CAP - Certified Authorization Professional

The Certified Authorization Professional (CAP) training is aimed at providing knowledge and skills to professionals for maintaining and authorizing information system. This certification is significant to those responsible for establishing information security requirements and documentation along with formalizing risk assessment processes of an information security system. A CAP certified individual ensures the right level of security for information assets which are exposed to potential risk and damage.

Training Logo
Overview

The CAP credential is meant for commercial markets, local and civilian government. Also, it is recognized by the U.S. Federal government including the DoD (Department of Defence) under Information Assurance and Management. This course is ideal for authorization officials, information security professionals, information owners and senior system managers. 7 Domains of the CAP are 1. Risk Management Framework (RMF). 2. Categorization of Information Systems 3. Selection of Security Controls. 4. Security Control Implementation. 5. Security Control Assessment. 6. Information System Authorization and 7. Monitoring of Security Controls.

  • Duration
    40 hours
  • Batches
    Customizable as per your need
  • Suitable for
    Security professionals, information security students and those who are keen to learn security domain
  • Course Details
    Download PDF
What you will learn
  • Info Security Risk Management Program
  • Categorization of Information Systems (IS)
  • Selection of Security Controls
  • Implementation of Security Controls
  • Assessment of Security Controls
  • Authorization of Information Systems (IS)
  • Continuous Monitoring
  • Understand the Risk Management Framework for DOD IT Authorization process
  • Understand FISMA & NIST processes for authorizing Federal IT systems
  • Explain key roles & responsibilities
  • Explain statutory and regulatory requirements
  • Apply these principles to real world activities and situations
background

Course Agenda

01

Risk Management Framework (RMF)

  • Security authorization includes a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise. The authorization process incorporates the application of a Risk Management Framework (RMF), a review of the organizational structure, and the business process/mission as the foundation for the implementation and assessment of specified security controls. This authorization management process identifies vulnerabilities and security controls and determines residual risks. The residual risks are evaluated and deemed either acceptable or unacceptable. More controls must be implemented to reduce unacceptable risk. The system may be deployed only when the residual risks are acceptable to the enterprise and a satisfactory security plan is complete.

02

Categorization of Information Systems

  • Categorization of the information system is based on an impact analysis. It is performed to determine the types of information included within the security authorization boundary, the security requirements for the information types, and the potential impact on the organization resulting from a security compromise. The result of the categorization is used as the basis for developing the security plan, selecting security controls, and determining the risk inherent in operating the system.

03

Selection of Security Controls

  • The security control baseline is established by determining specific controls required to protect the system based on the security categorization of the system. The baseline is tailored and supplemented in accordance with an organizational assessment of risk and local parameters. The security control baseline, as well as the plan for monitoring it, is documented in the security plan

04

Security Control Implementation

  • The security controls specified in the security plan are implemented by taking into account the minimum organizational assurance requirements. The security plan describes how the controls are employed within the information system and its operational environment. The security assessment plan documents the methods for testing these controls and the expected results throughout the systems life-cycle.

05

Security Control Assessment

  • The security control assessment follows the approved plan, including defined procedures, to determine the effectiveness of the controls in meeting security requirements of the information system. The results are documented in the Security Assessment Report.

06

Information System Authorization

  • The residual risks identified during the security control assessment are evaluated and the decision is made to authorize the system to operate, deny its operation, or remediate the deficiencies. Associated documentation is prepared and/or updated depending on the authorization decision.

07

Monitoring of Security Controls

  • After an Authorization to Operate (ATO) is granted, ongoing continuous monitoring is performed on all identified security controls as well as the political, legal, and physical environment in which the system operates. Changes to the system or its operational environment are documented and analyzed. The security state of the system is reported to designated responsible officials. Significant changes will cause the system to renter the security authorization process. Otherwise, the system will continue to be monitored on an ongoing basis in accordance with the organization’s monitoring strategy.
background

Why Choose us?

Over 200 classes are scheduled conveniently every year with small training groups and industry experienced faculties that provides:

  • One-Stop shop for IT Training
  • Companywide IT Training Solutions
  • Interactive Teaching Methodology
  • Job Oriented Training Solutions
  • Flexible modes of training
  • Recorded sessions are available
  • Live Project Experience

In a hurry? Let's chat!

Contact us on Whatsapp
logo
Our Locations
Quick Contact