CASP Domain 3: Research and Analysis
Research and analysis makes up the third domain of CompTIA Advanced Security Practitioner (CASP, version CAS-002) exam objectives and contributes 18% to the overall exam. CASPs must learn the following vital concepts regarding this domain to take the exam.
What Research Methods Do I Need to Know for CASP?
As a CASP student, you will need to learn some essential research methods for the exam. They include the following:
Performing Ongoing Research
Performing ongoing research is indispensable as it keeps you abreast of current cybersecurity threats and newly emerging trends in the IT industry. You can perform this research by using some sophisticated tools, such as Nessus, Wireshark, Netcat, Metasploit, and TCP dump. The ongoing research also includes some Best Practices (Applying a Standard of Due Care Approach, Use Antivirus Software, Use Strong Passwords, Update Product Security, Perform Routine Backups, Protect Against Power Loss and Surges), New Technologies (Intrusion Detection System, Network Access Control, Security Information and Event Management, New Security Systems and Services such as Fingerprint Scan, Hand Geometry, Palm Scan, Retina Pattern, Voice Recognition, Iris Recognition, and Keyboard Dynamics), New Security Systems and Services, Technology Evolution (e.g., ISO, NIST, and RFCs).
Situational Awareness requires you to be cognizant of what is happening around you and knowing how to respond under such circumstances. Doing so requires the CASP to be aware of newly emerging Client-Side Attacks (e.g., Cookie Theft, Cross-Site Scripting, Cross-Site Request Forgery, SQL Injection, and Buffer Overflow), Knowledge of Current Threats and Vulnerabilities (e.g., Spam, Phishing, Spyware, Caller ID Spoofing, Advanced Fee Fraud, Denial of Service, Distributed Denial of Service, Session Hijacking, Man-In-The-Middle Attacks, and Logic Bombs), Emerging Threats and Issues (e.g., Botnets, Scareware, SMiShing, Smart Phone Attacks, Search Engine Poisoning, Crimeware Kits, and Clickjacking), and zero-day mitigating controls and remediation.
Research Security Implication of New Business Tools
Knowledge of many of the new business tools on the market can help enterprises to market themselves and operate in a better way. For example, Infusionsoft is a customer relationship management tool that helps organizations automate their marketing processes, e-commerce functionalities, manage emails, and so on. However, the security implications of these business tools are essential. In addition, CASPs will be required to research security implications when using social media/networking, end-user Cloud storage, and integration within the business.
The Global IA Industry Community
The Global Information Assurance (IA) Industry Community includes such groups as SANS, SysAdmin, EC-Council, and NIAG, all of which provide guidance on digital security. The Committee on National Security Systems Instruction CNSSI-4009 (formed by the National Information Assurance Glossary) describes IA as “the measures that defend and protect data and information systems by ensuring their confidentiality, integrity, availability, non-repudiation, and authentication.” CASPs will also keep up with the Computer Emergency Response Team (CERT), Conventions/Conferences, Threat Actors, and Emergency Threat Sources/Threat Intelligence.
Research Security Requirements for Contracts
This is about the importance of due care that incorporates either an investigation of an individual or an organization before making a new contract. Doing so requires some prerequisite security requirements, including Request For Proposal (RFP), Request For Quote (RFQ), and Request For Information (RFI), and Agreements.
What Are Some Relevant Analyses Essential to Securing the Enterprise?
CASPs will carry out several types of analysis to secure enterprises. These analyses are as follows:
Creating Benchmarks and Compare to Baseline
Benchmarking is the process of evaluating a product or tool prior to its purchase to make sure that it will perform the desired functions once purchased. A baseline is a reference point from which a change can be measured. For example, a baseline can be used to assess the security state of a system. The purpose of comparing a benchmark with the baseline is to ensure that no unexpected performance or security issues exist.
Prototype and Test Multiple Solutions
If a problem is identified in a deployed system, security professionals apply multiple solutions, including hardware or software upgrades, the purchase of new devices or technology, or applying changes to various settings. After that, the security professionals apply prototyping or testing to determine whether the applied multiple solutions are working effectively.
This vital form of analysis spells out how successfully a project can be completed and what other factors can be in play, such as technological, economic, and legal ramifications. The fundamental goal of the cost-benefit analysis is to make sure that it’s economically useful for establishing a specific type of information system. In a nutshell, cost-benefit analysis helps determine whether newly deployed services and resources produce benefit or loss to the enterprise. The following formula can help you to perform a Cost/Benefit analysis:
Cost/benefit analysis Payback period = total cost of investment ÷ estimated annual revenue
Cost/benefit usually involves two essential factors: Return on Investment (ROI) and Total Cost of Ownership (TCO).
Metrics Collection and Analysis
Metrics collection and analysis is an essential security solution as it allows the enterprise to project its future needs well before a security problem arises.
Analyzing and Interpreting Trend Data to Anticipate Cyber Defense Needs
Analyzing and interpreting trend data have paramount importance for anticipating an organization’s cyber defense needs. Doing so makes security practitioners capable of anticipating when and where security cyber defenses might need to be enhanced.
Reviewing the Effectiveness of Existing Security Controls
Organizations must test and evaluate their existing security controls to ensure that they are working effectively. The effectiveness of the existing controls can be tested and evaluated through audits, vulnerability assessment, and ethical hacking.
Reverse Engineer/Deconstruct Existing Solutions
Reverse engineering is the act of disassembling a device, object, or a system through the analysis of its operation and structure. Reverse engineering can be achieved through static and dynamic analysis. Dynamic analyses are used to test applications’ vulnerabilities at runtime. Static analysis, on the other hand, is performed by programmers to test errors in the source code of a software program as well as security issues associated with such software programs. Static analysis involves automated tools, such as IDA Pro and OllyDGB.
Analyzing Security Solution Attributes to Ensure They Meet Business Needs
As a CASP, you may need to undertake the responsibility of examining various security solutions for ensuring that they fulfil business needs. Doing so requires you to analyze the area of Performance (e.g., Uptime Agreements, Time Service Factor, Abandon Rate, and First Call Resolution), Maintainability, Availability, Latency, Scalability, Capability, Usability, and Recoverability.
Conduct a Lessons-Learned/After-Action Report
This process is carried out once you have signed a contract or established a Service Level Agreement (SLA). The purpose of Lesson Learned or After-Action is to review how effective the agreement-process was and to identify what vital improvements to existing processes, policies, and other organizational practices were indispensable. Below are some critical items that should be reviewed during the After-Action process:
- System, technology, or configuration enhancements
- Policies and procedures
- Communication procedures
- Implementation of Service Level Agreement (SLA)
Using Judgment to Solve Difficult Problems
If a difficult problem doesn’t have the best solution available, then you’ll have to use your best judgment to solve it. Here are the steps you should consider as you attempt to come to your own considered conclusion:
- Define the problem
- Gather facts
What Do I Need to Know about Methods or Tools for Analyzing Results?
Hackers use many sophisticated attacks to penetrate individual and corporate networks. Preventing such attacks requires security professionals to use some essential methods or tools, such as the ones described below:
The CASP professionals must know tool types such as Port Scanner, Vulnerability Scanner, Protocol Analyzer, Network Enumerator, Password Cracker, Fuzzer, HTTP Interceptor, Exploitation Tools/Frameworks, and Passive Reconnaissance and Intelligence Gathering Tools (e.g., Social Media, Whois, and Routing Tables).
There are numerous methods for analyzing results, including Vulnerability Assessment, Malware Sandboxing, Memory Dumping, Runtime Debugging, Penetration Testing, Black Box, Grey Box, White Box, Fingerprinting, Reconnaissance, Code Review, and Social Engineering.
Where Should I Focus My Time Studying?
Though passing CASP exam can feel like a Gordian knot to be untangled, acquiring the right training and studying the appropriate material will lead you to accomplish your cherished goal of CASP credential. Candidates should focus their time studying with CompTIA’s official material, all of which receives the CompTIA Authorized Quality Curriculum (CAQC) seal. Here is a CASP Resources article that includes everything you need to know in this regard.
InfoSec’s CASP Boot Camp—Your Best Bet
Do you want to take the CompTIA CASP exam? If so, InfoSec Institute offers a uniquely designed CASP Boot Camp for candidates aspiring for CASP examination. The goal of this course is to provide IT experts with the most comprehensive accelerated environment for taking the CASP exam.
InfoSec also offers thousands of articles on a variety of security topics.