A certified authorization professional (CAP) is a vendor-neutral certification that tests, validates and certifies an individual’s ability to understand, implement and maintain secure authorization for information systems.
This certifications is meant for experienced ICT professionals in security and information assurance whose jobs involve Governance, Risk and Compliance (GRC). The certification is developed, maintained and monitored by the International Information Systems Security Certification Consortium ((ISC)2).
CAP certifies and validates an individual's ability to understand, apply and/or implement a risk management program for IT systems within an organization.
The key points of CAP assessment include:
- Risk management frameworks
- Types of information systems
- Selecting security controls
- Security control implementation
- Assessing the effectiveness of security controls
- Information system authorization
- Monitoring security controls
To qualify for certification, candidates need to have a minimum of two years of cumulative, paid work experience in one or more of the seven areas above.