IT Blog

  • Security Control RMF Training

    Security Control Spotlight—Training

    By Kathryn M. Daily, CISSP  BAI Information Security In this issue we will shine the spotlight on the Awareness and Training (AT) family of security controls. We’ll show you how the controls dictate the types and frequencies of training that organizations must provide. You’ll also learn about the extent to which existing DoD publications provide […]

  • RMF in the Cloud Training

    RMF and the Cloud

    By P. Devon Schall, BAI Information Security Probably the most talked-about concept in information technology today is cloud computing, often simply called “The Cloud.” According to the National Institute of Standards and Technology (NIST), cloud computing is “a model for enabling ubiquitous, on-demand network access to a shared pool of configurable computing resources (e.g., networks, […]

  • RMF Documentation Course

    Top Ten—Documentation Recommendations

    By Lon J. Berman, CISSP  BAI Information Security Supporting documentation (aka. artifacts) is key to providing evidence of compliance with security controls. Previously in this Newsletter we have spent some time describing the three fundamental classes of RMF documentation, to wit: Policy. Policy documents describe what the organization does to provide for confidentiality, integrity and […]

  • In the World I see

    In the World I See…

    My time in the IT world is closer to three decades than two.  And anyone else who has been around half as long can testify to the amount of change that has occurred.  It’s more than impressive; it’s a shock.  Across the years I have more than once likened keeping up with technology to treading […]

  • CCNA Training

    Time to Ante Up More Time for Your CCNA

    Note: This post is about the Routing and Switching CCNA exam, not the other specializations. The first time I ever took the CCNA exam was somewhere during the year 2000. That’s bordering on seventeen years ago. Not sure when I got so old… I often tell my students that the CCNA exam back in those […]

  • Certification Suckers by Colin Weaver, CISSP

    Certification Suckers

    In my moderately cynical view, vendor certification exists for one reason: To enable vendors to sell more stuff. Cisco, Microsoft, Amazon and VMWare (and all vendors, really) need people to be certified in the use of their products because it enables their salespeople to be able to come into a prospective customer’s office and say, […]

  • Microsoft Training Sale

    Live Remote Online Microsoft Training Sale!

    We have just negotiated a deal to give our clients a great price break on Live Remote Online authorized Microsoft training through one of our partners.  When you see live remote online, don’t think that you are going to just press play and watch a YouTube video.  That’s not the case at all.  In our […]

  • Metasploit Pentesting Training in Virginia Beach!

    This coming January, IT Dojo will be bringing in a highly regarded instructor to deliver his 4 day Metasploit Pentesting course in our facility in Virginia Beach.  This course is limited to 8 individuals.  If you are interested in getting hand-on experience in a small class session, please contact us today for more information. A […]

  • Top RMF Pitfalls

    Top Ten RMF Pitfalls Revisited

    By Lon Berman, CISSP of BAI Information Security Like any complex process, RMF is not without its share of potential pitfalls.  Now that we have the benefit of some more RMF projects under our belt, we thought it was time for a “revisited edition” of the RMF Top Ten Pitfalls. 10. Assuming system boundaries have […]

  • Risk Management Framework Training

    Understanding the Authorization Decision

    By Lon Berman, CISSP of BAI Information Security If you ask most system owners about the desired outcome of their RMF efforts, they will readily tell you “we are expecting the Authorizing Official (AO) to sign an Authorization to Operate (ATO) for our system.” But how much do they really know about what goes into […]

  • Contingency Planning Security Controls

    Security Control Spotlight—Contingency Planning

    By Kathryn M. Daily, CISSP of BAI Information Security In this issue we will shine the spotlight on the Contingency Planning (CP) family of security controls. First, we’ll show you how the controls dictate the subject areas that need to be addressed in the organization/system’s disaster recovery and business continuity plans. Second, you’ll learn how […]