This official (ISC)2® Certified Authorization Professional (CAP) course prepares you for the CAP exam.
The Certified Authorization Professional (CAP®) is an information security practitioner who advocates for security risk management in pursuit of information system authorization to support an organization’s mission and operations in accordance with legal and regulatory requirements.
CAP Training Delivery Methods
In-Person
Online
CAP Training Course Information
In this CAP Training course, you will learn how to:
Information Security Risk Management Program
Scope of the Information System
Selection and Approval of Security and Privacy Controls
Implementation of Security and Privacy Controls
Assessment/Audit of Security and Privacy Controls
Authorization/Approval of Information System
Continuous Monitoring
CAP Training Course Prerequisites
To qualify for the CAP certification, you must have a minimum of two years of cumulative, paid, full-time work experience in one or more of the seven domains of the CAP Common Body of Knowledge (CBK)
CAP Training Course Exam Information
To maintain certification, you must:
Earn and post a minimum of 20 (ISC)2 CPE credits per year
Comply with (ISC)2’s Code of Professional Ethics
As one of only 12 (ISC)2 CPE submitters worldwide, 4thdacad can submit courses on your behalf to (ISC)2 for CPE credit. (ISC)2 members can earn Group A credits for attending any of our cybersecurity courses and Group B General Education credits for any other 4thdacad course they attend.
Or (ISC)2 members can submit CPE credits directly to the CPE portal in the Members section of the (ISC)2 website.
CAP Certification Course Outline
Domain 1: Information Security Risk Management Program
1.1 Understand the foundation of an organization’s information security risk management program » Principles of information security
Risk management frameworks (e.g., National Institute of Standards and Technology (NIST), cyber security framework, Control Objectives for Information and Related Technology (COBIT), International Organization for Standardization (ISO) 27001, International Organization for Standardization (ISO) 31000)
System Development Life Cycle (SDLC)
Information system boundary requirements
Security controls and practices
Roles and responsibilities in the authorization/approval process
1.2 Understand risk management program processes
Select program management controls
Privacy requirements
Determine third-party hosted information systems
Understand regulatory and legal requirements
Familiarize with governmental, organizational, and international regulatory security and privacy requirements (e.g., International Organization for Standardization (ISO) 27001, Federal Information Security Modernization Act (FISMA), Federal Risk and Authorization Management Program (FedRAMP), General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA))
Familiarize with other applicable security-related mandates
Domain 2: Scope of the Information System
Domain 3: Selection and Approval of Security and Privacy Controls
Domain 4: Implementation of Security and Privacy Controls
Domain 5: Assessment/Audit of Security and Privacy Controls
Domain 6: Authorization/Approval of Information System
Domain 7: Continuous Monitoring