Hi dear CAP study Group,
I am Amy and planning to become an ISC2 CAP.
Hope you can help me answer a few questions.
My working experience:
- Nine years IT System Administrator (EDS Canada, HP Canada)
- Three years IT Security Analyst (Xerox Canada)
- Four years GRC Business System Analyst (Xerox Canada)
3. Is (ISC)² CAP CBK Second Edition still the current study book?
4. What are the changes for CAP exam after Aug15, 2021?
5. Would any of you be my endorser after I pass the exam?
I saw your post about CAP study material. that's very helpful information. Thank you.
Thank you in advance.
1) I am not familiar with Canada but it's more value you demonstrate you understand system authorization and governance.
2) On the role wise, it seem yes but of course the final judgement is upon your submission to be reviewed by the ISC2 certification reviewers.
Experience must fall within one or more of the seven domains of the (ISC)² CAP CBK:
Very likely your role in IT Security Analyst and GRC Business System Analyst look like covering the following domain
3) Yes, it's. The Flash card also helpful
and the reference stated are still very valid.
4) You can refer to
5) if you can't find anyone, ISC2 can endorse you.
I can't speak to "systems authorization" processes in Canada, but fact of the matter is that the CAP is US Federal government centric. The Canadian Security Establishment (CSE) and The RCMP have their own standards and processes for cyber threat analysis. Take for example the "Harmonized Threat and Risk Assessment (TRA) Methodology".
CAP isn't just for US Federal systems. If y'all see the NIST pubs, you'll see that they pertain to any information system to include private sector. RMF is also non-technological specific, that is, the concepts can be applied to any system. The only difference between securing one system over another is how you tailor the security and privacy controls.