Risk Management and Incident Response for CASP (CAS-002)
CompTIA Advanced Security Practitioner is an advanced-level security certification for security professionals in an enterprise, government, or military environment. This course covers domain 2 of the CompTIA CAS-002 certification exam.
What you'll learn
Threats are coming from all directions, from script kiddies to state-sponsored hacking organizations; every company and every network is a target. In this course, Risk Management and Incident Response for CASP (CAS-002), you'll first learn how to interpret business and industry influences associated with security risks. Next, you will learn about risk mitigation planning, strategies, and controls. Finally, you'll learn how to conduct incident response and recovery procedures. By the end of this course, you'll have the knowledge needed to both pass the CompTIA CAS-002 certification exam and help secure your company's IT assets from attack.
Table of contents
- Module Introduction 2m
- New or Changing Business Models, Strategies, and Outsourcing 3m
- Cloud Security Considerations 2m
- Merger/Demerger and Divestitures 6m
- Regulations 1m
- Geography 1m
- Downstream Liability 1m
- Due Diligence and Due Care 1m
- Competitors 3m
- Auditors and Audit Findings 2m
- Regulatory Entities 1m
- Internal and External Client Requirements 2m
- Top-level Management 1m
- Impact of De-perimterization/Telecommuting 3m
- BYOD 3m
- Module Overview 1m
- Classify Information Types into Levels of CIA 6m
- Incorporate Stakeholder Input into CIA Decisions 2m
- Classify Information Types into Levels of CIA and Determine Aggregate Score 2m
- Extreme Scenario Planning/Worst-case Scenario Planning 5m
- Determining Minimum Required Security Controls 2m
- Exemptions 1m
- Deterrence 1m
- Inherent Risk and Residual Risk 2m
- Module Overview 1m
- Overall Module Goal 2m
- Common Business Documents to Support Security/BIA 1m
- Business Impact Analysis - Key Terminology 5m
- ISA, MOU, and OLA 2m
- Non-disclosure Agreement (NDA) 1m
- General Privacy Principles for Sensitive Information, Hiring, and Firing 5m
- Training and Awareness for Users 2m
- Module Review 1m
- Module Overview 1m
- Incident Response Goals 3m
- E-Discovery 4m
- Electronic Asset and Inventory Control 3m
- Data Retention Policies 2m
- Data Recovery and Storage 2m
- Data Ownership 1m
- Data Handling and Data Disposal 4m
- Legal Holds 2m
- Data Breach and Incident Response Process 3m
- Detection and Collection 1m
- Data Analytics 1m
- Mitigation 1m
- Privacy Policy Violations and PII 1m
- Criminal Actions and Insider Threats 2m
- Module Review 1m