review of the knowledge required for authorizing and maintaining information systems within the NIST risk management framework.
Course overview:
This training course will help students review and refresh their knowledge and identify areas they need to study for the CAP exam. Content aligns with and comprehensively covers the seven domains of the (ISC)² CAP Common Body of Knowledge (CBK®). As an (ISC)2 official training provider, we use courseware developed by (ISC)² - creator of the CAPCBK - to ensure your training is relevant and up-to-date. Our instructors are verified security experts who hold the CAP and have completed intensive training to teach (ISC)² content.
Please note:
• An exam voucher is included with this course
Course content:
• Domain 1 - Information Security risk management program
• Domain 2 - Categorization of information systems (IS)
• Domain 3 - Selection of security controls
• Domain 4 - Implementation of security controls
• Domain 5 - Assessment of security controls
• Domain 6 - Authorization of information systems (IS)
• Domain 7 - Continuous monitoring
Course objectives:
After completing this course you should be able to:
• Describe the historical legal and business considerations that required the development of the risk management framework (RMF), including related mandates.
• Identify key terminology and associated definitions.
• Describe the RMF components, including the starting point inputs (architectural description and organization inputs.
• Describe the core roles defined by the RMF, including primary responsibilities and supporting roles for each RMF step.
• Describe the core federal statutes, OMB directives, information processing standards (FIPS) and special publications (SP), and department of defense and intelligence community instructions that form the legal mandates and supporting guidance required to implement the RMF.
• Identify and understand the related processes integrated with the RMF
• Identify key references related to RMF step 1 - Categorize information systems
• Identify key references related to RMF step 2 - Select security controls
• Identify key references related to RMF step 3 - Implement security controls
• Identify key references related to RMF step 4 - Assess security controls
• Identify key references related to RMF step 5 - Authorize information system
• Identify key references related to RMF step 6 - Monitor security controls
Target audience:
This training is ideal for IT, information security and information assurance practitioners and contractors who use the RMF in: the military; civilian roles, such as federal contractors; local governments; private sector organizations.
Prerequisites:
Attendees should meet the following prerequisites:
• At least one full year of experience using the federal risk management framework (RMF) or comparable experience gained from the ongoing management of information system authorizations, such as ISO 27001.
Test certification:
Recommended as preparation for the following exams:
• (ISC)2 Certified authorization professional
Candidates must have a minimum of 2 years cumulative work experience in 1 or more of the 7 domains of the CAP CBK. A candidate that doesn’t have the required experience to become a CAP may become an associate of (ISC)² by successfully passing the CAP examination. The associate of (ISC)² will then have 3 years to earn the 2-year required experience.