Certified Authorization Professional
On Demand $2,495.00
Virtual Live

Course Description
The Certified Authorization Professional (CAP) is an information security practitioner who advocates for security risk management in pursuit of information system authorization to support an organization’s mission and operations in accordance with legal and regulatory requirements.
The broad spectrum of topics included in the CAP Common Body of Knowledge (CBK) ensures its relevancy across all disciplines in the field of information security.
Program Objectives
- Information Security Risk Management Program
- Scope of the Information System
- Selection and Approval of Security and Privacy Controls
- Implementation of Security and Privacy Controls
- Assessment/Audit of Security and Privacy Controls
- Authorization/Approval of Information System
- Continuous Monitoring
After completing this course, the student will be able to:
- Identify and describe the steps and tasks within the NIST Risk Management Framework (RMF).
- Describe the roles associated with the RMF and how they are assigned to tasks within the RMF.
- Execute tasks within the RMF process based on assignment to one or more RMF roles.
- Explain organizational risk management and how it is supported by the RMF.
Prerequisites
To qualify for the CAP, candidates must pass the exam and have at least two years of cumulative, paid work experience in one or more of the seven domains of the (ISC)2 CAP Common Body of Knowledge (CBK®).
Course Features
- Lectures 27
- Quizzes 0
- Duration 40 hours
- Skill level Intermediate Level
- Language English
- Students 583
- Certificate No
- Assessments Yes
-
Domain 1:Information Security Risk Management Program
-
Domain 2:Categorization of Information Systems (IS)
-
Domain 3:Selection of Security Controls
-
Domain 4:Implementation of Security Controls
-
Domain 5:Assessment of Security Controls
- 5.1 Prepare for Security Control Assessment (SCA)
- 5.2 Conduct Security Control Assessment (SCA)
- 5.3 Prepare Initial Security Assessment Report (SAR)
- 5.4 Review Interim Security Assessment Report (SAR) and Perform Initial Remediation Actions
- 5.5 Develop Final Security Assessment Report (SAR) and Optional Addendum
-
Domain 6:Authorization of Information Systems (IS)
-
Domain 7:Continuous Monitoring
- 7.1 Determine Security Impact of Changes to Information Systems (IS) and Environment
- 7.2 Perform Ongoing Security Control Assessments (SCA)
- 7.3 Conduct Ongoing Remediation Actions (e.g., resulting from incidents, vulnerability scans, audits, vendor updates)
- 7.4 Update Documentation
- 7.5 Perform Periodic Security Status Reporting
- 7.6 Perform Ongoing Information System (IS) Risk Acceptance
- 7.7 Decommission Information System (IS)