Are you ready to pass the Certified Authorization Professional (CAP) certification exam ?

The Certified Authorization Professional (CAP) is an information security practitioner who advocates for security risk management in pursuit of information system authorization to support an organization’s mission and operations in accordance with legal and regulatory requirements. The CAP recognizes your knowledge, skills and abilities to authorize and maintain information systems within the RMF. It proves you know how to formalize processes to assess risk and establish security documentation.

Successful candidates are competent in the following 7 domains:

Domain 1 - Information Security Risk Management Program

• Understand the foundation of an organization information security risk management program

• Understand risk management program processes.

• Understand regulatory and legal requirements

Domain 2 -Scope of the Information System

• Define the information system

• Determine categorization of the information system

Domain 3 - Selection and Approval of Security and Privacy Controls

• Identify and document baseline and inherited controls

• Select and tailor controls to the system

• Develop continuous control monitoring strategy

• Review and approve security plan/Information Security Management System (ISMS)

Domain 4 - Implementation of Security and Privacy Controls

• Implement selected controls

• Document control implementation

Domain 5 - Assessment/Audit of Security and Privacy Controls

• Prepare for assessment/audit

• Conduct assessment/audit

• Prepare the initial assessment/audit report

• Review initial assessment/audit report and perform remediation actions

• Develop final assessment/audit report

• Develop remediation plan

Domain 6 - Authorization/Approval of Information System

• Compile security and privacy authorization/approval documents

• Determine information system risk

• Authorize/approve information system

Domain 7 - Continuous Monitoring

• Determine impact of changes to information system and environment

• Perform ongoing assessments/audits based on organizational requirements

• Review supply chain risk analysis monitoring activities (e.g., cyber threat reports, agency reports, news reports)

• Actively participate in response planning and communication of a cyber event

• Revise monitoring strategies based on changes to industry developments introduced through legal, regulatory, supplier, security and privacy updates

• Keep designated officials updated about the risk posture for continuous authorization/approval

• Decommission information system

This practice test exam CAP Certified Authorization Professional will give you full confidence to pass the main (ISC)² CAP exam. This practice exam test course is not licensed , affiliated or endorsed with (ISC)² CAP in any way.