Certified Authorization Professional (CAP®) Review/Test Prep


This course introduces the student to the Risk Management Framework and provides the knowledge required to pass the (ISC)2® Certified Authorization Professional (CAP)® exam.  This course is five weeks long and will be starting on August 20, 2018, and is presented online/self-paced but has weekly online live sessions with the instructor.  Students will maintain access to all learning materials including lab access for a full 60 days after the course start date.  Like all Cyber-Recon courses, this course focuses on multi-modal instruction by blending different learning modes including reading, watching videos, games, hands-on exercises, quizzes and weekly live interactions.

To maintain a strict instructor to student ratio this class will be limited to 8 students.  Once this number has been reached the course registration will be closed.

Categories: ,
    • Risk Management Framework (RMF)
    1. Describe the RMF
    2. Describe and distinguish between the RMF steps
    3. Identify roles and define responsibilities
    4. Understand and describe how the RMF process relates to the organizational structure
    5. Understand the relationship between the RMF and System Development Life Cycle (SDLC)
    6. Understand legal, regulatory and other security requirements
    • Categorization of Information Systems
    1. Categorize the system
    2. Describe the information system (including the security authorization boundaries)
    3. Register the system
    • Selection of Security Controls
    1. Identify and document (inheritable) controls
    2. Select, tailor and document security controls
    3. Develop security control monitoring strategy
    4. Review and approve security plan
    • Security Control Implementation
    1. Implement selected security controls
    2. Document security control implementation
    • Security Control Assessment
    1. Prepare for security control assessment
    2. Develop security control assessment plan
    3. Assess security control effectiveness
    4. Develop initial security assessment report (SAR)
    5. Review interim SAR and perform initial remediation actions
    6. Develop final SAR and optional addendum
    • Information System Authorization
    1. Develop plan of action and milestones (POAM) (e.g., resources, schedule, requirements)
    2. Assemble security authorization package
    3. Determine risk
    4. Determine the acceptability of risk
    5. Obtain security authorization decision
    • Monitoring of Security Controls
    1. Determine security impact of changes to system and environment
    2. Perform ongoing security control assessments (e.g., continuous monitoring, internal and external assessments)
    3. Conduct ongoing remediation actions (resulting from incidents, vulnerability scans, audits, vendor updates, etc.)
    4. Update key documentation (e.g., SP, SAR, POAM)
    5. Perform periodic security status reporting
    6. Perform ongoing risk determination and acceptance
    7. Decommission and remove system