We have just added a course date for the Information Security Continuous Monitoring training that is coming up this fall (September 22 – 24, 2015). Information Security Continuous Monitoring (three days) covers roles and responsibilities, establishment and implementation of the ISCM strategy, analysis and reporting of findings, and program review in accordance with NIST Special Publication…
IT Dojo has ITIL Courses Available in Hampton Roads and Beyond! The IT Infrastructure Library® (ITIL®) is a set of best practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. ITIL is published as a series of five core publications, each covering an ITSM lifecycle stage. ITIL…
As many of you are already aware, NIST offers free online Risk Management Framework training as a resource on their website. While this is a great resource containing excellent information and should be included in your learning plan, it is not enough when it comes to preparing yourself and your staff for the transition from DIACAP…
By Lon Berman, CISSP No longer just a technical issue, instead a strategic program to manage cybersecurity risk. Targeted cyber attacks are a strategic organizational problem. Cyber attackers are more sophisticated than ever before, and it has become vitally important to understand how to manage risk and implement a continuous monitoring program. More than just…
By Lon J. Berman, CISSP of BAI, Inc. In this issue’s “Spotlight”, we’re not going to focus on any specific controls or families, but rather on a comparison of RMF controls and DIACAP controls. The majority of DoD information systems are currently categorized under DIACAP as “MAC II Sensitive” or “MAC III Sensitive”. These categorizations…
By Annette Leonard of BAI, Inc. RMF-related policies and guidance come from a plethora of sources within the seemingly-convoluted federal landscape. We believe a good understanding of these sources will be helpful as you move forward in your RMF implementation. Here, then is our “Top Ten” list of RMF policy and guidance providers. 10. US…
By Kathryn M. Farrish, CISSP of BAI, Inc. At long last, NIST has finally released a draft copy of the updated version of SP 800-53A, entitled Assessing Security and Privacy Controls in Federal Information Systems and Organizations. This is an important document in the RMF “document library” because it contains the “how to” for assessing…
By Lon Berman of BAI, Inc. Now that RMF is official DoD policy, every DoD system owner needs to begin planning their “transition” from DIACAP. In order to plan and execute the transition, system owners need the answers to three basic questions: What does the transition process entail? When do I need to begin the…
With the publication of revised DoD Instruction 8510.01, adoption of the Risk Management Framework (RMF) by DoD has begun. DoD programs are busy planning and implementing strategies for transitioning from DIACAP to “RMF for DoD IT”. What Efforts are Taking Place in Support of the RMF Transition? Tier 1: DoD Enterprise RMF Knowledge Service –…
We just wanted to share this great message we just got from a client that sat in our CISSP training a few months ago! I would like to thank both of you. I have now taken Security+ and the CISSP classes from you and will highly recommend your site to anyone that seeks improvement in…