Overview
A Certified Authorization Professional (CAP®) is an information security practitioner who advocates for security risk management in pursuit of information system authorization to support an organization’s mission and operations in line with the legal and regulatory requirements.
This course covers the broad spectrum of topics that are included in the CAP Common Body of Knowledge (CBK), and discusses all the seven domains that are tested in the certification examination for earning the CAP certification.
What You'll Learn
- Understand risk management program processes
- Understand regulatory and legal requirements
- Define Information System (IS) and determine Categorization of the IS
- Selection of Security Controls
- Implement selected security controls
- Prepare for and conduct Security Control Assessment
- Prepare and review Security Assessment Report
- Develop Plan of Action and Milestones (POAM)
- Determine IS risks
Curriculum
- Understand the foundation of an organization-wide information security risk management program
- Understand risk management program processes
- Understand regulatory and legal requirements
- Define the Information System (IS)
- Determine Categorization of the Information System (IS)
- Identify and document baseline and inherited controls
- Select and tailor security controls
- Develop security control monitoring strategy
- Review and approve Security Plan (SP)
- Implement selected security controls
- Document security control implementation
- Prepare for Security Control Assessment (SCA)
- Conduct Security Control Assessment (SCA)
- Prepare Initial Security Assessment Report (SAR)
- Review Interim Security Assessment Report (SAR) and perform Initial Remediation Actions
- Develop Final Security Assessment Report (SAR) and optional addendum
- Develop Plan of Action and Milestones (POAM)
- Assemble Security Authorization Package
- Determine Information System (IS) risk
- Make Security Authorization decisions
- Determine Security Impact of Changes to Information Systems (IS) and environment
- Perform Ongoing Security Control Assessments (SCA)
- Conduct Ongoing Remediation Actions
- Update documentation
- Perform periodic security status reporting
- Perform Ongoing Information System (IS) Risk Acceptance
- Decommission Information System (IS)
Who should attend
The course is highly recommended for –
- US Federal government professionals, especially those in US Department of State or Department of Defense
- Military professionals
- Civilian roles, such as, federal contractors
- Local governments
- Private sector organizations
Prerequisites
Interested in this Course?
Certification
This course helps participants prepare for the certification examination for earning the CAP® certification. The details of the examination are as follows –
Duration of the examination | 3 hours |
Number of questions | 125 |
Format of the questions | Multiple-choice questions |
Passing grade | 700 out of 1000 points |
Exam availability | English |
The examination evaluates the participant’s expertise in seven specific domains. The weightage of these domains in the examination is as below –
Domain | Weightage |
Information security risk management program | 15% |
Categorization of Information Systems (IS) | 13% |
Selection of Security Controls | 13% |
Implementation of Security Controls | 15% |
Assessment of Security Controls | 14% |
Authorization of Information Systems | 14% |
Continuous monitoring | 16% |