This half-day course concentrates on conducting Risk Assessments, as defined by NIST SP 800-30 and performing Continuous Monitoring, as defined by NIST SP 800-53A. The Nine Steps / Phases of the Risk Assessment process involve the review of Security Program Documentation, Testing of Security Controls, Analyzing the results, and producing recommendations based on Industry and Government Best Practices. During this course, the instructor will provide Strategies, Techniques and Methodologies that will benefit the ISSO, System Owner, Program Manager and Stakeholders responsible for performing Risk Assessments and Continuous Monitoring on Major Applications or General Support Systems.
Each attendee will receive an 11×17 copy of the following three (3) Security & Privacy charts as handout material to facilitate discussions:
- Enterprise Security Program Assessment & Validation (SPA&V) Methodology
- Security Assessment Report (SAR) Methodology
- A&A Life-Cycle Methodology