O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CompTIA Advanced Security Practitioner (CASP)

Video Description

CompTIA's CASP - CompTIA Advanced Security Practitioner , is a vendor-neutral certification that validates IT professionals with advanced-level security skills and knowledge. This certification course covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. It involves applying critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers, while managing risk.

Table of Contents

  1. Module 0
    1. Course Introduction 00:00:22
  2. Module 1
    1. Business Influences and Associated Security Risks 00:00:18
    2. Risk Management 00:01:40
    3. Business Model Strategies 00:02:01
    4. Integrating Diverse Industries 00:01:03
    5. Third Party Information Security and Providers 00:02:23
    6. Internal and External Influences 00:03:01
    7. Impact of De-Perimeterization 00:01:22
  3. Module 2
    1. Risk Mitigation Planning - Strategies and Controls 00:00:15
    2. CIA Triad 00:02:30
    3. Business Classifications 00:02:12
    4. Information Life Cycle and Steak-Holder Input 00:02:00
    5. Implementing Technical Controls 00:04:44
    6. Determine Aggregate CIA Score 00:01:39
    7. Worst Case Scenario Planning 00:03:34
    8. Calculation Tools and Attacker Motivation 00:02:56
    9. Return Of Investment 00:03:07
    10. Total Cost of Ownership and Risk Strategies 00:02:25
    11. Risk Management Process 00:01:26
    12. Identifying Vulnerabilities and Threats 00:01:41
    13. Security Architecture Frameworks 00:02:37
    14. Business Continuity Planning 00:01:46
    15. IT Governance 00:01:38
    16. Security Policies 00:02:43
  4. Module 3
    1. Security-Privacy Policies and Procedures Part1 00:00:16
    2. Security-Privacy Policies and Procedures Part2 00:00:27
    3. Policy Development Updates 00:03:36
    4. Developing Processes and Procedures 00:01:50
    5. Legal Compliance Part1 00:04:02
    6. Legal Compliance Part2 00:04:17
    7. Security Policy Business Documents 00:05:05
    8. Outage Impact and Estimating Downtime Terms 00:07:11
    9. Sensitive Information-Internal Security Policies 00:03:54
    10. Incident Response Process 00:03:45
    11. Forensic Tasks 00:02:34
    12. Employment and Termination Procedures 00:02:58
    13. Network Auditing 00:01:55
  5. Module 4
    1. Incident Response and Recovery Procedures 00:00:11
    2. E-Discovery and Data Retention Policies 00:05:30
    3. Data Recovery-Storage and Backup Schemes 00:08:42
    4. Data Owner and Data Handling 00:01:45
    5. Disposal Terms and Concepts 00:01:19
    6. Data Breach and Data Analysis 00:01:17
    7. Incident Response Guidelines 00:04:50
    8. Incident and Emergency Response 00:02:10
    9. Media-Software and Network Analysis 00:03:20
    10. Order of Volatility 00:01:04
  6. Module 5
    1. Industry Trends Overview 00:00:19
    2. Performing Ongoing Research 00:01:14
    3. Security Practices 00:02:33
    4. Evolution of Technology 00:00:55
    5. Situational Awareness and Vulnerability Assessments 00:03:45
    6. Researching Security Implications 00:02:17
    7. Global Industry Security Response 00:01:01
    8. Threat Actors 00:01:49
    9. Contract Security Requirements 00:00:56
    10. Contract Documents 00:01:07
  7. Module 6
    1. Securing the Enterprise Overview 00:00:14
    2. Benchmarks and Baselines 00:02:06
    3. Prototyping and Testing Multiple Solutions 00:01:34
    4. Cost/Benefit Analysis 00:01:01
    5. Metrics Collection and Trend Data 00:02:04
    6. Security Controls-Reverse Engineering and Deconstructing 00:01:40
    7. Security Solutions Business Needs 00:01:29
    8. Lesson Learned- After Action Report 00:01:22
  8. Module 7
    1. Assessment Tools and Methods 00:00:20
    2. Port Scanners and Vulnerability Scanners 00:03:15
    3. Protocol Analyzer- Network Enumerator-Password Cracker 00:02:42
    4. Fuzzers and HTTP Interceptors 00:02:11
    5. Exploitation Tools 00:01:45
    6. Passive Reconnaissance Tools 00:05:28
    7. Vulnerability Assessments and Malware Sandboxing 00:02:03
    8. Memory Dumping and Penetration Testing 00:03:50
    9. Reconnaissance and Fingerprinting 00:01:52
    10. Code Review 00:01:11
    11. Social Engineering 00:01:58
  9. Module 8
    1. Social Cryptographic Concepts and Techniques 00:00:15
    2. Cryptographic Benefits and Techniques 00:03:03
    3. Hashing Algorithms 00:05:47
    4. Message Authentication Code 00:01:11
    5. Cryptographic Concepts 00:04:15
    6. Transport Encryption Protocol 00:02:08
    7. Symmetric Algorithms 00:05:21
    8. Asymmetric Algorithms 00:02:55
    9. Hybrid Encryption and Digital Signatures 00:03:15
    10. Public Key Infrastructure 00:05:12
    11. Digital Certificate Classes and Cypher Types 00:01:27
    12. Des Modes 00:04:54
    13. Cryptographic Attacks 00:04:56
    14. Strength vs Performance and Cryptographic Implementations 00:01:55
  10. Module 9
    1. Enterprise Storage 00:00:16
    2. Virtual Storage Types and Challenges 00:02:24
    3. Cloud Storage 00:04:39
    4. Data Warehousing 00:01:54
    5. Data Archiving 00:02:14
    6. Storage Area Networks (SANs) and (VSANs) 00:02:31
    7. Network Attached Storage (NAS) 00:01:38
    8. Storage Protocols and Fiber Channel over Ethernet (FCoE) 00:02:55
    9. Storage Network File Systems 00:01:48
    10. Secure Storage Management Techniques 00:05:04
    11. LUN Masking/Mapping and HBA Allocation 00:02:00
    12. Replication and Encryption Methods 00:02:49
  11. Module 10
    1. Network and Security Components-Concepts-Security Architectures 00:00:16
    2. Remote Access Protocols 00:05:36
    3. IPv6 and Transport Encryption 00:04:15
    4. Network Authentication Methods 00:04:24
    5. 802.1x and Mesh Networks 00:02:49
    6. Security Devices 00:05:55
    7. Network Devices 00:05:09
    8. Firewalls 00:03:30
    9. Wireless Controllers 00:01:51
    10. Router Security and Port Numbers 00:01:53
    11. Network Security Solutions 00:03:31
    12. Availability Controls-Terms and Techniques 00:06:27
    13. Advanced Router and Switch Configuration 00:03:28
    14. Data Flow Enforcement of Applications and Networks 00:01:09
    15. Network Device Accessibility and Security 00:06:58
  12. Module 11
    1. Security Controls for Hosts 00:00:17
    2. Trusted Operation Systems 00:01:55
    3. Endpoint Security Software and Data Loss Prevention 00:04:01
    4. Host Based Firewalls 00:01:03
    5. Log Monitoring and Host Hardening 00:02:00
    6. Standard Operating Environment and Group Policy Security 00:04:00
    7. Command Shell Restrictions 00:01:07
    8. Configuring and Managing Interface Security 00:03:24
    9. USB-Bluetooth-Firewire Restrictions and Security 00:03:16
    10. Full Disk Encryption 00:01:54
    11. Virtualization Security 00:02:37
    12. Cloud Security Services 00:03:26
    13. Boot Loader Protections 00:02:29
    14. Virtual Host Vulnerabilities 00:01:32
    15. Virtual Desktop Infrastructure 00:01:40
    16. Terminal Services 00:00:27
    17. Virtual TPM 00:01:34
  13. Module 12
    1. Application Vulnerabilities and Security Controls 00:00:20
    2. Web Application Security Design 00:01:08
    3. Specific Application Issues 00:02:36
    4. Session Management 00:01:21
    5. Input Validation 00:02:34
    6. Web Vulnerabilities and Input Mitigation Issues 00:02:23
    7. Buffer Overflow and other Application Issues 00:03:25
    8. Application Security Framework 00:01:44
    9. Web Service Security and Secure Coding Standards 00:01:12
    10. Software Development Methods 00:04:32
    11. Monitoring Mechanisms and Client-Server Side Processing 00:02:04
    12. Browser Extensions and Other Web Development Techniques 00:02:45
  14. Module 13
    1. Host-Storage-Network and Application Integration 00:00:14
    2. Securing Data Flows 00:01:52
    3. Standards Concepts 00:01:24
    4. Interoperability Issues 00:01:40
    5. In House Commercial and Customized Applications 00:00:49
    6. Cloud and Virtualization Models 00:03:24
    7. Logical and Physical Deployment Diagrams 00:01:05
    8. Secure Infrastructure Design 00:03:20
    9. Storage Integration Security 00:00:47
    10. Enterprise Application Integration Enablers 00:03:14
  15. Module 14
    1. Authentication and Authorization Technologies 00:00:13
    2. Authentication and Identity Management 00:02:02
    3. Password Types-Management and Policies 00:03:48
    4. Authentication Factors 00:01:11
    5. Biometrics 00:03:02
    6. Dual-Multi Factor and Certificate Authentication 00:01:41
    7. Single Sign On Issues 00:01:05
    8. Access Control Models and Open Authorization 00:03:31
    9. Extensible Access Control Markup Language (XACML) 00:01:38
    10. Service Provisioning Markup Language (SPML) 00:00:52
    11. Attestation and Identity Propagation 00:01:53
    12. Federation and Security Assertion Markup Language (SAML) 00:01:38
    13. OpenID-Shibboleth and WAYF 00:02:09
    14. Advanced Trust Models 00:01:29
  16. Module 15
    1. Business Unit Collaboration 00:00:13
    2. Identifying and Communicating Security Requirements 00:07:45
    3. Security Controls Recommendations 00:00:47
    4. Secure Solutions Collaboration 00:00:35
  17. Module 16
    1. Secure Communication and Collaboration 00:00:16
    2. Web-Video Conferencing-Instant Messaging 00:06:09
    3. Desktop Sharing 00:02:36
    4. Presence Guidelines 00:01:44
    5. Email Messaging Protocol 00:02:32
    6. Telephony-VoIP and Social Media 00:03:17
    7. Cloud Based Collaboration 00:02:34
    8. Remote Access and IPsec 00:04:04
    9. Mobile and Personal Device Management 00:02:31
    10. Over Air Technology Concerns 00:02:23
    11. WLAN Concepts-Terms-Standards 00:03:56
    12. WLAN Security and Attacks 00:05:05
  18. Module 17
    1. Security Across the Technology Life Cycle 00:00:15
    2. End to End Solution Ownership 00:05:10
    3. System Development Life Cycle 00:05:43
    4. Security Implications of Software Development Methodologies 00:02:20
    5. Asset Management 00:01:19
    6. Course End 00:00:06