CompTIA CASP+ CAS-004 – Course Introduction

1. Course Introduction

This is the certified advanced security practitioner course. It is a step above Security Plus for those who want to get into the industry as security professionals. This is the current version of the CASP exam, version three. In this course we’re going to start with understanding risk management. Risk is inevitable in every organization and as security professionals we need to be aware of how how to plan for risk and how to implement risk management proceedings.

So we’ll be talking about things like threats and vulnerabilities, the calculation of risk, prioritization of risk, the handling of risk, avoiding transferring, mitigating along with all the policies and procedures that kind of come hand in hand with it. Then we’ll get into the nuts and bolts. We’ll talk about network and security components and architecture. What are the individual pieces that we put in place like unified threat management, firewalls network access control, for instance, to ensure that we can maintain confidentiality, integrity and availability of our systems? Then we’ll look at understanding authentication, advanced authentication techniques and cryptographic techniques. Authentication of course, is critical in any type of environment because we have to know who it is that is accessing our networks.

We need to make sure that information is kept confidential. And sometimes that confidentiality requires cryptography, the use of encryption and decryption of hashing algorithms. And so we’ll be discussing various elements that you can put in place in your organization in order to ensure both confidentiality and integrity. Then we’ll talk about implementing security for systems, for applications, for storage. We’ll also include mobile devices in that hardening operating systems, hardening network devices, making sure that storage is highly available, utilizing various components within the prevalent mobile devices in today’s environment to ensure the security of both the device itself as well as access to the network and the data stored on that device.

Most environments today are going to use some sort of virtualization and virtualization has now evolved into cloud computing. And so we’ll talk about implementing security for those types of environments which is incredibly important, especially when your data is housed in the public cloud. Finally, we’ll talk about utilizing security assessments and handling incident response security assessments via auditing. Whether it’s formal or informal, third party or internal. It’s important to identify vulnerabilities and to handle them. It’s also important in some cases to do actual penetration testing to try to break into the network to identify security holes.

And then any environment is is subject to the possibility of a security breach, no matter how secure, you can have security events that occur. So the question is what are you going to do when those security events happen? How are you going to respond to it? And so that’ll be the last part that we talk about is developing an incident response strategy, understanding its individual components and then implementing and maintaining it. So there you have it, the objectives for the CASP CompTIA exam and what we’ll be going through in this course. As I said before, my name is Patrick Loner. It’s my pleasure to be your instructor on this course. Let’s get started.

2. Instructor Introduction

Hi, and welcome to the video course for CompTIA’s Certified Advanced Security Practitioner version three of this exam. My name is Patrick Loner and I’ll be your instructor on this course. I want to start with just a little bit about my background. I’ve been in the It industry for nearly 20 years. I have spent a lot of that time doing training and consulting, so we’re full time as an instructor. Ah started with my MCSE on Windows Nt and worked up in the Microsoft world, attaining MCSE MCSA credentials all the way up through Windows Server 2016. Along the way, I did work with SQL Server, Exchange Network, infrastructure Security, firewalls routers switch, you name it.

For three years I worked with a managed service provider, providing It support and services for small to medium sized businesses, and I was involved with a number of different projects during that time, all of which had security implications. I then spent ten years consulting and doing independent contract training, where I specialized in Exchange Office 365 Server deployments as well as training. But as I said before, security is sort of integrated into all of those areas. In the CompTIA side, I do have the A plus network, plus security, plus course CASP and cloud, plus certification. So it’s my hope that we can go through this course together and get you prepared for both the real world as well as the exam.