CAP Training Boot Camp

InfoSec Institute’s Certified Authorization Professional (CAP) Boot Camp focuses on preparing students for the CAP exam through extensive mentoring and drill sessions, review of all 7 CAP domains of knowledge, and practical question and answer scenarios, all through a high-energy seminar approach. This class is the product of a wide range of leading industry experts and authors, and our training materials are considered the absolute best for CAP preparation.

The Certified Authorization Professional (CAP) credential applies to professionals who need to setup the formal processes used to assess risk and establish security requirements based on regulatory standards. It’s a very important job which ensures that information systems have appropriate security controls to mitigate potential risk, as well as protecting against damage to assets or individuals. The credential is sought after by civilian, state and local governments, as well as system integrators supporting these organizations.

Course Objectives

Upon completing our 3 day CAP Boot Camp you will gain valuable knowledge and skills including the ability to:

• Understanding the Purpose of Information Systems Security Authorization
• Defining Systems Authorization
• Describing and Decide When Systems Authorization Is Employed
• Defining Roles and Responsibilities
• Understanding the Legal and Regulatory Requirements for C&A
• Initiating the Authorization Process
• Establishing Authorization Boundaries
• Determining Security Categorization
• Performing Initial Risk Assessment
• Selecting and Refining Security Controls
• Documenting Security Control
• Performing Certification Phase
• Assessing Security Control
• Documenting Results
• Conducting Final Risk Assessment
• Generating and Presenting an Authorization Report
• Performing Continuous Monitoring
• Monitoring Security Controls
• Monitoring and Assessing Changes That Affect the Information System
• Performing Security Impact Assessment As Needed
• Documenting and Monitoring Results of Impact Assessments
• Maintaining System’s Documentation (E.G., POA&M, SSP, Interconnection Agreements)

What’s Included

• InfoSec Institute Custom CAP Textbook with Review Questions
• Exam Review, In-Class Mentoring
• Pre-Shipment of Textbook
• Catered Lunch
• (ISC)2 Exam Fee
• Course Registration Fee
• Exam Pass Guarantee (Flex Pro)

Prerequisites

To achieve the CAP credential, you need a minimum of two years of direct full-time information systems security authorization professional experience in one or more of these seven (ISC)² CAP domains:

1. Risk Management Framework (RMF)
2. Categorization of Information Systems
3. Selection of Security Controls
4. Security Control Implementation
5. Security Control Assessment
6. Information System Authorization
7. Monitoring of Security Controls

Who Should Attend

Employees who perform functions such as authorization officials, system owners, information owners, information system security officers, and certifiers as well as all senior system managers can benefit from this training, including:

• System Administrators
• Information Security Professionals
• Anyone involved in a NIST-based information systems security authorization process. Manage security, including basic firewall and SELinux configuration

Certification Exam

• Time Limit: 3 Hours
• Number of Questions: 125
• Question Format: Multiple Choice Questions
• Passing Grade: 700 out of 1000 Points

Introduction

Risk Management Framework

• Understanding the Risk Management Framework
• Categorization of Information System
• Selection of Security Controls
• Security Control Implementation
• Security Control Assessment
• Information System Authorization
• Monitoring of Security Controls

RMF Steps

• Risk Management Framework Processes
• Categorize Information System
• Categorize a System
  • National Security System
  • Privacy Activities
  • System Boundaries
  • Register System
• Select Security Controls
  • Establish the Security Control Baseline
  • Common Controls and Security Controls Inheritance
  • Risk Assessment as part of the Risk Management Framework (RMF)
• Implement Security Controls
  • Implement Selected Security Controls
  • Tailoring of Security Controls
  • Document Security Control Implementation
• Assess Security Controls
  • Prepare for Security Control Assessment
  • Establish Security Control Assessment Plan (SAP)
  • Determine Security Control Effectiveness – Perform the Testing
  • Develop Initial Security Assessment Report (SAR)
  • Perform Initial Remediation Actions
  • Develop Final Security Assessment Report and Addendum
• Authorize Information System
  • Develop Plan on Action and Milestones (POAM)
  • Assemble Security Authorization Package
  • Determine Risk
  • Determine the Acceptability of Risk
  • Obtain Security Authorization Decision
• Monitor Security State
  • Determine Security Impact of Changes to System and Environment
  • Perform Ongoing Security Control Assessments
  • Conduct Ongoing Remediation Actions
  • Update Key Documentation
  • Perform Periodic Security Status Reporting
  • Perform Ongoing Risk Determination and Acceptance
  • Decommission and Remove System