Who should attend?

The Continuous Monitoring training program is suitable for government employees and contractors in DoD, federal “civil” agencies and the intelligence community, particularly those responsible for managing and monitoring security posture on an ongoing basis.

Information Security Continuous Monitoring (ISCM) – One-Day Course

  • Organization-wide view of ISCM
  • Ongoing System Authorizations
  • Role of Automation
  • ISCM Roles and Responsibilities
  • ISCM Process – NIST SP 800-137
    • Step 1 – Define Strategy
    • Step 2 – Establish ISCM program
    • Step 3 – Implement
    • Step 4 – Analyze and Report
    • Step 5 – Respond to Findings
    • Step 6 – Review and Update
  • Supporting Technologies
    • Security Automation Domains
    • Security Information and Event Management (SIEM)
    • Security Content Automation Protocol (SCAP)
    • Reference Data Sources
      • National Vulnerability Database
      • Security Configuration Checklists
  • ISCM Reference Model
  • Exercises and Case Studies