Security Control Implementation Workshop
(Two Days)
Security Controls Implementation Workshop is an in-depth dive into Step 3 of the Risk Management Framework process Implement Security Controls. The course will take the student through the entire process concentrating on key areas of the process (see below). Upon completion of the course the student can confidently return to their respective organizations and ensure the highest level of success for the most difficult part of the RMF process.
Key Areas
- In-depth project planning for security controls implementation.
- The concept of traceability.
- The concept of “holistic security”
- How to properly implement security controls.
- In-depth review of the most critical security controls and how to implement them.
- Students selected security controls review and their implementation.
- Documenting test results the right way.
- The role of STIGs in the process.
- And many more.
Security Control Assessment Workshop
(Two Days)
Security Controls Assessment Workshop provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today’s IT systems. This course shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities – which most are – then this course will provide a useful guide for how to evaluate the effectiveness of the security controls that are in place.
The Security Control Assessment is a process for assessing and improving information security. It is a systematic procedure for evaluating, describing, testing and examining information system security prior to or after a system is in operation. The security control assessment process is used extensively in the U.S. Federal Government under the RMF Authorization & Assessment process. Security assessments are conducted to support security authorization events for agencies and organizations. These assessments provide data in a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise.
This security control assessment process identifies vulnerabilities and countermeasures and determines residual risks; then the residual risks are evaluated and deemed either acceptable or unacceptable. More controls must be implemented to reduce unacceptable risk and then re-evaluated. The system may be deployed only when the residual risks are acceptable to the enterprise.
The goal of the assessment activity is to assess the security controls using appropriate assessment procedures to determine the extent to which the controls are: implemented correctly, operating as intended, and producing the desired outcome with respect to meeting the security requirements for the system.
Course Outline
- Review of the SCA role in RMF
- Security Control Assessment Criteria and Requirements
- Assessing Controls – The Process
- Managerial Control Reviews
- Technical Control Reviews
- Operational Control Reviews
- Security Control Assessment Reporting
Security Control Implementation and Assessment Workshop
(Four Days)
The Security Controls Implementation and Assessment Workshop is a 4-day class consisting of the Security Controls Implementation Workshop and the Security Controls Assessment Workshop giving students the information they need to complete steps 3 & 4 of the Risk Management Framework. Both courses were developed in tandem to complement each other providing students an advanced understanding of security controls implementation and assessment in a four-day bundle.
Who should attend?
This training is intended to serve DoD personnel and supporting contractors who have a responsibility to implement and/or assess security posture by evaluating RMF security Controls. There is no pre-requisite but RMF training is highly suggested to accompany the Security Control Implementation and Assessment Workshop.
Duration
4 day
This four-day training program is broken up into two separate workshops that together teach a well-developed approach to the implementation, evaluation and testing of security controls to ensure they are appropriately implemented and prove they are functioning correctly in today’s IT systems.
Course Overview & Outlines
Please Click here for a detailed course overview and outline for the Security Control Implementation and Assessment Workshop.
Delivery Methods
BAI training programs are offered on a regularly-scheduled basis in
Colorado Springs | Huntsville | National Capital Region | Pensacola | San Diego
Training is also available online (instructor-led) via our Online Personal Classroom™ technology.
Please click here for a schedule of upcoming classes.
Private Group Classes
If you have a group of students (normally 8 or more), any of our training programs can be delivered at your site (in a suitable classroom facility), or in our Online Personal Classroom. Group classes offer significant savings over individual class registrations; the larger the class, the greater the savings.
Please click here to request a quote.
Payment Options
Payment options for regularly-scheduled training are as follows:
Credit card – Visa, MasterCard and American Express
SF182 – government entities may submit an SF182 for invoicing after completion of training
PO – purchase orders are accepted from government and major corporate entities
How to Register
Registration for regularly-scheduled classes can be completed in two ways:
RMF education doesn’t stop when your class ends!
TrainPlus™ is a monthly, invitation-only teleconference with one of our BAI RMF subject matter experts. If you have questions lingering from your training, or you’ve encountered a problem implementing RMF in the “real world”, we are here to help you. Regardless of whether you attend RMF training in one of our BAI classroom locations, our Online Personal Classroom, or on-site at your agency/company location, there is never any additional charge for this “post training support”.