CompTIA (The Computing Technology Industry Association) 於 1982 年成立,擁有超過 2,000 個國際級機構成員,3,000 個學術和合作夥伴,覆蓋了整個信息通信技術 (ICT) 行業,故 CompTIA 已經成為技術生態系統的主要領導者之一。
CompTIA CASP+ 認證是一套中立的 (Vendor Neutral) 國際認證系統,是針對安全架構師 (Security Architects) 和負責領導和提升企業資訊科技安全狀況的高級安全工程師 (Senior Security Engineers) 的高級認證。
CompTIA CASP+ 是唯一針對高級資訊科技安全實踐者 (而非管理人員) 的認證。資訊科技安全管理人員是協助確定可實施的資訊科技安全政策和框架,而 CompTIA CASP+ 認證專業人員則負責在這些政策和框架中實施解決方案。
與其他 CompTIA 認證不同,CompTIA CASP+ 同時涵蓋了安全架構和工程方面的內容。
CompTIA CASP+ 認證是市場上唯一技術領導者,並能評估企業的資訊科技安全狀況,及設計與實施適當的解決方案以確保您的機構能應對下一次攻擊。
CompTIA CASP+ 涵蓋了本地、雲原生和混合環境中的技術技能,以及治理、風險和合規性技能,評估企業的資訊科技安全準備狀況,並帶領技術團隊實施全面的企業資訊科技安全解決方案。
因應世界各地的監管機構和政府依賴美國國家標準協會 ANAB / ANSI 的 ISO 認證,CompTIA CASP+ 認證 (Certification) 本身亦獲得 ISO 17024 認可 (Accreditation) 及美國國防部 “Cyberspace Workforce Qualification and Management Program 8140.03M” 的批核 (Approval),而成為全球認可的知識體系。
自 2011 年起,CompTIA 已向全球超過三百萬名考生提供符合以上標準認可的考試。
CompTIA CASP+
通過 CompTIA CASP+ 認證課程,您將學習到哪些領域的技能?
- 資訊科技安全架構 (I.T. Security Architecture)
分析混合網路中的資訊科技安全需求,面向全企業的零信任資訊科技安全架構 (Zero Trust Model),並使用先進的安全雲端和虛擬化解決方案。
- 資訊科技安全運營 (I.T. Security Operations)
處理高級威脅管理、漏洞管理、風險緩解、事件應變策略和數位鑑識分析。
- 治理、風險和合規性 (Governance, Risk and Compliance)
證明組織整體資訊科技安全狀態符合如 CMMC、PCI-DSS、SOX、HIPAA、GDPR、FISMA、NIST 和 CCPA 等規定。
- 資訊科技安全工程與密碼學 (Security Engineering and Cryptography)
端點 (Endpoint) 安全控制、企業移動性、雲端 / 混合環境以及企業級 PKI 和密碼學解決方案的設定。
根據 CompTIA 的描述,CASP+ 認證所提供的知識體系適合以下列各職位人士:
- Security Architect
- Cybersecurity Engineer
- Cyber Risk Analyst
- Security Operations Center (SOC) Manager
- Chief Information Security Officer
課程名稱: |
CompTIA Advanced Security Practitioner CASP+ 國際認可證書課程 - 簡稱:CASP+ Training Course |
課程時數: | 合共 42 小時 (共 14 堂),共 1 科 |
適合人士: | 有志考取 CompTIA CASP+ 證書人士或對資訊科安全有興趣人士 |
授課語言: | 以廣東話為主,輔以英語 |
課程筆記: | 本中心導師親自編寫英文為主筆記,而部份英文字附有中文對照。 |
1. 模擬考試題目: | 本中心為學員提供模擬考試題目,每條考試題目均附有標準答案。(我們備有大量練習令學員更易通過考試) |
2. 時數適中: | 本中心的 CompTIA Advanced Security Practitioner CASP+ 國際認可證書課程時數適中,有 42小時。 令學員能真正了解及掌握課程內容,而又能於 4 個月內考獲以下 1 張國際認可證書:
|
3. 導師親自編寫筆記: | 資深導師 Larry Chan具備了 28 年以上電腦、網絡、數據庫及雲端保安系統的工作經驗,而最近 24 年更於本中心全職教學。 資深導師 Larry Chan並同時於本中心教授資訊科技安全及雲端安全相關的不同課程, 包括:
資深導師 Larry Chan 親自編寫筆記,絕對適合考試及實際管理之用,令你無須「死鋤」如字典般厚及不適合香港讀書格調的書本。 |
4. 一人一機上課: | 本課程以一人一機模式上課。 |
5. 免費重讀: | 傳統課堂學員可於課程結束後三個月內免費重看課堂錄影。 |
CompTIA 已公佈考生必須通過以下 1 個 CompTIA CASP+ 相關科目的考試,便可獲發 CompTIA CASP+ 國際認可證書:
考試編號 | 科目名稱 |
CAS-004 | CompTIA CASP+ |
本中心為 CompTIA 指定的考試試場。報考時請致電本中心,登記欲報考之科目、考試日期及時間 (最快可即日報考)。臨考試前考生須出示身份證及繳付考試費。 考試編號 CAS-004 考試費為 HK$4,174。 |
課程名稱:CompTIA Advanced Security Practitioner CASP+ 國際認可證書課程 - 簡稱:CASP+ Training Course |
Module 1: Designing a Secure Network Architecture
1.1 Physical, virtual network and security devices
- OSI model
- Unified threat management
- IDS/IPS
- Network IDS versus NIPS
- Wireless IPS
- Inline Encryptors
- Network access control
- SIEM
- Switches
- Firewalls
- Routers
- Proxy
- Network address translation gateway
- Load balancer
- Hardware security module
1.2 Application- and protocol-aware technologies
- DLP
- WAF
- Database activity monitoring
- Spam filter
- Advanced network design
- Remote access
- VPN
- IPsec
- SSH
- Remote Desktop Protocol
- Virtual Network Computing
- Network authentication methods
- Placement of hardware and applications
1.3 Network management and monitoring tools
- Alert definitions and rule writing
- Advanced configuration of network devices
- Transport security
- Port security
- Route protection
- Distributed DoS protection
- Remotely triggered black hole
1.4 Security zones
- DMZ
Module 2: Integrating Software Applications into the Enterprise
2.1 Integrating security into the development life cycle
- Systems development life cycle
- Development approaches
- Versioning
2.2 Software assurance
- Sandboxing/development environment
- Validating third-party libraries
- SecDevOps
- Defining the DevOps pipeline
2.3 Baseline and templates
- Secure coding standards
- Application vetting processes
- Hypertext Transfer Protocol
- (HTTP) headers
- Application Programming Interface
- (API) management
2.4 Considerations when integrating enterprise applications
- Customer relationship management (CRM)
- Enterprise resource planning (ERP)
- Configuration Management
- Database (CMDB)
- Content management systems
2.5 Integration enablers
- Directory services
- Domain name system
- Service-oriented architecture
- Enterprise service bus
Module 3: Enterprise Data Security, Including Secure Cloud and Virtualization Solutions
3.1 Implementing data loss prevention
- Blocking the use of external media
- Print blocking
- Remote Desktop Protocol blocking
3.2 Implementing data loss detection
- Watermarking
- Digital rights management
- Network traffic decryption/deep
- packet inspection
- Network traffic analysis
3.3 Enabling data protection
- Data classification
- Metadata/attributes
- Obfuscation
- Anonymization
- Encrypted versus unencrypted
- Data life cycle
- Data inventory and mapping
- Data integrity management
- Data storage, backup, and recovery
- Redundant array of inexpensive disks
3.4 Implementing secure cloud and virtualization solutions
- Virtualization strategies
- Security considerations for virtualization
3.5 Investigating cloud deployment models
- Deployment models and considerations
- Private cloud
- Public cloud
- Hybrid cloud
- Hosting models
- Service models
- Software as a service
- Platform as a service
- Infrastructure as a service
- Cloud provider limitations
3.6 Extending appropriate on-premises controls
- Micro-segmentation
- Jump box
- Examining cloud
- storage models
- File-based storage
- Database storage
- Block storage
- Blob storage
- Key/value pairs
Module 4: Deploying Enterprise Authentication and Authorization Controls
4.1 Credential management
- Hardware key manager
- Password policies
4.2 Identity federation
4.3 Access control
4.4 Authentication and authorization protocols
4.5 Multi-Factor Authentication (MFA)
Module 5: Threat and Vulnerability Management
5.1 Intelligence types
- Tactical intelligence
- Strategic intelligence
- Operational intelligence
- Commodity malware
- Targeted attacks
5.2 Actor types
- Advanced persistent threat – nation-state
- Insider threat
- Competitor
- Hacktivist
- Script kiddie
- Organized crime
5.3 Threat actor properties
- Resources
- Time
- Money
- Supply chain access
- Capabilities and sophistication
- Identifying techniques
5.4 Intelligence collection methods
- Intelligence feeds
- Deep web
- Proprietary intelligence
- Open source intelligence
- Human intelligence
5.5 Frameworks
- MITRE adversarial tactics, techniques, and common knowledge (ATT&CK)
- ATT&CK for industrial control systems
- The Diamond model of intrusion analysis
- Cyber Kill Chain
- Threat hunting
- Threat emulation
5.6 Indicators of compromise
- Packet capture
- Logs
- Network logs
- Vulnerability logs
- Operating system logs
- Access logs
- NetFlow logs
- Notifications
- File integrity monitoring alerts
- SIEM alerts
- Data loss prevention alerts
- Intrusion detection system and intrusion prevention system alerts
- Antivirus alerts
- Notification severity and priorities
5.7 Responses
- Firewall rules
- Intrusion prevention system and intrusion detection system rules
- Access control list rules
- Signature rules
- Behavior rules
- Data loss prevention rules
- Scripts/regular expressions
Module 6: Vulnerability Assessment and Penetration Testing Methods and Tools
6.1 Vulnerability scans
- Credentialed versus non-credentialed scans
- Agent-based/server-based
- Criticality ranking
- Active versus passive scans
6.2 Security Content Automation Protocol (SCAP)
- Extensible Configuration Checklist
- Description Format (XCCDF)
- Open Vulnerability and Assessment
- Language (OVAL)
- Common Platform Enumeration (CPE)
- Common Vulnerabilities and
- Exposures (CVE)
- Common Vulnerability Scoring System (CVSS)
- Common Configuration Enumeration (CCE)
- Asset Reporting Format (ARF)
- Self-assessment versus third-party vendor assessment
- Patch management 224
6.3 Information sources
- Advisories
- Bulletins
- Vendor websites
- Information Sharing and Analysis
- Centers (ISACs)
- News reports
6.4 Testing methods
- Static analysis
- Dynamic analysis
- Side-channel analysis
- Wireless vulnerability scan
- Software Composition Analysis (SCA)
- Fuzz testing
6.5 Penetration testing
- Requirements
- Box testing
- Post-exploitation
- Persistence
- Pivoting
- Rescanning for corrections/changes
6.6 Security tools
- SCAP scanner
- Network traffic analyzer
- Vulnerability scanner
- Protocol analyzer
- Port scanner
- HTTP interceptor
- Exploit framework
- Dependency management tools
Module 7: Risk Mitigation Controls
7.1 Understanding application vulnerabilities
- Race conditions
- Buffer overflows
- Broken authentication
- Insecure references
- Poor exception handling
- Security misconfiguration
- Information disclosure
- Certificate errors
- Use of unsafe functions
- Third-party libraries
- Dependencies
- End-of-support and end-of-life
- Regression issues
7.2 Assessing inherently vulnerable systems and applications
- Client-side processing and server-side processing
- JSON and representational state transfer
- Browser extensions
- Hypertext Markup Language 5 (HTML5)
- Asynchronous JavaScript and XML (AJAX)
- Simple Object Access Protocol (SOAP)
7.3 Recognizing common attacks
- Directory traversal
- Cross-site scripting
- Cross-site request forgery
- Injection attacks
- Sandbox escape
- VM hopping
- VM escape
- Border Gateway Protocol and route hijacking
- Interception attacks
- Denial of service and distributed denial of service
- Social engineering
- VLAN hopping
7.4 Proactive and detective risk reduction
- Hunts
- Developing countermeasures
- Deceptive technologies
- Security data analytics
7.5 Applying preventative risk reduction
- Application control
- Security automation
- Physical security
Module 8: Implementing Incident Response and Forensics Procedures
8.1 Understanding incident response planning
- Understanding the incident response process
- Preparation
- Detection
- Analysis
- Containment
- Eradication and recovery
- Lessons learned
- Specific response playbooks/processes
- Non-automated response methods
- Automated response methods
- Communication plan
8.2 Understanding forensic concepts
- Forensic process
- Chain of custody
- Order of volatility
- Event classifications
- Triage event
- Memory snapshots
- Images
- Evidence preservation
- Cryptanalysis
- Steganalysis
8.3 Using forensic analysis tools
- File carving tools
- Binary analysis tools
- Analysis tools
- Imaging tools
- Hashing utilities
- Using live collection and post-mortem tools
Module 9: Enterprise Mobility and Endpoint Security Controls
9.1 Implementing enterprise mobility management
- Managed configurations
9.2 Security considerations for mobility management
- The unauthorized remote activation and deactivation of devices or features
- Encrypted and unencrypted communication concerns
- Physical reconnaissance
- Personal data theft
- Health privacy
- The implications of wearable devices
- The digital forensics of collected data
- Unauthorized application stores
- Containerization
- Original equipment manufacturer (OEM) and carrier differences
- Supply chain issues
- The use of an eFuse
9.3 Implementing endpoint security controls
- Hardening techniques
- Compensating controls
Module 10: Security Considerations Impacting Specific Sectors and Operational Technologies
10.1 Identifying regulated business sectors
- Energy sector
- Manufacturing
- Healthcare
- Public utilities
- Public services
- Facility services
10.2 Understanding embedded systems
- Internet of things
- System on a chip
- Application-specific integrated circuits
- Field-programmable gate array
10.3 Understanding ICS/SCADA
- PLCs
- Historian
- Ladder logic
- Safety instrumented system
- Heating, ventilation, and air conditioning
10.4 Understanding OT protocols
- Controller area network bus (CANBus)
- Modbus
- Distributed Network Protocol 3.0
- Zigbee
- Common Industrial Protocol
- Data Distribution Service
Module 11: Implementing Cryptographic Protocols and Algorithms
11.1 Understanding hashing algorithms
- Secure Hashing Algorithm (SHA)
- Hash-Based Message Authentication Code (HMAC)
- Message Digest (MD)
- RACE integrity primitives evaluation message digest (RIPEMD)
11.2 Understanding symmetric encryption algorithms
- Block ciphers
- Stream ciphers
11.2 Understanding asymmetric encryption algorithms
- Rivest, Shamir, and Adleman (RSA)
- Digital Signature Algorithm (DSA)
- Elliptic-curve Digital Signature Algorithm (ECDSA)
- Diffie-Hellman (DH)
- Elliptic-curve Cryptography (ECC)
- Elliptic-curve Diffie-Hellman (ECDH)
11.3 Understanding encryption protocols 414
- Secure Sockets Layer (SSL)/Transport
- Layer Security (TLS)
- Secure/Multipurpose Internet Mail Extensions (S/MIME)
- Internet Protocol Security (IPSec)
- Secure Shell (SSH)
- Key stretching
- Password salting
- Password-based key derivation function 2 (PBKDF2)
11.4 Understanding emerging security technologies
- Quantum computing
- Blockchain
- Homomorphic encryption
- Biometric impersonation
- 3D printing
Module 12: Implementing Appropriate PKI Solutions, Cryptographic Protocols, and Algorithms for Business Needs
12.1 Understanding the PKI hierarchy
- Certificate authority
- Registration authority
- Certificate revocation list
- Online Certificate Status Protocol
12.2 Understanding certificate types
- Wildcard certificate
- Extended validation
- Multi-domain
- General-purpose
- Certificate usages/templates
12.3 Understanding PKI security and interoperability
- Trusted certificate providers
- Trust models
- Cross-certification certificate
- Life cycle management
- Certificate pinning
- Certificate stapling
- CSRs
- Common PKI use cases
- Key escrow
12.4 Troubleshooting issues with cryptographic implementations
- Key rotation
- Mismatched keys
- Improper key handling
- Embedded keys
- Exposed private keys
- Crypto shredding
- Cryptographic obfuscation
- Compromised keys
Module 13: Applying Appropriate Risk Strategies
13.1 Understanding risk assessments
- Qualitative risk assessments
- Quantitative risk assessments
13.2 Implementing risk-handling techniques
- Transfer
- Accept
- Avoid
- Mitigate
- Risk types
13.3 Understanding the risk management life cycle
- Department of Defense Risk
- Management Framework
- NIST Cybersecurity Framework (CSF)
- Understanding risk controls
13.4 Understanding risk tracking
- Key performance indicators
- Key risk indicators
- Risk appetite
- Risk tolerance
- Trade-off analysis
13.5 Managing risk with policies and security practices
- Separation of duties (SoD)
- Job rotation
- Mandatory vacation
- Least privilege
- Employment and termination procedures
- Training and awareness for users
- Auditing requirements and frequency
13.6 Explaining the importance of managing and mitigating vendor risk
- Vendor lock-in
- Vendor viability
- Merger or acquisition risk
- Meeting client requirements
- Ongoing vendor assessment tools
Module 14: Compliance Frameworks, Legal Considerations, and Their Organizational Impact
14.1 Security concerns associated with integrating diverse industries
- Data considerations
- Understanding geographic considerations
- Third-party attestation of compliance
Understanding regulations, accreditations, and standards
- Understanding legal considerations
- Application of contract and agreement types
Module 15: Business Continuity and Disaster Recovery Concepts
15.1 Conducting a business impact analysis
- Maximum Tolerable Downtime (MTD)
- Recovery Time Objective (RTO)
- Recovery Point Objective (RPO)
- Recovery service level
- Mission-essential functions
- Privacy Impact Assessment (PIA)
- Preparing a Disaster Recovery Plan/Business Continuity Plan
- Backup and recovery methods
15.2 Planning for high availability and automation
- Scalability
- Resiliency
- Automation
- Content Delivery Network (CDN)
- Testing plans
15.3 Explaining how cloud technology aids enterprise resilience
- Using cloud solutions for business continuity and disaster recovery (BCDR)
- Infrastructure versus serverless computing
- Collaboration tools
- Storage configurations
- Cloud Access Security Broker (CASB)
The course content above may change at any time without notice in order to better reflect the contents of the examination.