Search our courses
Training

Information security is a crucial field in the world of business. You have experience in this field, and now you're ready to take that experience to the next level. In this CompTIA Advanced Security Practitioner (CASP) training course, you will expand on your knowledge of information security to apply more advanced principles that will keep your organization safe from the many ways it can be threatened. You'll apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement sustainable security solutions that map to organizational strategies; translate business needs into security requirements; support IT governance and risk management; architect security for hosts, networks, and software; respond to security incidents; and more.

Today's IT climate demands individuals with demonstrable skills, and the information and activities in this course can help you develop the skill set you need to confidently perform your duties as an advanced security practitioner.

 

Course Objectives:

In this course, you will analyze and apply advanced security concepts, principles, and implementations that contribute to enterprise-level security.

You will:

  • Support IT governance in the enterprise with an emphasis on managing risk.
  • Leverage collaboration tools and technology to support enterprise security.
  • Use research and analysis to secure the enterprise.
  • Integrate advanced authentication and authorization techniques.
  • Implement cryptographic techniques.
  • Implement security controls for hosts.
  • Implement security controls for mobile devices.
  • Implement network security.
  • Implement security in the systems and software development lifecycle.
  • Integrate hosts, storage, networks, applications, virtual environments, and cloud technologies in a secure enterprise architecture.
  • Conduct security assessments.
  • Respond to and recover from security incidents.

 

Course-specific Technical Requirements


Hardware:

For this course, you will need one Windows Server® 2016 computer for each student and for the instructor. Make sure that each computer meets the minimum hardware specifications as well as the classroom hardware specifications:

 

Windows Server 2016

  • 2 gigahertz (GHz) 64-bit processor that supports the VT-x or AMD-V virtualization instruction set and Second Level Address Translation (SLAT).
  • 8 gigabytes (GB) of Random Access Memory (RAM).
  • 80 GB storage device or larger.
  • Super VGA (SVGA) or higher resolution monitor capable of a screen resolution of at least 1024 x 768 pixels, at least 256-color display, and a video adapter with at least 4 MB of memory.
  • Bootable DVD-ROM or USB drive.
  • Keyboard and mouse or compatible pointing device.
  • Gigabit Ethernet adapter (10/100/1000BaseT) and cabling to connect to the classroom network.
  • IP addresses that do not conflict with other portions of your network.
  • Internet access (contact your local network administrator).
  • Display system to project the instructor's computer screen (instructor computer only).


Additional Hardware

  • Mobile devices running Android™ version 5.0 or higher. This is required for students to fully key through the optional activity "Implementing MDM" in the "Implementing Security Controls for Mobile Devices" lesson. Ideally, each student would have their own mobile device. If students are unable or unwilling to use their own mobile device, and you can't provide devices to them, you can still have them tour the MDM solution in the activity. Note that the activity was written and keyed using a Samsung Android smartphone. If students are using a non-Samsung Android device, some of the activity steps will differ. The process for enrolling iOS® devices is more complicated and may not be feasible to do in the classroom.
  • One wireless access point (WAP) connected to the classroom network. This is required for mobile devices to connect to the classroom network in the same "Implementing MDM" activity. One example scenario is connecting all of the classroom servers to the same gateway router using Ethernet cables. If this router has wireless functionality, and it is activated, students' mobile devices will be able to connect as long as they know the passphrase.

 
Software:

  • Microsoft® Windows Server® 2016 Standard Edition with sufficient licenses.

Windows Server 2016 requires activation unless you have volume-licensing agreements. There is a grace period for activation. If the duration of your class will exceed the activation grace period (for example, if you are teaching the class over the course of an academic semester), you should activate the installations at some point before the grace period expires. Otherwise, the operating system may stop working before the class ends.

  • Microsoft® Office 2016 or an open source alternative such as LibreOffice or Apache OpenOffice™.
  • Kali Linux™ version 2018.1.

The steps to download the Kali Linux system image are described in the course setup that follows. Note that the URL path to this download may have changed after this course was written.

  • Miscellaneous software that is notincluded in the course data files due to licensing restrictions:

        Microsoft Baseline Security Analyzer version 2.3 ( MBSASetup-x64-EN.msi).
        Bitvise SSH Server version 7.38 ( BvSshServer-Inst.exe).
        ManageEngine Mobile Device Manager Plus version 9 ( ManageEngine_MobileDeviceManager.exe).
        ntopng version 3.0.170606 ( ntopng-3.0.170606-x64.zip).

The steps to download these tools are described in the course setup that follows. Note that the URL paths to these downloads may have changed after this course was written. The activities in this course were written to the versions of the software noted previously. If new versions of these tools have been released when you present this course, make sure to test them with their corresponding activities to note any keying discrepancies.

  • Miscellaneous software that isincluded in the course data files:

        Oracle® VM VirtualBox version 5.1.30 ( VirtualBox-5.1.30-118389-Win.exe).
        XAMPP version 7.2.0 ( xampp-win32-7.2.0-0-VC15-installer.exe).
        MultiChain version 1.0.1 ( multichain-windows-1.0.1.zip).
        MultiChain Web Demo version 1.0 ( multichain-web-demo-master.zip).
        7-Zip version 16.04 (7z1604-x64.msi).
        PuTTY version 0.70 (putty.exe).
        Autopsy® version 3.0.10 ( autopsy-3.0.10-64bit.msi).
        OPNsense® version 17.7.5 ( OPNsense-17.7.5-OpenSSL-dvd-amd64.iso.bz2).

VirtualBox is distributed with the course data files under version 2 of the GNU General Public License (GPL). XAMPP and MultiChain are distributed under version 3 of the GNU GPL. MultiChain Web Demo is distributed under version 3 of the GNU Affero GPL. 7-Zip is distributed under version 2.1 of the GNU Lesser General Public License (LGPL). PuTTY is distributed under the MIT License. Autopsy is distributed under Apache License 2.0. OPNsense is distributed under the FreeBSD License.

  • If necessary, software for viewing the course slides (instructor machine only).

CompTIA Advanced Security Practitioner (CASP)

Course Code

GTCMCASP

Duration

5 Days

Course Fee

POA

Accreditation

CompTIA Advanced Security Practitioner (CASP) Certification

 

Students seeking CASP certification should have at least 10 years of experience in IT management, with at least 5 years of hands-on technical security experience.

Target Audience

This CompTIA Advanced Security Practitioner (CASP) training course is designed for IT professionals in the cybersecurity industry whose primary job responsibility is to secure complex enterprise environments. The target student should have real-world experience with the technical administration of these enterprise environments.

This course is also designed for students who are seeking the CompTIA® Advanced Security Practitioner (CASP) certification and who want to prepare for Exam CAS-003. Students seeking CASP certification should have at least 10 years of experience in IT management, with at least 5 years of hands-on technical security experience.

Attendee Requirements

To be fit for this advanced course, you should have at least a foundational knowledge of information security. This includes, but is not limited to:

  • Knowledge of identity and access management (IAM) concepts and common implementations, such as authentication factors and directory services.
  • Knowledge of cryptographic concepts and common implementations, such as Secure Sockets Layer/Transport Layer Security (SSL/TLS) and public key infrastructure (PKI).
  • Knowledge of computer networking concepts and implementations, such as the TCP/IP model and configuration of routers and switches.
  • Knowledge of common security technologies used to safeguard the enterprise, such as anti-malware solutions, firewalls, and VPNs.

Expand all

Course Description

Information security is a crucial field in the world of business. You have experience in this field, and now you're ready to take that experience to the next level. In this CompTIA Advanced Security Practitioner (CASP) training course, you will expand on your knowledge of information security to apply more advanced principles that will keep your organization safe from the many ways it can be threatened. You'll apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement sustainable security solutions that map to organizational strategies; translate business needs into security requirements; support IT governance and risk management; architect security for hosts, networks, and software; respond to security incidents; and more.

Today's IT climate demands individuals with demonstrable skills, and the information and activities in this course can help you develop the skill set you need to confidently perform your duties as an advanced security practitioner.

 

Course Objectives:

In this course, you will analyze and apply advanced security concepts, principles, and implementations that contribute to enterprise-level security.

You will:

  • Support IT governance in the enterprise with an emphasis on managing risk.
  • Leverage collaboration tools and technology to support enterprise security.
  • Use research and analysis to secure the enterprise.
  • Integrate advanced authentication and authorization techniques.
  • Implement cryptographic techniques.
  • Implement security controls for hosts.
  • Implement security controls for mobile devices.
  • Implement network security.
  • Implement security in the systems and software development lifecycle.
  • Integrate hosts, storage, networks, applications, virtual environments, and cloud technologies in a secure enterprise architecture.
  • Conduct security assessments.
  • Respond to and recover from security incidents.

 

Course-specific Technical Requirements


Hardware:

For this course, you will need one Windows Server® 2016 computer for each student and for the instructor. Make sure that each computer meets the minimum hardware specifications as well as the classroom hardware specifications:

 

Windows Server 2016

  • 2 gigahertz (GHz) 64-bit processor that supports the VT-x or AMD-V virtualization instruction set and Second Level Address Translation (SLAT).
  • 8 gigabytes (GB) of Random Access Memory (RAM).
  • 80 GB storage device or larger.
  • Super VGA (SVGA) or higher resolution monitor capable of a screen resolution of at least 1024 x 768 pixels, at least 256-color display, and a video adapter with at least 4 MB of memory.
  • Bootable DVD-ROM or USB drive.
  • Keyboard and mouse or compatible pointing device.
  • Gigabit Ethernet adapter (10/100/1000BaseT) and cabling to connect to the classroom network.
  • IP addresses that do not conflict with other portions of your network.
  • Internet access (contact your local network administrator).
  • Display system to project the instructor's computer screen (instructor computer only).


Additional Hardware

  • Mobile devices running Android™ version 5.0 or higher. This is required for students to fully key through the optional activity "Implementing MDM" in the "Implementing Security Controls for Mobile Devices" lesson. Ideally, each student would have their own mobile device. If students are unable or unwilling to use their own mobile device, and you can't provide devices to them, you can still have them tour the MDM solution in the activity. Note that the activity was written and keyed using a Samsung Android smartphone. If students are using a non-Samsung Android device, some of the activity steps will differ. The process for enrolling iOS® devices is more complicated and may not be feasible to do in the classroom.
  • One wireless access point (WAP) connected to the classroom network. This is required for mobile devices to connect to the classroom network in the same "Implementing MDM" activity. One example scenario is connecting all of the classroom servers to the same gateway router using Ethernet cables. If this router has wireless functionality, and it is activated, students' mobile devices will be able to connect as long as they know the passphrase.

 
Software:

  • Microsoft® Windows Server® 2016 Standard Edition with sufficient licenses.

Windows Server 2016 requires activation unless you have volume-licensing agreements. There is a grace period for activation. If the duration of your class will exceed the activation grace period (for example, if you are teaching the class over the course of an academic semester), you should activate the installations at some point before the grace period expires. Otherwise, the operating system may stop working before the class ends.

  • Microsoft® Office 2016 or an open source alternative such as LibreOffice or Apache OpenOffice™.
  • Kali Linux™ version 2018.1.

The steps to download the Kali Linux system image are described in the course setup that follows. Note that the URL path to this download may have changed after this course was written.

  • Miscellaneous software that is notincluded in the course data files due to licensing restrictions:

        Microsoft Baseline Security Analyzer version 2.3 ( MBSASetup-x64-EN.msi).
        Bitvise SSH Server version 7.38 ( BvSshServer-Inst.exe).
        ManageEngine Mobile Device Manager Plus version 9 ( ManageEngine_MobileDeviceManager.exe).
        ntopng version 3.0.170606 ( ntopng-3.0.170606-x64.zip).

The steps to download these tools are described in the course setup that follows. Note that the URL paths to these downloads may have changed after this course was written. The activities in this course were written to the versions of the software noted previously. If new versions of these tools have been released when you present this course, make sure to test them with their corresponding activities to note any keying discrepancies.

  • Miscellaneous software that isincluded in the course data files:

        Oracle® VM VirtualBox version 5.1.30 ( VirtualBox-5.1.30-118389-Win.exe).
        XAMPP version 7.2.0 ( xampp-win32-7.2.0-0-VC15-installer.exe).
        MultiChain version 1.0.1 ( multichain-windows-1.0.1.zip).
        MultiChain Web Demo version 1.0 ( multichain-web-demo-master.zip).
        7-Zip version 16.04 (7z1604-x64.msi).
        PuTTY version 0.70 (putty.exe).
        Autopsy® version 3.0.10 ( autopsy-3.0.10-64bit.msi).
        OPNsense® version 17.7.5 ( OPNsense-17.7.5-OpenSSL-dvd-amd64.iso.bz2).

VirtualBox is distributed with the course data files under version 2 of the GNU General Public License (GPL). XAMPP and MultiChain are distributed under version 3 of the GNU GPL. MultiChain Web Demo is distributed under version 3 of the GNU Affero GPL. 7-Zip is distributed under version 2.1 of the GNU Lesser General Public License (LGPL). PuTTY is distributed under the MIT License. Autopsy is distributed under Apache License 2.0. OPNsense is distributed under the FreeBSD License.

  • If necessary, software for viewing the course slides (instructor machine only).
Course Outline

Lesson 1: Supporting IT Governance and Risk Management

 Topic A: Identify the Importance of IT Governance and Risk Management

 Topic B: Assess Risk

 Topic C: Mitigate Risk

 Topic D: Integrate Documentation into Risk Management

Lesson 2: Leveraging Collaboration to Support Security

 Topic A: Facilitate Collaboration across Business Units

 Topic B: Secure Communications and Collaboration Solutions

Lesson 3: Using Research and Analysis to Secure the Enterprise

 Topic A: Determine Industry Trends and Their Effects on the Enterprise

 Topic B: Analyze Scenarios to Secure the Enterprise

Lesson 4: Integrating Advanced Authentication and Authorization Techniques

 Topic A: Implement Authentication and Authorization Technologies

 Topic B: Implement Advanced Identity and Access Management

Lesson 5: Implementing Cryptographic Techniques

 Topic A: Select Cryptographic Techniques

 Topic B: Implement Cryptography

Lesson 6: Implementing Security Controls for Hosts

 Topic A: Select Host Hardware and Software

 Topic B: Harden Hosts

 Topic C: Virtualize Servers and Desktops

 Topic D: Protect Boot Loaders

Lesson 7: Implementing Security Controls for Mobile Devices

 Topic A: Implement Mobile Device Management

 Topic B: Address Security and Privacy Concerns for Mobile Devices

Lesson 8: Implementing Network Security

 Topic A: Plan Deployment of Network Security Components and Devices

 Topic B: Plan Deployment of Network-Enabled Devices

 Topic C: Implement Advanced Network Design

 Topic D: Implement Network Security Controls

Lesson 9: Implementing Security in the Systems and Software Development Lifecycle

 Topic A: Implement Security throughout the Technology Lifecycle

 Topic B: Identify General Application Vulnerabilities

 Topic C: Identify Web Application Vulnerabilities

 Topic D: Implement Application Security Controls

Lesson 10: Integrating Assets in a Secure Enterprise Architecture

 Topic A: Integrate Standards and Best Practices in Enterprise Security

 Topic B: Select Technical Deployment Models

 Topic C: Integrate Cloud-Augmented Security Services

 Topic D: Secure the Design of the Enterprise Infrastructure

 Topic E: Integrate Data Security in the Enterprise Architecture

 Topic F: Integrate Enterprise Applications in a Secure Architecture

Lesson 11: Conducting Security Assessments

 Topic A: Select Security Assessment Methods

 Topic B: Perform Security Assessments with Appropriate Tools

Lesson 12: Responding to and Recovering from Incidents

 Topic A: Prepare for Incident Response and Forensic Investigations

 Topic B: Conduct Incident Response and Forensic Analysis

Appendix A: Mapping Course Content to CompTIA® Advanced Security Practitioner (CASP) Exam CAS-003

Exam
  • Exam CAS-003
Learning Path
Ways to Attend
  • Attend a public course, if there is one available. Please check our schedule, or register your interest in joining a course in your area.
  • Private onsite Team training also available, please contact us to discuss. We can customise this course to suit your business requirements.

Private Team Training is available for this course

We deliver this course either on or off-site in various regions around the world, and can customise your delivery to suit your exact business needs. Talk to us about how we can fine-tune a course to suit your team's current skillset and ultimate learning objectives.

Private Team Training | Contact us

Technical ICT learning & mentoring services

Private Team Training

Our instructors are specialist consultants with vast real world experience and expertise allowing them to design and deliver client-focused courses for your organisation.

Learn more about our Private Team Training

What Our Clients Say

"Absolutely fantastic training. Thoroughly enjoyed it thanks to our highly enthusiastic tutor.  It wouldn't be an understatement to say that it was the best professional training that I have ever received."

 

Customised Linux with Networking

Live Online -  February 2022

 

"The course content was very good. When needed, the Instructor was extending the content of the course with hints and tips to help us understand different topics that were covered in the course."

 

Kubernetes Administration Certification - GTLFK

Live Online June 2021

 

 

 

“The course was held at the highest possible standards, the instructor was excellent, well prepared, well informed, and clearly an SME. Top marks.”

 

Professional Cloud Service Manager - GTC13

Live Online December 2021

 

“Very engaging and practical course so hope to be able to put the learning into practice.”

 

Being Agile in Business - GTBAB

Live Online September 2021

 

“Great instructor, who encouraged active participation. The breakout groups and exercises kept the group engaged and the content relevant to our own products”.

 

Site Reliability Engineering Foundation - GTDSRE

Live Online January 2022

 

 

 

"Intelligence is the ability to avoid doing work, yet
getting the work done"

Linus Torvalds, creator of Linux and GIT

Technical ICT learning & mentoring services

About GuruTeam

GuruTeam is a high-level ICT Learning, Mentoring and Consultancy services company. We specialise in delivering instructor-led on and off-site training in Blockchain, Linux, Cloud, Big Data, DevOps, Kubernetes, Agile, Software & Web Development technologies. View our Testimonials

Download our eBrochure
Our Accreditation Partners
  •  
  •  
  •  

 

Upcoming Courses

Kubernetes Administration

11th - 14th March 2024

26th - 29th March 2024

Live Online

 

This Kubernetes Administration Certification training course is suitable for anyone who wants to learn the skills necessary to build and administer a Kubernetes cluster

Learn More

RUST

11th - 14th March 2024

26th - 29th March 2024

 Live Online

This course will help you understand what Rust applications look like, how to write Rust applications properly, and how to get the most out of the language and its libraries.

Learn More

Introduction to Python 3 

19th - 21st March 2024

9th - 11th April 2024

7th - 9th May 2024

   4th - 6th June 2024

 

Live Online

This Introduction to Python 3 training course is designed for anyone who needs to learn how to write programs in Python or support/modify existing programs.

 

Learn More

 GO LANG TRAINING

11th - 14th March 2024

26th - 29th March 2024

 

Live Online        

 

This Go language programming training course will help you understand how Go works, and immediately be more productive. If you are building a team using Go, this will be a great opportunity to get your team on the same page and speaking the same language. Innovative lab exercises and code samples are provided to reinforce skills and quickly master the topics.

Learn More

Newsletter

Stay up to date, receive updates on scheduled dates, new courses, offers, and events.

Subscribe to our Newsletter