Probably the most significant first thing you should do is to learn this content with the intention of being able to teach it to someone else (regardless if you need to teach it or not). By studying with the intent of having to teach it to another, you will learn it more effectively, in less time, and be less likely to skim over content. This will assist you in your studies to really understand the content.
You should practice virtually everything that you study, both at the CLI and the GUI. If the topic is port security, you should practice implementing port security. If the topic is Cisco Configuration Professional (CCP), you should practice using and navigating CCP as you study. The same is true for ASDM, ACS, and the other topics covered. Much of the router IOS security can be practiced using live gear or GNS3, and this includes using CCP after you have logically integrated your PC or a virtual PC with the GNS3 environment. There are dozens of videos that explain how to do this integration, including some instructional videos on my YouTube channel Keith6783. A direct link to that channel is here.
For practice with TACACS+ and RADIUS using the Access Control Server software, ACS, Cisco offers an evaluation license that may be used for practice. Even with the evaluation license, you will need some type of virtualized environment, such as VMware’s ESXi (which is free) to run the ACS on.
Regarding the ASA firewall, emulation hasn’t been too successful (in the general public) for the most current version of the ASA (version 8.4x), and as a result it is likely that you will want to either rent rack time, or purchase a low-end ASA (5505 with base license) that runs at least 8.4 version of the software. For layer 2 switch security, live hardware, rented hardware or an emulator program would be needed for practice.