CompTIA CASP+ : Risk Management and IT Governance
This course covers the security topics relative to the CASP+ Certification domain of risk management and IT Governance. In this course, the student will obtain the knowledge and skills needed to obtain the CASP+ Certification, as they relate to this specific domain. This course is one of five domains covered by the CAS-003 exam.
About the Training Architect
This video is a brief introduction to the course author, John Marx.
Overview of the CASP+ Certification Courses
This video introduces the student to the overall CASP+ learning path. In this lesson, we discuss the five mini-courses covering the exam domains. The sixth overall exam review course is also introduced.
Introduction to the Risk Management and IT Governance Domain
This video introduces the course's content with an emphasis on the Risk domain and some course resources available through the GitHub repository.
Risk Management and IT Governance
Supporting Risk Management and IT Governance
In this lesson, the Risk Management exam domain is explored further through topics in the Enterprise Risk Management, the Risk Management Cycle, Risk Assessments, and how Risk Assessments lead to the development of an Enterprise Security Architecture.
IT Governance Frameworks
In this video, the lesson covers some of the main security consortiums and organizations that provide Enterprise Security Architecture (ESA) frameworks. Additionally, the steps to implement an ESA are reviewed.
Privacy and Governance
This lesson covers how privacy and governance regulations influence the manner through which an enterprise security architecture is implemented. Several laws, domestic and overseas, are mentioned that influence overall risk management.
Privacy and Mobile Devices
This lesson covers the topics associated with risk management and the growing use of mobile devices.
Governance and Third-Party Platforms
This lesson introduces the student to many of the standard agreements made between enterprises and third-party organizations. Since so many systems integrate with and share data with third-party organizations and systems, these types of agreements are vital to ensure that an entity's compliance requirements extend to their business partners.
Data Ownership and Sovereignty
This lesson further elaborates on the risk management issues of data ownership and data sovereignty. As regulators impose laws such as GDPR, entities must incorporate compliance with these laws into their overall ERM and ESA strategies.
Business Continuity Planning
This lesson discusses business continuity planning and several of the key metrics used to designate the business stakeholder's requirements for risk mitigation and recovery.
Emerging Risks and Technological Change
This lesson covers emerging risks and emerging technological changes. An emphasis is placed on continuous monitoring and change management as a means to manage and mitigate ongoing risks.
Governing Software Development and Deployment
This lesson reviews with the student the security practice needed to govern and manage risk associated with software development and deployment. Specific attention is given to the third-party software onboarding, release gating, and continuous quality practices.
Remote Workers and Telecommuting
This lesson elaborates on the risk management practice that may become necessary to accommodate remote workers. An emphasis is placed on deperimeterization and the attack vectors that exist with wide-area networking.
Hands-On Security Exercises
Using Tools to Conduct Security Assessments
In this lesson, we introduce the topics that are covered in the subsequent hands-on lab. This introduction is mostly to alert the student to third-party online resources that may help in their learning.
Using Directory Services to Augment Risk Management
This brief video lesson introduces the topics covered in the subsequent LDAP lab and some third-party resources that may prove beneficial when studying further.
What to Expect in the Exam
This video provides some sample exam questions and explains how the material in this domain is used in the actual certification exam.
Summation and Next Steps
Moving on to Enterprise Security Architecture
This video closes out the Risk Management domain and introduces the exam objectives for the Enterprise Security Architecture (ESA) domain that comes next in this learning path.
Take this course and learn a new skill today.
Transform your learning with our all access plan.Start 7-Day Free Trial