Re: CAP Exam

Amy · ‎09-09-2021

Hi dear CAP study Group,

I am Amy and planning to become an ISC2 CAP.

Hope you can help me answer a few questions.

Is ISC2 CAP Certificate appropriated in Canada?
I believe that I meet the working requirement for writing ISC2 CAP exam. Would you please confirm?

My working experience:

- Nine years IT System Administrator (EDS Canada, HP Canada)

- Three years IT Security Analyst (Xerox Canada)

- Four years GRC Business System Analyst (Xerox Canada)

3. Is (ISC)² CAP CBK Second Edition still the current study book?

4. What are the changes for CAP exam after Aug15, 2021?

5. Would any of you be my endorser after I pass the exam?

John,

I saw your post about CAP study material. that's very helpful information. Thank you.

Thank you in advance.

Amy

csjohnng · ‎09-09-2021

@Amy

1) I am not familiar with Canada but it's more value you demonstrate you understand system authorization and governance.

2) On the role wise, it seem yes but of course the final judgement is upon your submission to be reviewed by the ISC2 certification reviewers.

https://www.isc2.org/Certifications/CAP/experience-requirements

Experience must fall within one or more of the seven domains of the (ISC)² CAP CBK:

Very likely your role in IT Security Analyst and GRC Business System Analyst look like covering the following domain

Domain 1: Information Security Risk Management Program
Domain 2: Scope of the Information System
Domain 3: Selection and Approval of Security and Privacy Controls
Domain 5: Assessment/Audit of Security and Privacy Controls

3) Yes, it's. The Flash card also helpful

https://www.isc2.org/Training/Self-Study-Resources

and the reference stated are still very valid.

https://www.isc2.org/Certifications/References

4) You can refer to

https://blog.isc2.org/isc2_blog/2021/04/updates-to-the-isc%C2%B2-cap-exam-what-is-changing.html

https://www.isc2.org/Certifications/CAP/Domain-Change-FAQ

https://www.isc2.org/-/media/ISC2/Certifications/Domain-Refresh/CAP-Domain-Refresh.ashx

5) if you can't find anyone, ISC2 can endorse you.

John

AppDefects · ‎09-09-2021

I can't speak to "systems authorization" processes in Canada, but fact of the matter is that the CAP is US Federal government centric. The Canadian Security Establishment (CSE) and The RCMP have their own standards and processes for cyber threat analysis. Take for example the "Harmonized Threat and Risk Assessment (TRA) Methodology".

Amy · ‎09-10-2021

Hi John,

Happy Friday. 🙂

Thank you very, very much for your reply. I feel much more confident after reading your answers.I certainly will use the material you suggested. Thank you for all the links. They are very helpful.Have a nice weekend.
Kind regards,Amy

Amy · ‎09-10-2021

Hi John,
Thank you very much again for the good points.I have a hard time to find a Canadian certificate that is similar to (ISC)² CAP.I will do more research.
Kind regards, Amy

Amy · ‎09-10-2021

Thank you very much for yor reply.

I will look into CSE and other points you suggested. 🙂

Kind regard,

Amy

ChUcKiE · ‎09-22-2021

Anyone know how about it is useful for the Netherlands / Europe.

Or is the domain change/refresh filling in this gap?

Until_then · ‎09-22-2021

CAP isn't just for US Federal systems. If y'all see the NIST pubs, you'll see that they pertain to any information system to include private sector. RMF is also non-technological specific, that is, the concepts can be applied to any system. The only difference between securing one system over another is how you tailor the security and privacy controls.