CISSP Preparation Resources

When it comes to getting your CISSP certification, I have one important word for you: STUDY.  Study in the car (preferably not while driving), study at work (taking care to not get fired), study at home, study everywhere you get a free moment.  Study before training, study after training.  You really cannot study too much…

Common Controls and Inheritance

By Kathryn M. Farrish, CISSP Common Controls are security controls whose implementation results in a security capability that is inheritable  by multiple information systems (IS). For example, the information systems hosted in a data center will typically inherit numerous security controls from the hosting provider, such as: Physical and environmental security controls Network boundary defense security controls Other inheritance scenarios include agency or departmental-level policies…

System Categorization-Take the Time to Get it Right

By Lon J. Berman, CISSP The story is told of an intern who is asked by his boss to pick up some items from the supply room in the basement. The young man is not sure how to get down there, but, seeing an open door, assumes it is the stairway and steps through. Unfortunately the door turns out to be an…

Free Ways to Earn CEUs!

You’ve earned your CISSP or your Security+ certification…now you need to maintain it. No one wants to have to take those beastly exams again! But how do you do that without spending a lot of money? Sure you could take other classes (and will need to to remain relevant, of course), but sometimes there isn’t…

Spotlight: Information Security Continuous Monitoring

By Lon Berman, CISSP No longer just a technical issue, instead a strategic program to manage cybersecurity risk. Targeted cyber attacks are a strategic organizational problem. Cyber attackers are more sophisticated than ever before, and it has become vitally important to understand how to manage risk and implement a continuous monitoring program.  More than just…

Spotlight: Transitioning to the Risk Management Framework (RMF)

With the publication of revised DoD Instruction 8510.01, adoption of the Risk Management Framework (RMF) by DoD has begun.  DoD programs are busy planning and implementing strategies for transitioning from DIACAP to “RMF for DoD IT”. What Efforts are Taking Place in Support of the RMF Transition? Tier 1: DoD Enterprise RMF Knowledge Service –…

Cloud Security and FedRAMP. Are you Ready for it?

A deadline for federal agencies to adhere to the government’s baseline cloud security standards and changes to the standards themselves are coming up very soon. The deadline for agencies to have their existing cloud computing solutions assessed against the Federal Risk and Authorization Management Program, or FedRAMP is June 5, 2014 Read more about this…

Continuous Monitoring—It’s Not (Just) About The Tools

by Annette Leonard BAI Consulting Continuous Monitoring has long been recognized as a critical element in maintaining a strong security posture for any IT system.  In spite of this, the risk management processes used in most federal agencies have traditionally been centered around mountains of paperwork, along with “point-in-time” assessments and approvals.  With the ascension…