MCSEClasses Certification Training Boot Camp Cisco Certification Training Military Discounts Testimonials About Us Linux/Unix Certification MCSD Certification Home MCSE Certification MCDBA Certification Cisco Certification Security Certification Java Certification Oracle® Certification CIW Certification Jobs Boot Camp Financing Boot Camp Pricing Boot Camp Technical Schedule Contact Us


CompTIA Security+ / CySA+ / CASP+

Course Length: 15 days
Certifications: CompTIA Security+
CompTIA Cybersecurity Analyst (CySA)
Number of Exams: 3

Class Schedule
Call for Class Schedule

  • Certified Instructor
  • Includes all course materials

The CompTIA Security+ exam will certify that the successful candidate has the knowledge and skills required to identify risk, to participate in risk mitigation activities, and to provide infrastructure, application, information, and operational security.

CompTIA Cybersecurity Analyst (CySA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CySA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

The CompTIA Advanced Security Practitioner (CASP) Certification is a vendor-neutral credential. The CASP exam is an internationally targeted validation of advanced-level security skills and knowledge. While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, "hands-on" focus at the enterprise level.


CompTIA Security+

CompTIA Security+ is a global certification that validates the baseline skills necessary to perform core security functions and pursue an IT security career.

Why is it different?

More choose Security+ - chosen by more corporations and defense organizations than any other certification on the market to validate baseline security skills and for fulfilling the DoD 8570 compliance.

Security+ proves hands-on skills - the only baseline cybersecurity certification emphasizing hands-on practical skills, ensuring the security professional is better prepared to problem solve a wider variety of today's complex issues.

More job roles turn to Security+ to supplement skills - baseline cybersecurity skills are applicable across more of today's job roles to secure systems, software and hardware.

Security+ is aligned to the latest trends and techniques - covering the most core technical skills in risk assessment and management, incident response, forensics, enterprise networks, hybrid/cloud operations, and security controls, ensuring high-performance on the job.

What Skills Will You Learn?

Attacks, Threats and Vulnerabilities

Focusing on more threats, attacks, and vulnerabilities on the Internet from newer custom devices that must be mitigated, such as IoT and embedded devices, newer DDoS attacks, and social engineering attacks based on current events.

Architecture and Design

Includes coverage of enterprise environments and reliance on the cloud, which is growing quickly as organizations transition to hybrid networks.

Implementation

Expanded to focus on administering identity, access management, PKI, basic cryptography, wireless, and end-to-end security.

Operations and Incident Response

Covering organizational security assessment and incident response procedures, such as basic threat detection, risk mitigation techniques, security controls, and basic digital forensics.

Governance, Risk and Compliance

Expanded to support organizational risk management and compliance to regulations, such as PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.

Jobs that use CompTIA Security+

  • Security Administrator
  • Systems Administrator
  • Helpdesk Manager / Analyst
  • Network / Cloud Engineer
  • Security Engineer / Analyst
  • DevOps / Software Developer
  • IT Auditors
  • IT Project Manager

Exam: SY0-601

CompTIA Security+ is the first security certification a candidate should earn. It establishes the core knowledge required of any cybersecurity role and provides a springboard to intermediate-level cybersecurity jobs. Security+ incorporates best practices in hands-on troubleshooting, ensuring candidates have practical security problem-solving skills required to:

  • Assess the security posture of an enterprise environment and recommend and implement appropriate security solutions
  • Monitor and secure hybrid environments, including cloud, mobile, and IoT
  • Operate with an awareness of applicable laws and policies, including principles of governance, risk, and compliance
  • Identify, analyze, and respond to security events and incidents

Security+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation, because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

Course Content

1.0 Threats, Attacks, and Vulnerabilities
Compare and contrast different types of social engineering techniques.
  • Phishing
  • Smishing
  • Vishing
  • Spam
  • Spam over instant messaging (SPIM)
  • Spear phishing
  • Dumpster diving
  • Shoulder surfing
  • Pharming
  • Tailgating
  • Eliciting information
  • Whaling
  • Prepending
  • Identity fraud
  • Invoice scams
  • Credential harvesting
  • Reconnaissance
  • Hoax
  • Impersonation
  • Watering hole attack
  • Typosquatting
  • Pretexting
  • Influence campaigns
  • Principles (reasons for effectiveness)
Given a scenario, analyze potential indicators to determine the type of attack.
  • Malware
  • Password attacks
  • Physical attacks
  • Adversarial artificial intelligence (AI)
  • Supply-chain attacks
  • Cloud-based vs. on-premises attacks
  • Cryptographic attacks
Given a scenario, analyze potential indicators associated with application attacks.
  • Privilege escalation
  • Cross-site scripting
  • Injections
  • Pointer/object dereference
  • Directory traversal
  • Buffer overflows
  • Race conditions
  • Error handling
  • Improper input handling
  • Replay attack
  • Integer overflow
  • Request forgeries
  • Application programming interface (API) attacks
  • Resource exhaustion
  • Memory leak
  • Secure Sockets Layer (SSL) stripping
  • Driver manipulation
  • Pass the hash
Given a scenario, analyze potential indicators associated with network attacks.
  • Wireless
  • On-path attack
  • Layer 2 attacks
  • Domain name system (DNS)
  • Distributed denial-of-service (DDoS)
  • Malicious code or script execution
Explain different threat actors, vectors, and intelligence sources.
  • Actors and threats
  • Attributes of actors
  • Vectors
  • Threat intelligence sources
  • Research sources
Explain the security concerns associated with various types of vulnerabilities.
  • Cloud-based vs. on-premises vulnerabilities
  • Zero-day
  • Weak configurations
  • Third-party risks
  • Improper or weak patch management
  • Legacy platforms
  • Impacts
Summarize the techniques used in security assessments.
  • Threat hunting
  • Vulnerability scans
  • Syslog/Security information and event management (SIEM
  • Security orchestration, automation, and response (SOAR)
Explain the techniques used in penetration testing.
  • Penetration testing
  • Passive and active reconnaissance
  • Exercise types
2.0 Architecture and Design
Explain the importance of security concepts in an enterprise environment.
  • Configuration management
  • Data sovereignty
  • Data protection
  • Geographical considerations
  • Response and recovery controls
  • Secure Sockets Layer (SSL)/Transport Layer Security (TLS) inspection
  • Hashing
  • API considerations
  • Site resiliency
  • Deception and disruption
Summarize virtualization and cloud computing concepts.
  • Cloud models
  • Cloud service providers
  • Managed service provider (MSP)/ managed security service provider (MSSP)
  • On-premises vs. off-premises
  • Fog computing
  • Edge computing
  • Thin client
  • Containers
  • Microservices/API
  • Infrastructure as code
  • Serverless architecture
  • Services integration
  • Resource policies
  • Transit gateway
  • Virtualization
Summarize secure application development, deployment, and automation concepts.
  • Environment
  • Provisioning and deprovisioning
  • Integrity measurement
  • Secure coding techniques
  • Open Web Application Security Project (OWASP)
  • Software diversity
  • Automation/scripting
  • Elasticity
  • Scalability
  • Version control
Summarize authentication and authorization design concepts.
  • Authentication methods
  • Biometrics
  • Multifactor authentication (MFA) factors and attributes
  • Authentication, authorization, and accounting (AAA)
  • Cloud vs. on-premises requirements
Given a scenario, implement cybersecurity resilience.
  • Redundancy
  • Replication
  • On-premises vs. cloud
  • Backup types
  • Non-persistence
  • High availability
  • Restoration order
  • Diversity
Explain the security implications of embedded and specialized systems.
  • Embedded systems
  • Supervisory control and data acquisition (SCADA)/industrial control system (ICS)
  • Internet of Things (IoT)
  • Specialized
  • Voice over IP (VoIP)
  • Heating, ventilation, air conditioning (HVAC)
  • Drones
  • Multifunction printer (MFP)
  • Real-time operating system (RTOS)
  • Surveillance systems
  • System on chip (SoC)
  • Communication considerations
  • Constraints
Explain the importance of physical security controls.
  • Bollards/barricades
  • Access control vestibules
  • Badges
  • Alarms
  • Signage
  • Cameras
  • Closed-circuit television (CCTV)
  • Industrial camouflage
  • Personnel
  • Locks
  • USB data blocker
  • Lighting
  • Fencing
  • Fire suppression
  • Sensors
  • Drones
  • Visitor logs
  • Faraday cages
  • Air gap
  • Screened subnet (previously known as demilitarized zone)
  • Protected cable distribution
  • Secure areas
  • Secure data destruction
Summarize the basics of cryptographic concepts.
  • Digital signatures
  • Key length
  • Key stretching
  • Salting
  • Hashing
  • Key exchange
  • Elliptic-curve cryptography
  • Perfect forward secrecy
  • Quantum
  • Post-quantum
  • Ephemeral
  • Modes of operation
  • Blockchain
  • Cipher suites
  • Symmetric vs. asymmetric
  • Lightweight cryptography
  • Steganography
  • Homomorphic encryption
  • Common use cases
  • Limitations
3.0 Implementation
Given a scenario, implement secure protocols.
  • Protocols
  • Use cases
Given a scenario, implement host or application security solutions.
  • Endpoint protection
  • Boot integrity
  • Database
  • Application security
  • Hardening
  • Self-encrypting drive (SED)/ full-disk encryption (FDE)
  • Hardware root of trust
  • Trusted Platform Module (TPM)
  • Sandboxing
Given a scenario, implement secure network designs.
  • Load balancing
  • Network segmentation
  • Virtual private network (VPN)
  • DNS
  • Network access control (NAC)
  • Out-of-band management
  • Port security
  • Network appliances
  • Access control list (ACL)
  • Route security
  • Quality of service (QoS)
  • Implications of IPv6
  • Port spanning/port mirroring
  • Monitoring services
  • File integrity monitors
Given a scenario, install and configure wireless security settings.
  • Cryptographic protocols
  • Authentication protocols
  • Methods
  • Installation considerations
Given a scenario, implement secure mobile solutions
  • Connection methods and receivers
  • Mobile device management (MDM)
  • Mobile devices
  • Enforcement and monitoring
  • Deployment models
Given a scenario, apply cybersecurity solutions to the cloud.
  • Cloud security controls
  • Solutions
  • Cloud native controls vs. third-party solutions
Given a scenario, implement identity and account management controls.
  • Identity
  • Account types
  • Account policies
Given a scenario, implement authentication and authorization solutions.
  • Authentication management
  • Authentication/authorization
  • Access control schemes
Given a scenario, implement public key infrastructure.
  • Public key infrastructure (PKI)
  • Types of certificates
  • Certificate formats
  • Concepts
4.0 Operations and Incident Response
Given a scenario, use the appropriate tool to assess organizational security.
  • Network reconnaissance and discovery
  • File manipulation
  • Shell and script environments
  • Packet capture and replay
  • Forensics
  • Exploitation frameworks
  • Password crackers
  • Data sanitization
Summarize the importance of policies, processes, and procedures for incident response.
  • Incident response plans
  • Incident response process
  • Exercises
  • Attack frameworks
  • Stakeholder management
  • Communication plan
  • Disaster recovery plan
  • Business continuity plan
  • Continuity of operations planning (COOP)
  • Incident response team
  • Retention policies
Given an incident, utilize appropriate data sources to support an investigation.
  • Vulnerability scan output
  • SIEM dashboards
  • Log files
  • syslog/rsyslog/syslog-ng
  • journalctl
  • NXLog
  • Bandwidth monitors
  • Metadata
  • Netflow/sFlow
  • Protocol analyzer output
Given an incident, apply mitigation techniques or controls to secure an environment
  • Reconfigure endpoint security solutions
  • Configuration changes
  • Isolation
  • Containment
  • Segmentation
  • SOAR
Explain the key aspects of digital forensics.
  • Documentation/evidence
  • Acquisition
  • On-premises vs. cloud
  • Integrity
  • Preservation
  • E-discovery
  • Data recovery
  • Non-repudiation
  • Strategic intelligence/ counterintelligence
5.0 Governance, Risk, and Compliance
Compare and contrast various types of controls.
  • Category
  • Control type
Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture.
  • Regulations, standards, and legislation
  • Key frameworks
  • Benchmarks /secure configuration guides
Explain the importance of policies to organizational security.
  • Personnel
  • Diversity of training techniques
  • Third-party risk management
  • Data
  • Credential policies
  • Organizational policies
Summarize risk management processes and concepts.
  • Risk types
  • Risk management strategies
  • Risk analysis
  • Disasters
  • Business impact analysis
Explain privacy and sensitive data concepts in relation to security
  • Organizational consequences of privacy and data breaches
  • Notifications of breaches
  • Data types
  • Privacy enhancing technologies
  • Roles and responsibilities
  • Information life cycle
  • Impact assessment
  • Terms of agreement
  • Privacy notice

[ back to top ]

CompTIA Cybersecurity Analyst (CySA+)

CompTIA Cybersecurity Analyst (CySA+) is an international, vendor-neutral cybersecurity certification that applies behavioral analytics to improve the overall state of IT security. CySA+ validates critical knowledge and skills that are required to prevent, detect and combat cybersecurity threats.

Overview

As attackers have learned to evade traditional signature-based solutions such as firewalls, an analytics-based approach within the IT security industry is increasingly important for most organizations. The behavioral analytics skills covered by CySA+ identify and combat malware, and advanced persistent threats (APTs), resulting in enhanced threat visibility across a broad attack surface. CompTIA CySA+ is for IT professionals looking to gain the following security analyst skills:

  • Configure and use threat detection tools.
  • Perform data analysis.
  • Interpret the results to identify vulnerabilities, threats and risks to an organization.
CySA+ certified skills are in-demand

Properly trained IT security staff who can analyze, monitor and protect cybersecurity resources are in high demand. The U.S. Bureau of Labor Statistics (BLS) predicts that information security analysts will be the fastest growing overall job category, with 37 percent overall growth between 2012 and 2022.

CySA+ is globally recognized

CompTIA CySA+ is ISO/ANSI 17024 accredited and is awaiting approval by the U.S. Department of Defense (DoD) for directive 8140/8570.01-M requirements.

CySA+ provides substantial earnings potential

A career in information security analysis ranked seventh on U.S. News and World Report's list of the 100 best technology jobs for 2017. According to the Bureau of Labor Statistics, the median pay for an information security analyst is $90,120 per year.

Target Student

The CompTIA CySA+ examination is designed for IT security analysts, vulnerability analysts or threat intelligence analysts. The exam will certify that the successful candidate has the knowledge and skills required to configure and use threat detection tools, perform data analysis and interpret the results to identify vulnerabilities, threats and risks to an organization with the end goal of securing and protecting applications and systems within an organization.

Prerequisite

The CompTIA CySA+ exam is an internationally targeted validation of intermediate-level security skills and knowledge. While there is no required prerequisite, the CompTIA CySA+ certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, "hands-on" focus on IT security analytics.

It is recommended for CompTIA CySA+ certification candidates to have the following:

  • 3-4 years of hands-on information security or related experience
  • Network+, Security+ or equivalent knowledge

Course Content

Threat Management
  • Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes.
  • Given a scenario, analyze the results of a network reconnaissance.
  • Given a network-based threat, implement or recommend the appropriate response and countermeasure.
  • Explain the purpose of practices used to secure a corporate environment.
Vulnerability Management
  • Given a scenario, implement an information security vulnerability management process.
  • Given a scenario, analyze the output resulting from a vulnerability scan.
  • Compare and contrast common vulnerabilities found in the following targets within an organization.
Cyber Incident Response
  • Given a scenario, distinguish threat data or behavior to determine the impact of an incident.
  • Given a scenario, prepare a toolkit and use appropriate forensics tools during an investigation.
  • Explain the importance of communication during the incident response process.
  • Given a scenario, analyze common symptoms to select the best course of action to support incident response.
  • Summarize the incident recovery and post-incident response process.
Security Architecture and Tool Sets
  • Explain the relationship between frameworks, common policies, controls, and procedures.
  • Given a scenario, use data to recommend remediation of security issues related to identity and access management.
  • Given a scenario, review security architecture and make recommendations to implement compensating controls.
  • Given a scenario, use application security best practices while participating in the Software Development Life Cycle (SDLC).
  • Compare and contrast the general purpose and reasons for using various cybersecurity tools and technologies.

[ back to top ]

CompTIA Advanced Security Practitioner (CASP)

CompTIA Advanced Security Practitioner (CASP+) CAS-004 is an advanced-level cybersecurity certification for security architects and senior security engineers charged with leading and improving an enterprise's cybersecurity readiness.

Why is CASP+ Different?

CASP+ is the only hands-on, performance-based certification for advanced practitioners - not managers - at the advanced skill level of cybersecurity. While cybersecurity managers help identify what cybersecurity policies and frameworks could be implemented, CASP+ certified professionals figure out how to implement solutions within those policies and frameworks.

Unlike other certifications, CASP+ covers both security architecture and engineering - CASP+ is the only certification on the market that qualifies technical leaders to assess cyber readiness within an enterprise, and design and implement the proper solutions to ensure the organization is ready for the next attack.

What Skills Will You Learn?

Security Architecture

Expanded coverage to analyze security requirements in hybrid networks to work toward an enterprise-wide, zero trust security architecture with advanced secure cloud and virtualization solutions.

Security Operations

Expanded emphasis on newer techniques addressing advanced threat management, vulnerability management, risk mitigation, incident response tactics, and digital forensics analysis.

Governance, Risk, and Compliance

Expanded to support advanced techniques to prove an organization's overall cybersecurity resiliency metric and compliance to regulations, such as CMMC, PCI-DSS, SOX, HIPAA, GDPR, FISMA, NIST, and CCPA.

Security Engineering and Cryptography

Expanded to focus on advanced cybersecurity configurations for endpoint security controls, enterprise mobility, cloud/hybrid environments, and enterprise-wide PKI and cryptographic solutions.

Jobs That Use CASP+

  • Security Architect
  • Senior Security Engineer
  • SOC Manager
  • Security Analyst

Class Outline

1.0 Security Architecture

Given a scenario, analyze the security requirements and objectives to ensure an appropriate, secure network architecture for a new or existing network.
  • Services
  • Segmentation
  • Deperimeterization/zero trust
  • Merging of networks from various organizations
  • Software-defined networking (SDN)
Given a scenario, analyze the organizational requirements to determine the proper infrastructure security design.
  • Scalability
  • Resiliency
  • Performance
  • Automation
  • Containerization
  • Virtualization
  • Content delivery network
  • Caching
Given a scenario, integrate software applications securely into an enterprise architecture.
  • Baseline and templates
  • Software assurance
  • Considerations of integrating enterprise applications
  • Integrating security into development life cycle
Given a scenario, implement data security techniques for securing enterprise architecture.
  • Data loss prevention
  • Data loss detection
  • Data classification, labeling, and tagging
  • Obfuscation
  • Anonymization
  • Encrypted vs. unencrypted
  • Data life cycle
  • Data inventory and mapping
  • Data integrity management
  • Data storage, backup, and recovery
Given a scenario, analyze the security requirements and objectives to provide the appropriate authentication and authorization controls.
  • Credential management
  • Password policies
  • Federation
  • Access control
  • Protocols
  • Multifactor authentication (MFA)
  • One-time password (OTP)
  • Hardware root of trust
  • Single sign-on (SSO)
  • JavaScript Object Notation (JSON) web token (JWT)
  • Attestation and identity proofing
Given a set of requirements, implement secure cloud and virtualization solutions
  • Virtualization strategies
  • Provisioning and deprovisioning
  • Middleware
  • Metadata and tags
  • Deployment models and considerations
  • Hosting models
  • Service models
  • Cloud provider limitations
  • Extending appropriate on-premises controls
  • Storage models
Explain how cryptography and public key infrastructure (PKI) support security objectives and requirements.
  • Privacy and confidentiality requirements
  • Integrity requirements
  • Non-repudiation
  • Compliance and policy requirements
  • Common cryptography use cases
  • Common PKI use cases
Explain the impact of emerging technologies on enterprise security and privacy.
  • Artificial intelligence
  • Machine learning
  • Quantum computing
  • Blockchain
  • Homomorphic encryption
  • Secure multiparty computation
  • Distributed consensus
  • Big Data
  • Virtual/augmented reality
  • 3-D printing
  • Passwordless authentication
  • Nano technology
  • Deep learning
  • Biometric impersonation

2.0 Security Operations

Given a scenario, perform threat management activities.
  • Intelligence types
  • Actor types
  • Threat actor properties
  • Intelligence collection methods
  • Frameworks
Given a scenario, analyze indicators of compromise and formulate an appropriate response.
  • Indicators of compromise
  • Response
Given a scenario, perform vulnerability management activities.
  • Vulnerability scans
  • Security Content Automation Protocol (SCAP)
  • Self-assessment vs. third- party vendor assessment
  • Patch management
  • Information sources
Given a scenario, use the appropriate vulnerability assessment and penetration testing methods and tools.
  • Methods
  • Tools
  • Dependency management
  • Requirements
Given a scenario, analyze vulnerabilities and recommend risk mitigations.
  • Vulnerabilities
  • Inherently vulnerable system/application
  • Attacks
Given a scenario, use processes to reduce risk.
  • Proactive and detection
  • Security data analytics
  • Preventive
  • Application control
  • Security automation
  • Physical security
Given an incident, implement the appropriate response.
  • Event classifications
  • Triage event
  • Preescalation tasks
  • Incident response process
  • Specific response playbooks/processes
  • Communication plan
  • Stakeholder management
Explain the importance of forensic concepts.
  • Legal vs. internal corporate purposes
  • Forensic process
  • Integrity preservation
  • Cryptanalysis
  • Steganalysis
Given a scenario, use forensic analysis tools.
  • File carving tools
  • Binary analysis tools
  • Analysis tools
  • Imaging tools
  • Hashing utilities
  • Live collection vs. post-mortem tools

3.0 Security Engineering and Cryptography

Given a scenario, apply secure configurations to enterprise mobility.
  • Managed configurations
  • Deployment scenarios
  • Security considerations
Given a scenario, configure and implement endpoint security controls.
  • Hardening techniques
  • Processes
  • Mandatory access control
  • Trustworthy computing
  • Compensating controls
Explain security considerations impacting specific sectors and operational technologies.
  • Embedded
  • ICS/supervisory control and data acquisition (SCADA)
  • Protocols
  • Sectors
Explain how cloud technology adoption impacts organizational security.
  • Automation and orchestration
  • Encryption configuration
  • Logs
  • Monitoring configurations
  • Key ownership and location
  • Key life-cycle management
  • Backup and recovery methods
  • Infrastructure vs. serverless computing
  • Application virtualization
  • Software-defined networking
  • Misconfigurations
  • Collaboration tools
  • Storage configurations
  • Cloud access security broker (CASB)
Given a business requirement, implement the appropriate PKI solution.
  • PKI hierarchy
  • Certificate types
  • Certificate usages/profiles/templates
  • Extensions
  • Trusted providers
  • Trust model
  • Cross-certification
  • Configure profiles
  • Life-cycle management
  • Public and private keys
  • Digital signature
  • Certificate pinning
  • Certificate stapling
  • Certificate signing requests (CSRs)
  • Online Certificate Status Protocol (OCSP) vs. certificate revocation list (CRL)
  • HTTP Strict Transport Security (HSTS)
Given a business requirement, implement the appropriate cryptographic protocols and algorithms.
  • Hashing
  • Symmetric algorithms
  • Asymmetric algorithms
  • Protocols
  • Elliptic curve cryptography
  • Forward secrecy
  • Authenticated encryption with associated data
  • Key stretching
Given a scenario, troubleshoot issues with cryptographic implementations.
  • Implementation and configuration issues
  • Keys

4.0 Governance, Risk, and Compliance

Given a set of requirements, apply the appropriate risk strategies.
  • Risk assessment
  • Risk handling techniques
  • Risk types
  • Risk management life cycle
  • Risk tracking
  • Risk appetite vs. risk tolerance
  • Policies and security practices
Explain the importance of managing and mitigating vendor risk.
  • Shared responsibility model (roles/responsibilities)
  • Vendor lock-in and vendor lockout
  • Vendor viability
  • Meeting client requirements
  • Support availability
  • Geographical considerations
  • Supply chain visibility
  • Incident reporting requirements
  • Source code escrows
  • Ongoing vendor assessment tools
  • Third-party dependencies
  • Technical considerations
Explain compliance frameworks and legal considerations, and their organizational impact.
  • Security concerns of integrating diverse industries
  • Data considerations
  • Geographic considerations
  • Third-party attestation of compliance
  • Regulations, accreditations, and standards
  • Legal considerations
  • Contract and agreement types
Explain the importance of business continuity and disaster recovery concepts.
  • Business impact analysis
  • Privacy impact assessment
  • Disaster recovery plan (DRP)/ business continuity plan (BCP)
  • Incident response plan
  • Testing plans

[ back to top ]


IPLearning.net is your best choice for CompTIA Security+ CySA+ CASP+, CompTIA Security+ CySA+ CASP+ training, CompTIA Security+ CySA+ CASP+ certification, CompTIA Security+ CySA+ CASP+ certification boot camp, CompTIA Security+ CySA+ CASP+ boot camp, CompTIA Security+ CySA+ CASP+ certification training, CompTIA Security+ CySA+ CASP+ boot camp training, CompTIA Security+ CySA+ CASP+ boot camp certification, CompTIA Security+ CySA+ CASP+ certification course, CompTIA Security+ CySA+ CASP+ course, training CompTIA Security+ CySA+ CASP+, certification CompTIA Security+ CySA+ CASP+, boot camp CompTIA Security+ CySA+ CASP+, certification CompTIA Security+ CySA+ CASP+ boot camp, certification CompTIA Security+ CySA+ CASP+ training, boot camp CompTIA Security+ CySA+ CASP+ training, certification CompTIA Security+ CySA+ CASP+ course.




Search classes by keyword:


Search classes by category:

Copyright © 2022 Institute of Professional Learning. IPL Refund Policy. All Rights Reserved.