The most common question we get in regards to our RMF for DoD IT training course is this: How comprehensive is your RMF for DOD IT course? The reason I ask is that the Navy is still trying to wrap their head around RMF and how to integrate it both from an acquisitions and operational…
By Lon J. Berman, CISSP According to NIST Special Publication (SP) 800-53, an overlay is a “fully specified set of security controls, control enhancements and supplemental guidance derived from the application of tailoring guidance to security control baselines”. The intent is to streamline the process of developing a security control set for specific communities of interest. The Committee on National Security Systems (CNSS) website, www.cnss.gov,…
By Lon J. Berman, CISSP The story is told of an intern who is asked by his boss to pick up some items from the supply room in the basement. The young man is not sure how to get down there, but, seeing an open door, assumes it is the stairway and steps through. Unfortunately the door turns out to be an…
TrainPlus! POST TRAINING SUPPORT RMF education doesn’t just stop when the training class is over. That’s why we offer TrainPlus!, a RMF Q&A follow-up session. Designed specifically for students who’ve previously attended an IT Dojo RMF training class, TrainPlus! is delivered via a monthly, 60-minute, conference call at no charge. Whether the training experience has been online, onsite or…
You’ve earned your CISSP or your Security+ certification…now you need to maintain it. No one wants to have to take those beastly exams again! But how do you do that without spending a lot of money? Sure you could take other classes (and will need to to remain relevant, of course), but sometimes there isn’t…
We have just added a course date for the Information Security Continuous Monitoring training that is coming up this fall (September 22 – 24, 2015). Information Security Continuous Monitoring (three days) covers roles and responsibilities, establishment and implementation of the ISCM strategy, analysis and reporting of findings, and program review in accordance with NIST Special Publication…
IT Dojo has ITIL Courses Available in Hampton Roads and Beyond! The IT Infrastructure Library® (ITIL®) is a set of best practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ITIL is published as a series of five core publications, each covering an ITSM lifecycle stage. ITIL…
As many of you are already aware, NIST offers free online Risk Management Framework training as a resource on their website. While this is a great resource containing excellent information and should be included in your learning plan, it is not enough when it comes to preparing yourself and your staff for the transition from DIACAP…
By Kathryn M. Farrish, CISSP One of the more recent information security innovations is the Control Correlation Identifier, or CCI. Each CCI provides a standard identifier and description for “singular, actionable statements” that comprise a security control or security best practice. The purpose of CCIs is to allow a high level statement made in a…
By Lon J. Berman, CISSP The Beatles were comprised of how many musicians? Easy, right? They were called the “Fab Four”, so there were definitely 4. Now Google “the fifth Beatle” and see what you get. Ditto for “sixth sense”. When I eat at a Thai restaurant and the waitress asks how hot I want…