- Security Controls Implementation & Assessment Workshop + ISCM
August 21, 2023 - August 25, 2023
The Security Controls Implementation & Assessment Workshop Full Program is a 4 day class consisting of the Security Controls Implementation Workshop and the Security Controls Assessment Workshop giving students the information they need to compete steps 3 & 4 of the Risk Management Framework.
Security Controls Implementation Workshop is an in-depth dive into Step 3 of the Risk Management Framework process Implement Security Controls. The course will take the student through the entire process concentrating on key areas of the process (see below). Upon completion of the course the student can confidently return to their respective organizations and ensure the highest level of success for the most difficult part of the RMF process.
- In-depth project planning for security controls implementation.
- The concept of traceability.
- The concept of “holistic security”
- How to properly implement security controls.
- In-depth review of the most critical security controls and how to implement them.
- Students selected security controls review and their implementation.
- Documenting test results the right way.
- The role of STIGs in the process.
- And many more.
Security Controls Assessor Workshop provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today’s IT systems. This course shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities – which most are – then this course will provide a useful guide for how to evaluate the effectiveness of the security controls that are in place.
The Security Control Assessment (SCA) is a process for assessing and improving information security. It is a systematic procedure for evaluating, describing, testing and examining information system security prior to or after a system is in operation. The SCA process is used extensively in the U.S. Federal Government under the RMF Authorization process. Security assessments are conducted to support security authorization events for agencies and organizations. These assessments provide data in a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise.
This security control assessment process identifies vulnerabilities and countermeasures and determines residual risks; then the residual risks are evaluated and deemed either acceptable or unacceptable. More controls must be implemented to reduce unacceptable risk and then re-evaluated. The system may be deployed only when the residual risks are acceptable to the enterprise.
The goal of the SCA activity is to assess the security controls using appropriate assessment procedures to determine the extent to which the controls are: implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
- Review of the SCA role in RMF
- SCA Criteria and Requirements
- Assessing Controls – The Process
- Managerial Control Reviews
- Technical Control Reviews
- Operational Control Reviews
- SCA Reporting
ISCM Training Overview (Day 5)
This one-day core curriculum add-on training program focuses on Information Security Continuous Monitoring
(ISCM), which is one of the cornerstones of RMF. Topics include:
• ISCM Roles and responsibilities
• ISCM Process – NIST SP 800-137
– Step 1 – Define Strategy
– Step 2 – Establish ISCM program
– Step 3 – Implement
– Step 4 – Analyze and Report
– Step 5 – Respond to Findings
– Step 6 – Review and Update
• ISCM Technologies
• ISCM Challenges & Pitfalls
Practical guidance on ISCM automation and support tools is provided. Student exercises, collaboration and case
studies are used to reinforce the concepts taught in the class.
The course content of Information Security Continuous Monitoring (ISCM) is geared to meet the needs of a
diverse audience covering the spectrum of management, operational and technical roles.
Students will gain thorough knowledge of the theory and policy background underlying continuous monitoring as
well as the practical knowledge needed for effective implementation.
A prerequisite to this course is a strong understanding of RMF, and it is highly recommended students complete
the 4-day RMF training program prior to registration.
Who should attend?
The Security Controls Workshop with Continuous Monitoring training program is suitable for government employees and contractors in DoD,
federal “civil” agencies and the intelligence community, particularly those responsible for managing and
monitoring security posture on an ongoing basis.
Discount pricing is available when this class is combined with RMF for DoD IT. Please contact us for details.
We have an assortment of supplemental classes that can be bundled with the RMF for DoD IT to enhance your RMF training experience. By bundling you can receive a considerable discount on the supplemental classes.
Venue: Online Personal Classroom™
Our Online Personal Classroom Training™ is conducted via AdobeConnect®. You can test your computer for compatibility with Adobe Connect here.