Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Advanced Security Practitioner (CASP)

111 views

Published on

- Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Advanced Security Practitioner (CASP)
- Measuring CASP difficulty
- Why Hybrid Testing Approaches Work Best
- Mapping the NICE Cybersecurity Workforce Framework

Published in: Career
  • Be the first to comment

  • Be the first to like this

Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Advanced Security Practitioner (CASP)

  1. 1. • Enterprise Security • Risk Management and Incident Response • Research and Analysis • Integration of Computing, Communications and Business Disciplines • Technical Integration of Enterprise Components CASP is an advanced-level certification covering enterprise security; risk management; incident response; research and analysis; integration of computing, communications and business disciplines; and technical integration of enterprise components. CASP certifies critical thinking and judgment across a broad spectrum of security disciplines and requires candidates to implement clear solutions in complex environments. It assesses IT pros who work in advanced technical positions. CASP addresses the increased diversity of knowledge, skills and abilities (KSAs) required of today’s enterprise cybersecurity pros and validates what is currently necessary to perform effectively on the job. The current version of CASP reflects the skills needed to manage modern IT environments, including: Closing the Gap for Advanced Enterprise Cybersecurity Skills with CompTIA Advanced Security Practitioner (CASP) In this document: • Closing the Gap for Advanced Enterprise Cybersecurity Skills with CASP • Measuring CASP Difficulty • Why Hybrid Testing Approaches Work Best • Mapping the NICE Cybersecurity Work- force Framework of the exam objectives require application or analysis of domain knowledge 82% Measuring CASP Difficulty Using Bloom’s Taxonomy as an organizing principle to discuss the difficulty level of the exam illustrates the emphasis on the application of KSAs, rather than the simple recall of information. Looking at the exam objectives, 82 percent require candidates to demonstrate their knowledge at Bloom’s level 3 (apply) and level 4 (analyze). The CASP exam is at a high taxonomy level because we carefully track job roles and skills in the IT industry. We strive to make sure that the exams directly reflect industry standards and best practices. The following table summarizes the percentage of certification exam objectives that fall into each of Bloom’s level. 1
  2. 2. Bloom’s Level and Description Level of Complexity Percentage of Objectives (Objective Numbers) Level 1: Remembering/Recalling Information The candidate is able to recall, restate and remember learned information. Basic 0% Level 2: Understanding/Explaining Ideas or Concepts The learner grasps the meaning of information by interpreting and translating what has been learned. Low 17% Level 3: Applying Knowledge and Skills The learner makes use of information in a new situation from the one in which it was learned. Moderate 30% Level 4: Analyzing The learner breaks learned information into parts to best understand that information in an attempt to identify evidence for a conclusion. High 53% Level 5: Evaluating The learner makes decisions based on in depth reflection, criticism and assessment. High 0% Level 6: Creating The learner creates new ideas and information using what has been previously learned. High 0% CASP Executive Summary Why Hybrid Testing Approaches Work Best Over the past several years, cybersecurity practitioners and educators have debated as to which of the following is more important to validate: 1. An individual’s conceptual knowledge, as validated by “linear” multiple choice items, or 2. Performance associated with a particular job or responsibility, as validated by performance-based items. Advocates for each of these two aspects of validation often hold one of the approaches as superior over the other, with most individuals favoring only performance-based items. CompTIA regards this rift in opinion as a false dilemma. Both domain knowledge expertise and practical skills are absolutely vital and should be a part of any serious competency training and validation process. Both knowledge- and performance-based aspects are necessary for training, and nothing can substitute for hands-on learning. The same principle applies to assessment. This is why CompTIA adopted performance-based items into its certification exams starting in 2011. The following CompTIA exams contain roughly 10 percent performance-based items: On average, it takes a test taker roughly one-third of the time to complete these performance-based items. Performance-based items include simulations of technology solutions and story-based items that require advanced cognitive thinking on the part of the successful test taker. A+ | Network+ | Security+ | Cybersecurity Analyst (CSA+) | CompTIA Advanced Security Practitioner (CASP) 2
  3. 3. Work Role Description Matching CompTIA CASP Objectives (Samples) Enterprise Architect SP-ARC-001 Develops and maintains business, systems and information processes to support enterprise mission needs; develops information technology (IT) rules and requirements that describe baseline and target architectures. 2.3 — Compare and contrast security, privacy policies and procedures based on organizational requirements 3.2 — Analyze scenarios to secure the enterprise 5.1 — Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture Security Architect SP-ARC-002 Designs enterprise and systems security throughout the development life cycle; translates technology and environmental conditions (e.g., law and regulation) into security designs and processes. 1.3 — Given a scenario, analyze network and security components, concepts and architectures 4.3 — Implement security activities across the technology life cycle 5.1 — Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture Systems Requirements Planner SP-RP-001 Consults with customers to evaluate functional requirements and translate functional requirements into technical solutions. 2.1 — Interpret business and industry influences and explain associated security risks 4.1 — Given a scenario, facilitate collaboration across diverse business units to achieve security goals 4.2 — Given a scenario, select the appropriate control to secure communications and collaboration solutions Research and Development Specialist SP-RD-001 Conducts software and systems engineering and software systems research in order to develop new capabilities, ensuring cybersecurity is fully integrated. Conducts comprehensive technology research to evaluate potential vulnerabilities in cyberspace systems. 3.1 — Apply research methods to determine industry trends and impact to the enterprise 3.2 — Analyze scenarios to secure the enterprise 3.3 — Given a scenario, select methods or tools appropriate to conduct an assessment and analyze results Information Systems Security Developer SP-SYS-001 Designs, develops, tests and evaluates information system security throughout the systems development life cycle. 1.1 — Given a scenario, select appropriate cryptographic concepts and techniques 2.2 — Given a scenario, execute risk mitigation planning, strategies and controls 4.3 — Implement security activities across the technology life cycle Mapping the NICE Cybersecurity Workforce Framework CASP aligns with the following 11 work roles of the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NCWF), draft NIST special publication 800-181: This mapping is a sample of how CompTIA’s certification standards map to key elements of the NICE framework. CASP Executive Summary • Enterprise Architect, SP-ARC-001 • Security Architect, SP-ARC-002 • Systems Requirements Planner, SP-RP-001 • Research and Development Specialist, SP-RD-001 • Information Systems Security Developer, SP-SYS-001 • Security Control Assessor, SP-RM-002 • Cyber Defense Analyst, PR-DA-001 • Cyber Defense Incident Responder, PR-IR-001 • Vulnerability Assessment Analyst, PR-VA-001 • Warning Analyst, AN-TA-001 • Cyber Crime Investigator, IN-CI-001 3
  4. 4. Work Role Description Matching CompTIA CASP Objectives (Samples) Security Control Assessor SP-RM-002 Conducts independent comprehensive assessments of the management, operational and technical security controls and control enhancements employed within or inherited by an information technology (IT) system to determine the overall effectiveness of the controls (as defined in NIST SP 800-37). 1.4 — Given a scenario, select and troubleshoot security controls for hosts 1.5 — Differentiate application vulnerabilities and select appropriate security controls 3.3 — Given a scenario, select methods or tools appropriate to conduct an assessment and analyze results Cyber Defense Analyst PR-DA-001 Uses data collected from a variety of cyber- defense tools (e.g., intrusion detection system (IDS) alerts, firewalls, network traffic logs) to analyze events that occur within their environments for the purposes of mitigating threats. 1.3 — Given a scenario, analyze network and security components, concepts and architectures 2.2 — Given a scenario, execute risk mitigation planning, strategies and controls 3.2 — Analyze scenarios to secure the enterprise Cyber Defense Incident Responder PR-IR-001 Investigates, analyzes and responds to cyber-incidents within the network environment or enclave. 2.4 — Given a scenario, conduct incident response and recovery procedures 3.1 — Apply research methods to determine industry trends and impact to the enterprise 3.3 — Given a scenario, select methods or tools appropriate to conduct an assessment and analyze results Vulnerability Assessment Analyst PR-VA-001 Performs assessments of systems and networks within the network environment or enclave and identifies where those systems/networks deviate from acceptable configurations, enclave policy or local policy. Measures effectiveness of defense-in- depth architecture against known vulnerabilities. 1.3 — Given a scenario, analyze network and security components, concepts and architectures 1.5 — Differentiate application vulnerabilities and select appropriate security controls 3.3 — Given a scenario, select methods or tools appropriate to conduct an assessment and analyze results Warning Analyst AN-TA-001 Develops unique cyber indicators to maintain constant awareness of the status of the highly dynamic operating environment. Collects, processes, analyzes and disseminates cyber-warning assessments. 1.3 — Given a scenario, analyze network and security components, concepts and architectures 3.1 — Apply research methods to determine industry trends and impact to the enterprise 3.2 — Analyze scenarios to secure the enterprise 3.3 — Given a scenario, select methods or tools appropriate to conduct an assessment and analyze results Cyber Crime Investigator IN-CI-001 Identifies, collects, examines and preserves evidence using controlled and documented analytical and investigative techniques. 2.3 — Compare and contrast security, privacy policies and procedures based on organizational requirements 2.4 — Given a scenario, conduct incident response and recovery procedures 3.3 — Given a scenario, select methods or tools appropriate to conduct an assessment and analyze results LEARN MORE For government inquiries contact: GovernmentSales@CompTIA.org. For corporate inquiries contact: Jennifer Herroon at jherroon@CompTIA.org © 2017 CompTIA Properties, LLC, used under license by CompTIA Certifications, LLC. All rights reserved. All certification programs and education related to such programs are operated exclusively by CompTIA Certifications, LLC. CompTIA is a registered trademark of CompTIA Properties, LLC in the U.S. and internationally. Other brands and company names mentioned herein may be trademarks or service marks of CompTIA Properties, LLC or of their respective owners. Reproduction or dissemination prohibited without written consent of CompTIA Properties, LLC. Printed in the U.S. 03724-Apr2017 CASP Executive Summary 4

×