resources.infosecinstitute.com Open in urlscan Pro
162.159.135.42  Public Scan

Form analysis
2 forms found in the DOM

https://resources.infosecinstitute.com

<form class="position-relative" action="https://resources.infosecinstitute.com">
  <input type="text" placeholder="Search" name="s">
  <button type="submit" class="fas fa-search"></button>
  <div class="fas fa-times close-search" id="close-search"></div>
</form>

POST https://resources.infosecinstitute.com/wp-comments-post.php

<form action="https://resources.infosecinstitute.com/wp-comments-post.php" method="post" id="commentform" class="comment-form">
  <p class="comment-notes"><span id="email-notes">Your email address will not be published.</span> <span class="required-field-message" aria-hidden="true">Required fields are marked <span class="required" aria-hidden="true">*</span></span></p>
  <p class="comment-form-comment"><label for="comment">Comment <span class="required" aria-hidden="true">*</span></label> <textarea id="comment" name="comment" cols="45" rows="8" maxlength="65525" required="required"></textarea></p>
  <p class="comment-form-author"><label for="author">Name <span class="required" aria-hidden="true">*</span></label> <input id="author" name="author" type="text" value="" size="30" maxlength="245" required="required"></p>
  <p class="comment-form-email"><label for="email">Email <span class="required" aria-hidden="true">*</span></label> <input id="email" name="email" type="text" value="" size="30" maxlength="100" aria-describedby="email-notes" required="required"></p>
  <p class="comment-form-url"><label for="url">Website</label> <input id="url" name="url" type="text" value="" size="30" maxlength="200"></p>
  <p class="form-submit"><input name="submit" type="submit" id="submit" class="submit" value="Post Comment"> <input type="hidden" name="comment_post_ID" value="49795" id="comment_post_ID">
    <input type="hidden" name="comment_parent" id="comment_parent" value="0">
  </p>
</form>

Text Content

 * Boot camps & training
 * Awareness & anti-phishing
 * Community

 * 
 * 
 * * Topics
     
   * Certification Prep
     
   * Cyber Work
     
   * About us
     
   * 
 * * Back
   * Industry insights
   * Phishing
   * Hacking
   * Capture the flag (CTF)
   * Professional development
   * Security awareness
   * Penetration testing
   * Cyber ranges
   * General security
   * Management & compliance
   * Malware analysis
   * MITRE ATT&CK™
   * News
   * Application security
   * Digital forensics
   * View all
 * * Back
   * 
 * * Back
   * (ISC)² CISSP
   * CompTIA A+
   * EC-Council CEH
   * ISACA CDPSE
   * (ISC)² CCSP
   * CompTIA Network+
   * ISACA CISA
   * Microsoft Azure
   * (ISC)² CSSLP
   * CompTIA Security+
   * ISACA CISM
   * PMP
   * Cisco CCNA
   * CompTIA CySA+
   * ISACA CRISC
   * Other
   * CMMC
   * CompTIA CASP+
   * ISACA CGEIT
   * View all
 * * Back
   * Cyber Work Podcast
   * Cyber Work Applied
   * Cyber Work Live
 * * Back
   * Contact us
   * Contributors



 1. Topics
 2. Professional development
 3. CASP+ vs. CISSP: Which certification should you get in 2022?

Professional development


CASP+ VS. CISSP: WHICH CERTIFICATION SHOULD YOU GET IN 2022?


March 15, 2022 by Fakhar Imam
Share:
AddThis Sharing Buttons
Share to FacebookFacebookShare to TwitterTwitterShare to RedditRedditShare to
LinkedInLinkedIn

The CompTIA Advanced Security Practitioner (CASP+) and (ISC)² Certified
Information Systems Security Professional (CISSP) are both advanced-level
certifications that validate your skills in maintaining the security of
information systems and networks. While similar, they have different goals that
tend to align with different career paths.

Which certification is best for you? We break it down below.




CISSP VS. CASP+

The CISSP certification exam uses a Computerized Adaptive Testing (CAT) format
to evaluate a professional’s understanding of cybersecurity strategy and
hands-on implementation experience. It evaluates the technical skills to design,
execute and manage the overall security posture of an organization. It’s most
applicable for experienced security practitioners, cybersecurity managers and
executives.

The CASP+ certification uses multiple-choice and performance-based questions to
evaluate a professional’s ability to implement solutions to make an organization
more resilient while complying with cybersecurity policies and frameworks. It’s
most applicable to advanced cybersecurity practitioners, architects and
engineers, but not necessarily managers.

You can better understand how (ISC)² and CompTIA view these certifications by
looking at the common job roles associated with each certification.

CISSP common job roles CASP+ common job roles
 * Chief information security officer
 * Chief information officer
 * Director of security
 * IT director/manager
 * Security systems engineer
 * Security analyst
 * Security manager
 * Security auditor
 * Security architect
 * Security consultant
 * Network architect


 * Security architect
 * Senior security engineer
 * SOC manager
 * Security analyst

Both are also DoD 8570 approved certifications for different job roles:

CISSP DoD 8570 roles CASP+ DoD 8570 roles
 * Information Assurance Technical (IAT) Level III
 * Information Assurance Management (IAM) Level II and III
 * Information Assurance System Architect and Engineer (IASAE) I and II

 * Information Assurance Technical (IAT) Level III
 * Information Assurance Management (IAM) Level II
 * Information Assurance System Architect and Engineer (IASAE) I and II

As you can see, the CISSP applies to a broader range of cybersecurity roles,
including a number of more leadership-focused roles, whereas the CASP+ is more
technical-focused.


CISSP VS. CASP+ EXAM DOMAINS

Each of the exams is broken into a number of key areas, or domains. The CISSP
exam covers eight domains, and the CASP+ exam covers four.

CISSP exam domains CASP+ exam domains
 * 1.0 Security and risk management (15%)
 * 2.0 Asset security (10%)
 * 3.0 Security architecture and engineering (13%)
 * 4.0 Communication and network security (13%)
 * 5.0 Identity and access management (13%)
 * 6.0 Security assessment and testing (12%)
 * 7.0 Security operations (13%)
 * 8.0 Software development security (11%)

 * 1.0 Security architecture (29%)
 * 2.0 Security operations (30%)
 * 3.0 Security engineering and cryptography (26%)
 * 4.0 Governance, risk and compliance (15%)

However, you can get a better sense of the certification goals by looking at the
objectives within each domain. (See the full CASP+ exam outline and CISSP exam
outline for even more detail.) Let’s take a look at the shared domain of
security operations to see how they compare.

CISSP domain 7.0: Security operations CASP+ domain 2.0: Security operations
 * 7.1 Understand and comply with investigations
 * 7.2 Conduct logging and monitoring activities
 * 7.3 Perform Configuration Management (CM) (e.g., provisioning, baselining,
   automation)
 * 7.4 Apply foundational security operations concepts
 * 7.5 Apply resource protection
 * 7.6 Conduct incident management
 * 7.7 Operate and maintain detective and preventative measures
 * 7.8 Implement and support patch and vulnerability management
 * 7.9 Understand and participate in change management processes
 * 7.10 Implement recovery strategies
 * 7.11 Implement Disaster Recovery (DR) processes
 * 7.12 Test Disaster Recovery Plans (DRP)
 * 7.13 Participate in Business Continuity (BC) planning and exercises
 * 7.14 Implement and manage physical security
 * 7.15 Address personnel safety and security concerns

 * 2.1 Given a scenario, perform threat management activities
 * 2.2 Given a scenario, analyze indicators of compromise and formulate an
   appropriate response
 * 2.3 Given a scenario, perform vulnerability management activities
 * 2.4 Given a scenario, use the appropriate vulnerability assessment and
   penetration testing methods and tools
 * 2.5 Given a scenario, analyze vulnerabilities and recommend risk mitigations
 * 2.6 Given a scenario, use processes to reduce risk
 * 2.7 Given an incident, implement the appropriate response
 * 2.8 Explain the importance of forensic concepts
 * 2.9 Given a scenario, use forensic analysis tools

The CISSP exam objectives are broader and include more manager-level tasks. The
CASP+ exam objectives are more focused on performing and implementing various
technical controls and tools.

Patrick Lane, director of products at CompTIA, explained the difference in a
recent Infosec Edge webcast on CASP+, the CISSP is less hands-on and includes
more governance than the CASP+. “A CISO might have the skills in the CISSP,”
Lane said, “while the architect who is working with the CISO would have CASP+.
They would be the ones who work with the CISO, determine what the architecture
needs to be and then actually lead the teams to then implement that.”


CISSP VS. CASP EXAM FORMAT

The exams have a slightly different format:

 * CASP+ exam: Maximum of 90 questions; the test length is 165 minutes. CASP+ is
   available in English and Japanese. Requires 75 Continuing Education Units
   (CEUs) in three years to renew certification
 * CISSP exam: 100-150 multiple choice and advanced innovative item questions;
   the test length is three hours. CISSP CBT is available only in English.
   However, the exam is also available in French, German, Brazilian Portuguese,
   Spanish, Japanese, Simplified Chinese and Korean in the linear fixed form
   format that will consist of 250 items with a time limit of six hours.
   Requires 120 CPE credits in three years to renew certification


CISSP VS. CASP+ EXPERIENCE REQUIREMENTS

One of the key differences between the CISSP and CASP+ certifications is the
experience requirements.

CISSP requires candidates to have a minimum of five years of cumulative, paid,
full-time work experience in two or more of the eight CISSP CBK domains — or
four years of experience if you meet the CISSP experience waiver requirements.
If you don’t possess the required experience for CISSP, you can become an
Associate of (ISC)² by successfully passing the exam. At that point, you’ll have
up to six years to earn the required experience.

CompTIA CASP+ does not have an experience requirement, but CompTIA does
recommend candidates have a minimum of 10 years of general hands-on IT
experience, with at least five years of broad hands-on security experience in
order to be successful.


BENEFITS OF CISSP

CISSP is one the most valued information security certifications globally and
can help professionals compete for information security jobs both in the United
States and abroad; as the majority of employers value this certification and are
aware of its rigorous requirements, certified practitioners might gain a
competitive edge and stand out over other candidates. Also, according to (ISC)²,
the average salary of CISSP-certified professionals is $131,030 and (ISC)²
members report earning 35% more than non-members. (ISC)² also reports that CISSP
is the most required security certification on LinkedIn.

CISSP-certified professionals are security practitioners, security managers or
executives with at least five years of information security experience. From
CISOs to network architects, CISSPs are leaders who are always ready for
information security challenges. 


BENEFITS OF CASP+

CASP+ focuses on the cybersecurity technical and practical aspects of hands-on
enterprise security, incident response and architecture to help organizations
find solutions to complex security problems; thus, it can help you prove that
you not only know what the job entails but how to do it. CASP+ covers security
architecture and engineering and qualifies professionals to assess cyber
readiness within an enterprise and implement the proper solutions needed to make
it resilient.



As information security threats rise globally, organizations look for senior IT
security staff to help them protect the integrity of their IT infrastructure.
CASP+ is a great way for advanced IT practitioners to show that they have the
needed knowledge and skills to qualify them for many vacancies and well-paid
positions.

They might appear similar, but different certifications measure different skill
sets. Also, although they may lead to comparable jobs and might overlap in the
organizational roles, the CASP+ certification is more ‘hands-on’ and highlights
the technical skills of the certified professional. The CISSP certification is
more managerial than technical, with skills that might not be specific to a
particular job but give access to a wider variety of advanced positions.
Nevertheless, either certification can provide a great range of opportunities in
cyber and information security. 

Posted: March 15, 2022
Share:
AddThis Sharing Buttons
Share to FacebookFacebookShare to TwitterTwitterShare to RedditRedditShare to
LinkedInLinkedIn

Uh-oh!

We've encountered a new and totally unexpected error.

Get boot camp pricing





Thank you!

An Infosec representative will be in touch soon.


Author

FAKHAR IMAM

View Profile

Fakhar Imam is a professional writer with a master’s program in Masters of
Sciences in Information Technology (MIT). To date, he has produced articles on a
variety of topics including on Computer Forensics, CISSP, and on various other
IT related tasks.

In this Series
 * CASP+ vs. CISSP: Which certification should you get in 2022?
 * Data privacy careers: 6 key insights about this life-changing path
 * Python scripting: A tool you need to learn and use for cybersecurity
 * Looking to the future: A CISOs biggest challenges
 * 5 best entry-level information security certifications for 2022
 * Vendor-specific versus vendor-neutral: Best cybersecurity certifications
 * How to specialize in cybersecurity: Find your path and your passion
 * Salary transparency in cybersecurity: You get paid *how* much?
 * 7 top security certifications you should have in 2022
 * Passion and perseverance equal success for this inspiring scholarship winner
 * ISO 27001 auditing: 6 things to know about auditing training and careers
 * This combat medic turned cyber pro says “diversity is required”
 * Paraben CEO shares the importance of creative thinking in digital forensics
 * Should you take the CCSP/SSCP before the CISSP? [updated 2022]
 * CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
   [updated 2022]
 * Splunk: An easy tool for cybersecurity professionals to monitor threats
 * Using Laravel: Don’t overlook security says Infosec Skills author Aaron Saray
 * CCSP vs. Cloud+ [updated 2021]
 * 133 cyber security training courses you can take now — for free
 * This scholarship winner reveals the secrets to cybersecurity success
 * This scholarship winner prides herself on interdisciplinary experience
 * Infosec Inspire 2021 Inductee Jayce Hill provides security for Fortune 500
   companies
 * Fast-growing field of DevSecOps is opportunity for IT pros
 * Infosec Inspire 2021 Inductee Josh Hamit: A security career full of hustle
   and humility
 * Infosec Inspire 2021 Hall of Fame Inductee: Lili-Ann Mitchell
 * Infosec Inspire 2021 Inductee Sal Salisbury: A career and life of resilience
   and perseverance
 * Security a top priority for Java developers, says Infosec Skills author Larry
   Ricker
 * HTML5 security skills last a lifetime for developers and cybersecurity pros
 * Top 4 cloud security certifications [updated 2021]
 * Learn the 3 pillars of cyber security risk management and leadership
 * Application security: Is AppSec the right career for you?
 * Cybersecurity professionals share career advice in celebration of
   Cybersecurity Career Awareness Week
 * JavaScript and web development are key skills for security pros, says
   Vladimir de Turckheim
 * Threat intelligence researcher: Is it the career for you?
 * SSCP versus CCSP: Cloud security or systems security? [updated 2021]
 * How to learn Linux: Bring your passion, Jasmine Jackson will do the rest
 * Cloud security engineer: Is it the career for you?
 * How to start learning cybersecurity? Take this free foundations course!
 * Data governance: Is it the career for you?
 * Red teaming: Is it the career for you?
 * Incident responder careers: What’s it like to work in incident response?
 * 7 steps to building a successful career in information security
 * How to become a Chief Information Security Officer (CISO)
 * What does a business information security officer do?
 * 10 things you should know about a career in information security
 * Security researcher and industry analyst: Is it the career for you?
 * Everyone should know secure coding principles, says Chrys Thorsen
 * Top 10 skills security professionals need to have
 * Security architect: Is it the career for you?
 * A privacy certification may boost your security career, says Ralph O’Brien
 * 7 screening questions for evaluating candidate fit for cybersecurity roles

Related Bootcamps
Incident Response


JOIN THE QUEST FOR NEW SKILLS!

 * Get hands-on experience
 * Win over $1,000 in prizes
 * New challenges every month

Join Monthly Challenge


LEAVE A REPLY CANCEL REPLY

Your email address will not be published. Required fields are marked *

Comment *

Name *

Email *

Website



RELATED ARTICLES

Professional development

DATA PRIVACY CAREERS: 6 KEY INSIGHTS ABOUT THIS LIFE-CHANGING PATH

March 11, 2022
Ellen Pincus
Professional development

PYTHON SCRIPTING: A TOOL YOU NEED TO LEARN AND USE FOR CYBERSECURITY

March 8, 2022
Patrick McSweeney
Professional development

LOOKING TO THE FUTURE: A CISOS BIGGEST CHALLENGES

February 24, 2022
Ronan Mahony
Professional development

5 BEST ENTRY-LEVEL INFORMATION SECURITY CERTIFICATIONS FOR 2022

February 21, 2022
Greg Belding

 * 
 * 
 * 
 * 
 * 

Topics

Hacking Penetration testing Cyber ranges Capture the flag Malware analysis
Professional development General security News Security awareness Phishing
Management, compliance & auditing Digital forensics Threat intelligence DoD 8570
View all topics

Certifications

CISSP CCSP CGEIT CEH CCNA CISA CISM CRISC A+ Network+ Security+ CASP+ PMP CySA+
CMMC Microsoft Azure View all certifications

Careers

IT auditor Cybersecurity architect Cybercrime investigator Penetration tester
Cybersecurity consultant Cybersecurity analyst Cybersecurity engineer
Cybersecurity engineer Incident responder Information security auditor
Information security manager View all careers

Company

Contact us About Infosec Work at Infosec Newsroom Partner program

Newsletter

Get the latest news, updates and offers straight to your inbox.

 * ©2022 Infosec Institute, Inc.
    * 
    * Trademarks
    * Privacy Policy

Infosec, part of Cengage Group