Skip to main content

CompTIA CASP+ : Risk Management and IT Governance


Intro Video

Photo of John Marx

John Marx

Training Architect







Hands-on Labs


Course Details

This course covers the security topics relative to the CASP+ Certification domain of risk management and IT Governance. In this course, the student will obtain the knowledge and skills needed to obtain the CASP+ Certification, as they relate to this specific domain. This course is one of five domains covered by the CAS-003 exam.


Getting Started

About the Training Architect


Lesson Description:

This video is a brief introduction to the course author, John Marx.

Overview of the CASP+ Certification Courses


Lesson Description:

This video introduces the student to the overall CASP+ learning path. In this lesson, we discuss the five mini-courses covering the exam domains. The sixth overall exam review course is also introduced.

Introduction to the Risk Management and IT Governance Domain


Lesson Description:

This video introduces the course's content with an emphasis on the Risk domain and some course resources available through the GitHub repository.

Risk Management and IT Governance

Supporting Risk Management and IT Governance


Lesson Description:

In this lesson, the Risk Management exam domain is explored further through topics in the Enterprise Risk Management, the Risk Management Cycle, Risk Assessments, and how Risk Assessments lead to the development of an Enterprise Security Architecture.

IT Governance Frameworks


Lesson Description:

In this video, the lesson covers some of the main security consortiums and organizations that provide Enterprise Security Architecture (ESA) frameworks. Additionally, the steps to implement an ESA are reviewed.

Privacy and Governance


Lesson Description:

This lesson covers how privacy and governance regulations influence the manner through which an enterprise security architecture is implemented. Several laws, domestic and overseas, are mentioned that influence overall risk management.

Privacy and Mobile Devices


Lesson Description:

This lesson covers the topics associated with risk management and the growing use of mobile devices.

Governance and Third-Party Platforms


Lesson Description:

This lesson introduces the student to many of the standard agreements made between enterprises and third-party organizations. Since so many systems integrate with and share data with third-party organizations and systems, these types of agreements are vital to ensure that an entity's compliance requirements extend to their business partners.

Data Ownership and Sovereignty


Lesson Description:

This lesson further elaborates on the risk management issues of data ownership and data sovereignty. As regulators impose laws such as GDPR, entities must incorporate compliance with these laws into their overall ERM and ESA strategies.

Business Continuity Planning


Lesson Description:

This lesson discusses business continuity planning and several of the key metrics used to designate the business stakeholder's requirements for risk mitigation and recovery.

Emerging Risks and Technological Change


Lesson Description:

This lesson covers emerging risks and emerging technological changes. An emphasis is placed on continuous monitoring and change management as a means to manage and mitigate ongoing risks.

Governing Software Development and Deployment


Lesson Description:

This lesson reviews with the student the security practice needed to govern and manage risk associated with software development and deployment. Specific attention is given to the third-party software onboarding, release gating, and continuous quality practices.

Remote Workers and Telecommuting


Lesson Description:

This lesson elaborates on the risk management practice that may become necessary to accommodate remote workers. An emphasis is placed on deperimeterization and the attack vectors that exist with wide-area networking.

Hands-On Security Exercises

Using Tools to Conduct Security Assessments


Lesson Description:

In this lesson, we introduce the topics that are covered in the subsequent hands-on lab. This introduction is mostly to alert the student to third-party online resources that may help in their learning.

Using Directory Services to Augment Risk Management


Lesson Description:

This brief video lesson introduces the topics covered in the subsequent LDAP lab and some third-party resources that may prove beneficial when studying further.

Hands-on Labs are real live environments that put you in a real scenario to practice what you have learned without any other extra charge or account to manage.



What to Expect in the Exam


Lesson Description:

This video provides some sample exam questions and explains how the material in this domain is used in the actual certification exam.

Summation and Next Steps

Moving on to Enterprise Security Architecture


Lesson Description:

This video closes out the Risk Management domain and introduces the exam objectives for the Enterprise Security Architecture (ESA) domain that comes next in this learning path.

Take this course and learn a new skill today.

Transform your learning with our all access plan.

Start 7-Day Free Trial