The Certified Authorization Professional (CAP) is an information security practitioner who champions system security commensurate with an organization’s mission and risk tolerance, while meeting legal and regulatory requirements. CAP confirms an individual’s knowledge, skill, and experience required for using various frameworks to manage risk and to authorize and maintain information systems.
Audience
The CAP is ideal for IT, information security and cybersecurity practitioners who manage risk in information systems. It is also recommended for any practitioner involved in authorizing and maintaining information systems. Roles include:
- System security officers, system security managers, and other information security and cybersecurity practitioners focused on risk management and continuous monitoring issues
- Executives responsible for accepting system risk and authorizing systems to operate
- Auditors who perform independent reviews
- Program managers who develop or maintain IT systems
- IT professionals interested in improving cybersecurity and lifecycle cybersecurity risk management
Prerequisites
Candidates must have a minimum of 2 years’ cumulative work experience in 1 or more of the 7 domains of the CAP Common Body of Knowledge (CBK).
A candidate who doesn’t have the required experience may become an Associate of (ISC)² by successfully passing the CAP examination. The Associate of (ISC)² will then have 3 years to earn the 2 years of required experience.
Domains
- Information Security Risk Management Program
- Categorization of Information Systems (IS)
- Selection of Security Controls
- Implementation of Security Controls
- Assessment of Security Controls
- Authorization of Information Systems (IS)
- Continuous Monitoring
Exam
- Length: Up to 3 hours
- Questions: 125
- Format: Multiple choice
- Passing Score: 700 out of 1000 points
- Testing Center: Pearson VUE Testing Center (www.pearsonvue.com/isc2)
- Availability: English