Over one weekend in early February, InformationWeek reported that Anonymous and other hacktivists struck the CIA, the U.S. Census Bureau, Interpol and Mexico, as well as law enforcement websites in Alabama and Texas.
Known and reported hacks and breaches are just the tip of the cybersecurity iceberg and have the potential to cause widespread damage. But, as a recent CompTIA video points out, computer-generated havoc is not inevitable if IT workers prepare themselves to detect and defend against cybersecurity threats.
The new, vendor-neutral CompTIA Advanced Security Practitioner (CASP) exam plays an important role for senior IT professionals seeking to advance their cybersecurity careers and demonstrate their technical and strategic security skills.
The CASP certification is ideal for experienced enterprise security practitioners seeking to validate their ability to analyze and understand the security ramifications of organizational business decisions, as well as implement secure solutions to resolve complex enterprise issues. The exam includes a performance component, and demands that successful candidates employ critical thinking as well as technical knowledge and skills.
In late 2011, the International Organization for Standardization (ISO), an international body that approves the procedures used by personnel certification bodies, accorded the CASP its ISO/IEC 17024 accreditation.
The CASP exam is available through Pearson VUE commercial testing centers in the United States and Canada, as well as other regions throughout the world as of February 21, 2011. CompTIA-approved CASP study materials are available from Element K (instructor-led training), uCertify (for self-study or to supplement instructor training), and Wiley (self-study). Candidates also can use CASP exam objectives to prepare.
The CASP exam is the first in CompTIA’s Mastery level of advanced exams. It is intended for IT professionals who have 10 years in IT and 5+ years of hands-on technical security experience at the enterprise level. There is no prerequisite for taking the exam, but the CASP certification is intended to follow CompTIA Security+ or equivalent experience.
The CASP may be particularly useful for military personnel and contractors because it was developed in large part to address the need for enterprise security skills at the level of the U.S. Department of Defense (DoD) IA Technical Level III job role. With its internationally recognized ISO accreditation secured, the CASP currently awaiting approval for the IA Technical Level III and IA Management Level II workforce categories in the DoD 8570.01-M Directive.
The CASP also can complement the management-and-policy-oriented Certified Information Security Systems Security Professional (CISSP) credential issued by (ICS)2. CompTIA anticipates that a segment of IT security professionals will chose to certify in both CASP and CISSP, as the credentials emphasize different strengths. (Check out CompTIA’s Certification Roadmap for all certification options on the IT security career path.)
Specific domains covered in the CASP include:
- Enterprise Security
- 1.1. Cryptographic tools and techniques
- 1.2. Virtualized, Distributed and shared computing
- 1.3. Enterprise storage security implications
- 1.4. Integration of secure, comprehensive IT solutions
- 1.5. Host security controls
- 1.6. Application security
- 1.7. Assessment methods and tools
- 2.1. Security risk implications of business decisions
- 2.2. Risk mitigation strategies and controls
- 2.3. Incident discovery, response and recovery process
- 3.1. Analysis of trends and impact on enterprise
- 3.2. Analysis of enterprise security needs and solutions
- 4.1. Integrating enterprise disciplines for secure solutions
- 4.2. The security impact of inter-organizational change
- 4.3. Security controls for communication and collaboration
- 4.4. Advanced authentication tools, techniques and concepts
- 4.5. Security across the technology lifecycle