Course Details
Course Details
What You'll Learn
This course prepares you for the CAS-005 certification exam, covering all official exam domains and their approximate weightings:
Domain 1 Governance, Risk, and Compliance (20%)
- Implement governance components (security program documentation, GRC tools, change/configuration management, data governance)
- Perform risk management activities (risk assessment frameworks, third-party/supply chain risk, confidentiality/integrity/availability/privacy risk considerations)
- Explain how compliance affects security strategy (industry standards e.g. PCI DSS, ISO/IEC 27000, NIST CSF; privacy regulations e.g. GDPR/CCPA; audits vs assessments vs certifications)
- Perform threat-modeling activities (actor characteristics, ATT&CK/CAPEC/STRIDE/Cyber Kill Chain frameworks, attack surface determination)
- Summarize information security challenges of AI adoption (prompt injection, model theft/inversion, AI-enabled attacks, AI-enabled assistants/digital workers)
Domain 2 Security Architecture (27%)
- Analyze requirements to design resilient systems (component placement, availability/integrity design, recoverability, scaling)
- Implement security throughout the systems life cycle (security requirements, SAST/DAST/IAST/RASP, SCA, SBOM, CI/CD, supply chain and hardware assurance)
- Integrate appropriate controls into secure architecture design (attack surface management, detection/threat-hunting enablers, DLP, hybrid infrastructures)
- Apply security concepts to access, authentication, and authorization system design (provisioning/deprovisioning, federation, SSO, PKI, access control models)
- Securely implement cloud capabilities in an enterprise environment (CASB, shared responsibility model, IaC via Terraform/Ansible, container/serverless security)
- Integrate Zero Trust concepts into system architecture design (continuous authorization, microsegmentation, deperimeterization via SASE/SD-WAN)
Domain 3 Security Engineering (31%)
- Troubleshoot IAM components in an enterprise environment (subject access control, MFA, PAM, federation protocols SAML/OAuth/OpenID)
- Analyze requirements to enhance endpoint and server security (EDR, HIPS/HIDS, application control, MDM, threat-actor TTPs)
- Troubleshoot complex network infrastructure security issues (DNS security, email security DKIM/SPF/DMARC, TLS/PKI issues, DDoS, ACL issues)
- Implement hardware security technologies and techniques (roots of trust, TPM/HSM, secure boot, tamper detection, firmware attacks)
- Secure specialized and legacy systems against threats (OT/SCADA/ICS, IoT, embedded systems, industry-specific challenges)
- Use automation to secure the enterprise (scripting, IaC, SOAR, generative AI, SCAP/CVE/CVSS) and apply advanced cryptographic concepts and use cases (post-quantum cryptography, homomorphic encryption, tokenization, digital signatures)
Domain 4 Security Operations (22%)
- Analyze data to enable monitoring and response activities (SIEM, aggregate data analysis, behavior baselines, reporting/dashboards)
- Analyze vulnerabilities and attacks to recommend mitigations reducing the attack surface (injection, XSS, deserialization, input validation, patching)
- Apply threat-hunting and threat intelligence concepts (OSINT, TIPs, STIX/TAXII, Sigma/YARA rule languages, indicators of attack)
- Analyze data and artifacts in support of incident response activities (malware analysis, reverse engineering, network/host/metadata analysis, root cause analysis, insider threat)
Course Info
Promotion Code
Your will get 10% discount voucher for 2nd course onwards if you write us a Google review.
Minimum Entry Requirement
Knowledge and Skills
- Able to operate using computer functions
- Minimum 3 GCE ‘O’ Levels Passes including English or WPL Level 5 (Average of Reading, Listening, Speaking & Writing Scores)
Attitude
- Positive Learning Attitude
- Enthusiastic Learner
Experience
- Minimum of 1 year of working experience.
Target Age Group: 21-65 years old
Minimum Software/Hardware Requirement
Software:
You can download and install the following software:
Hardware: Windows and Mac Laptops
Job Roles
Job Roles
- Cybersecurity Analyst
- Information Security Officer
- Security Operations Center (SOC) Analyst
- IT Security Consultant
- Network Security Engineer
- Cyber Risk Analyst
- Governance, Risk, and Compliance (GRC) Specialist
- Security Architect
- IT Security Administrator
- Cloud Security Engineer
- Security Incident Response Specialist
- Penetration Tester
- Ethical Hacker
- Threat Intelligence Analyst
- Systems Security Engineer
- DevSecOps Engineer
- Security Compliance Manager
Trainers
Trainers
Peter Goh is a ACTA certified trainer. Peter Goh is the Technology Evangelist at Disruptive Digital, a full-service digital agency based in Singapore, offering innovative & effective web and native mobile application development. He specializes in bleeding edge software development and have more than 10 years' experience in developing customized applications for desktop, web and mobile platforms. He has extensive domain knowledge in .Net and Java programming, iOS development and has helped many to create e-commerce web sites on Amazon AWS and Microsoft Azure
Fritz is ACTA-certified, as well as a registered MOE instructor, and a graduate of the 2018 ConsenSys Blockchain Developer Program, with a Bachelor in Electrical and Electronic Engineering (Computer Specialisation) from Nanyang Technological University.
With more than 10 years of experience teaching at a local polytechnic, Fritz is passionate about imparting knowledge to teens, adults, and children. He believes that an education in technology and in how things work is essential for everyone, so that they can harness and invent the technologies of the future. He is excited about exploring anything related to computers and IT, with a keen interest in electronics and native cross-platform mobile app development so that our ubiquitous mobile phones can be conveniently used to control and interact with devices wirelessly and over the Internet.
Mohamed Afiq is a ACTA certifed trainer. Mohamed Afiq startup CTO for 3 years building proprietary delivery system from scratch and then managing a team of 20 developers. He builted multiple web apps using MEAN or similar stacks. He is also a founder and sole developer for PlayTours: https://playtours.app/ . He leads instructor at CodeNinja, teaching coding to kids 9-16 years old and teach adults front-end and back-end for web development.
Review
Customer Reviews (10)
- will recommend Review by Course Participant/Trainee
-
. (Posted on 10/4/2024)1. Do you find the course meet your expectation? 2. Do you find the trainer knowledgeable in this subject? 3. How do you find the training environment - will recommend Review by Course Participant/Trainee
-
. (Posted on 10/4/2024)1. Do you find the course meet your expectation? 2. Do you find the trainer knowledgeable in this subject? 3. How do you find the training environment - will recommend Review by Course Participant/Trainee
-
Prepare sample codes/answer for activities. (Posted on 9/27/2024)1. Do you find the course meet your expectation? 2. Do you find the trainer knowledgeable in this subject? 3. How do you find the training environment - will recommend Review by Course Participant/Trainee
-
. (Posted on 9/27/2024)1. Do you find the course meet your expectation? 2. Do you find the trainer knowledgeable in this subject? 3. How do you find the training environment - might reconsider Review by Course Participant/Trainee
-
. (Posted on 3/7/2024)1. Do you find the course meet your expectation? 2. Do you find the trainer knowledgeable in this subject? 3. How do you find the training environment
Write Your Own Review
- Recommended Courses