cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Amy
Newcomer I

CAP Exam

Hi dear CAP study Group,

 

I am Amy and planning to become an ISC2 CAP.

Hope you can help me answer a few questions.

 

  1. Is ISC2 CAP Certificate appropriated in Canada? 
  2. I believe that I meet the working requirement for writing ISC2 CAP exam.  Would you please confirm?

                   My working experience:   

                 - Nine years IT System Administrator (EDS Canada, HP Canada)

                 - Three years IT Security Analyst (Xerox Canada)

                 - Four years GRC Business System Analyst (Xerox Canada)

 

     3. Is (ISC)² CAP CBK Second Edition still the current study book?

     4. What are the changes for CAP exam after Aug15, 2021?

     5. Would any of you be my endorser after I pass the exam?

 

John,

I saw your post about CAP study material. that's very helpful information. Thank you.

 

Thank you in advance.

Amy

7 Replies
csjohnng
Community Champion

@Amy 

1) I am not familiar with Canada but it's more value you demonstrate you understand system authorization and governance.

2) On the role wise, it seem yes but of course the final judgement is upon your submission to be reviewed by the ISC2 certification reviewers.

https://www.isc2.org/Certifications/CAP/experience-requirements

Experience must fall within one or more of the seven domains of the (ISC)² CAP CBK:

Very likely your role in IT Security Analyst and GRC Business System Analyst look like covering the following domain

  • Domain 1: Information Security Risk Management Program
  • Domain 2: Scope of the Information System
  • Domain 3: Selection and Approval of Security and Privacy Controls
  • Domain 5: Assessment/Audit of Security and Privacy Controls

3) Yes, it's. The Flash card also helpful

https://www.isc2.org/Training/Self-Study-Resources

and the reference stated are still very valid.

https://www.isc2.org/Certifications/References

 

 

4)  You can refer to 

https://blog.isc2.org/isc2_blog/2021/04/updates-to-the-isc%C2%B2-cap-exam-what-is-changing.html

https://www.isc2.org/Certifications/CAP/Domain-Change-FAQ

https://www.isc2.org/-/media/ISC2/Certifications/Domain-Refresh/CAP-Domain-Refresh.ashx

 

5) if you can't find anyone, ISC2 can endorse you.

John
AppDefects
Community Champion

I can't speak to "systems authorization" processes in Canada, but fact of the matter is that the CAP is US Federal government centric. The Canadian Security Establishment (CSE) and The RCMP have their own standards and processes for cyber threat analysis. Take for example the "Harmonized Threat and Risk Assessment (TRA) Methodology".

Amy
Newcomer I

Hi John,

Happy Friday. 🙂

Thank you very, very much for your reply. I feel much more confident after reading your answers.I certainly will use the material you suggested. Thank you for all the links. They are very helpful.Have a nice weekend.  
Kind regards,Amy
Amy
Newcomer I

Hi John, 
Thank you very much again for the good points.I have a hard time to find a Canadian certificate that is similar to (ISC)² CAP.I will do more research. 
Kind regards,  Amy
Amy
Newcomer I

Thank you very much for yor reply. 

I will look into CSE and  other points you suggested. 🙂

 

Kind regard,

Amy 

ChUcKiE
Viewer III

Anyone know how about it is useful for the Netherlands / Europe.

Or is the domain change/refresh filling in this gap?

Until_then
Contributor I

CAP isn't just for US Federal systems. If y'all see the NIST pubs, you'll see that they pertain to any information system to include private sector. RMF is also non-technological specific, that is, the concepts can be applied to any system. The only difference between securing one system over another is how you tailor the security and privacy controls.