ISC2 CAP : Certified Authorization Professional Exam
The ISC2 CAP: Certified Authorization Exam has been designed for qualified candidates who possess a minimum of two years of experience in system authorization processes, systems development experience, and security control testing and continuous monitoring. Once this certification has been obtained, it will be valid for three years before a candidate will need to recertify.
The target audience for the ISC2 CAP exam is IT Security personnel, systems administrators, individuals involved in information security, and those with technical or auditing experience with the United States government. Before attempting to take this exam, a candidate should have a minimum of two years of experience in general systems and 1-2 years of general technical experience.
There are a number of topics that will appear on the ISC2 CAP exam. For example, a candidate will need to demonstrate an understanding the security authorization of information systems. Security authorization includes a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise, and it will be important for a candidate to be familiar with this knowledge.
Other topics that a candidate can expect to find on this exam include categorizing information systems, establishing the security control baseline, applying security controls, authorizing information systems, and monitoring security controls.