Course Description: This 1/2 day course concentrates on conducting Risk Assessments, as defined by NIST SP 800-30 and performing Continuous Monitoring, as defined by NIST SP 800-53A. The Nine Steps / Phases of the Risk Assessment process involve the review of Security Program Documentation, Testing of Security Controls, Analyzing the results, and producing recommendations based on Industry and Government Best Practices. During this course, the instructor will provide Strategies, Techniques and Methodologies that will benefit the ISSO, System Owner, Program Manager and Stakeholders responsible for performing Risk Assessments and Continuous Monitoring on Major Applications or General Support Systems.
Each attendee will receive an 11x17 chart of the following three (3) Security & Privacy charts as handout material to facilitate discussions:
- Enterprise Security Program Assessment & Validation (SPA&V) Methodology,
- Security Assessment Report (SAR) Methodology,
- C&A Life-Cycle Methodology.
What You Will Learn:
- What transpires during each of the 9 Phases as defined by the National Institute of Standards and Technology (NIST) Special Publication 800-30
- Effective techniques in producing accurate and complete assessment results
- Working and Reporting Templates to streamline the analysis
- Effectively monitoring Management, Operational and Technical Security Controls
Audience: ISSO, System Owner, Program Managers, Security Professionals
Timeline: 4 Hours
Registration Questions and Training Locations:
For questions about registration, scheduling classes, or conducting training at your location, please contact Suzanne Biggs at 202-596-8245 or by e-mail: suzanne@jdbiggs.com.