CASP – CompTIA Advanced Security Practitioner





Minimum 5 years of experience in IT administration, including at least 5 years of hands-on technical security experience.

Course Description:

The CompTIA Advanced Security Practitioner CASP Course is vendor-neutral. The course is an  internationally targeted validation of advanced-level security skills and knowledge. While there is no required prerequisite, the course is intended to follow CompTIA Security+ or equivalent experience and has a technical, “hands-on” focus at the enterprise level.


  • Computer Administrators
  • Business unit mangers
  • Presales engineers

Course length:

  • Live-on-Line (LoL) 30 one-hour meetings over 10 weeks

Training Purpose:

Technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. The student will apply critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers.

Course Proficiency Level: 3-Advanced

Learning Objectives:

Each item will be covered and demonstrated. The knowledge, skills, and abilities tend toward lecture and discussion. Tasks tend toward labs. There are readings before each session and quizzes to validate learning.

Course Topics:

  • Underlying Technical Models
  • General Server Security
  • Selecting Information Technology Security Products
  • Control Selection Process
  • Symmetric and Asymmetric
  • Message Integrity Controls
  • Cryptology Digital signatures
  • PKI and PGP
  • Cryptology Business Basics and requirements
  • Storage
  • Benchmarks and Baselines
  • Cloud
  • Secure Deployment of IPv6
  • OWASP top 10
  • DNS
  • DNS security
  • Firewall and VPN
  • SQL injection
  • Credential Reliability and Revocation Model for Federated Identities
  • Buffer Overflow
  • Enterprise Telework and Remote Access Security
  • Firewalls and Firewall Policy
  • Industrial Control Systems Security
  • Security-Focused Configuration Management
  • Secure Web Services
  • Access Control and Electronic Authentication
  • Single Sign-On
  • Risk Assessments
  • Information Security Testing and Assessment
  • Types Security Controls
  • Common Vulnerability Scoring System
  • Common Criteria
  • Personally Identifiable Information (PII)
  • Risk Management
  • Frameworks
  • Interconnecting Information Technology Systems
  • Information Technology Security Services
  • Information Security Continuous Monitoring
  • Incident handling
  • Integrating Forensic Techniques into Incident Response
  • Requirements
  • Standards Bodies
  • Information Security and software development fundamentals
  • Electronic Mail Security
  • Managing Mobile Devices
  • Voice Over IP Systems security
  • Physical Facilities assessment process
  • Security Requirements Traceability Matrix