mnovelo - Fotolia

Get started Bring yourself up to speed with our introductory content.

What does the CASP certification update include?

CompTIA released updates to the CASP certification. Expert Mike O. Villegas reviews the changes and discusses whether they add value to the certification.

CompTIA recently announced an update to the CompTIA Advanced Security Practitioner (CASP) certification. What does the CASP certification update include? Does the update make it a stronger certification?

CompTIA announced on Feb. 28, 2015, an update to the CASP certification exam, the CAS-002. While there is no prerequisite, the CASP certification update is intended to follow CompTIA's Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.

The CASP certification exam contains 80 multiple choice and performance-based questions to be completed within 165 minutes; the test is administered as pass/fail only. It is recommended that candidates have at least 10 years of experience in IT administration, including at least five years of hands-on, technical security experience.

The CAS-002 exam covers:

  • Part 1: Enterprise Security
  • Part 2: Risk Management and Incident Response
  • Part 3: Research, Analysis and Assessment
  • Part 4: Integration of Computing, Communications and Business Disciplines
  • Part 5: Technical Integration of Enterprise Components

The major differences in the update from CAS-001 are that part two now includes incident response topics, part three now includes assessment topics, and the newly added part five covers deployment and design topics.

Part two now covers e-discovery, data breaches, design systems to facilitate incident response, and incident and emergency response. When an incident occurs that adversely affects the operation, security and effectiveness of the enterprise IT environment, a response plan needs to be in place that will facilitate rapid recovery to a normal state of business. If the incident is a data breach, an incident and emergency response plan must be activated. The enterprise will use e-discovery techniques and tools to identify, contain and eliminate incidents. This part of the exam also covers basic concepts on backups, ownership, data collection, rules of evidence and forensic analysis. The topics are advanced in concept, but not in techniques.

Part three now covers assessment tool types and assessment methods. Foundation topics related to assessment tool types include port scanners, vulnerability scanners, protocol analyzers, network enumerators, password crackers, fuzzers -- software tools that exploit Web application vulnerabilities -- and gathering tools, such as social media -- Twitter, Facebook and LinkedIn. Assessment methods include the vulnerability assessment, malware sandboxing, memory dumping, runtime debugging, penetration testing, code reviews and social engineering

Part five is new in CAS-002. It covers secure data flows, how to meet changing business needs, standards, interoperability issues, technical deployment models -- managed services, cloud, virtualization -- logical and physical deployment diagrams of relevant devices, secure infrastructure design, storage integration security and enterprise application integration enablers.

The CAS-002 is definitely an improvement over CAS-001. It includes more current areas of cybersecurity that are essential for a strong foundational knowledge. CASP certification holders can demonstrate a strong understanding of the topics covered. This helps prospective employers to vet applications for desired positions.

A study from September 2015 of the top five certifications for 2016 listed the CISSP, CEH, CISM, GSEC and Security+, in that order. Global Knowledge reported on the 15 Top-Paying Certifications for 2015. The top five in this study are CRISC, CISM, CISSP, PMP and CISA, in that order. CASP was not on either of these two lists.

This does not mean that the CASP certification update is not worth taking. The top five or 15 certifications on any list focus on the most common with the most certification holders. Although not on these lists, no one would argue whether an updated CASP certification is worth having.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Learn more about the value of the CASP and what to expect from the new CompTIA Security+ certification exam. Then, check out this vendor-neutral security certification guide.

This was last published in October 2015

Dig Deeper on Security industry certifications