When it comes to getting your CISSP certification, I have one important word for you: STUDY. Study in the car (preferably not while driving), study at work (taking care to not get fired), study at home, study everywhere you get a free moment. Study before training, study after training. You really cannot study too much…
By Kathryn M. Farrish, CISSP Common Controls are security controls whose implementation results in a security capability that is inheritable by multiple information systems (IS). For example, the information systems hosted in a data center will typically inherit numerous security controls from the hosting provider, such as: Physical and environmental security controls Network boundary defense security controls Other inheritance scenarios include agency or departmental-level policies…
By Lon J. Berman, CISSP The story is told of an intern who is asked by his boss to pick up some items from the supply room in the basement. The young man is not sure how to get down there, but, seeing an open door, assumes it is the stairway and steps through. Unfortunately the door turns out to be an…
TrainPlus! POST TRAINING SUPPORT RMF education doesn’t just stop when the training class is over. That’s why we offer TrainPlus!, a RMF Q&A follow-up session. Designed specifically for students who’ve previously attended an IT Dojo RMF training class, TrainPlus! is delivered via a monthly, 60-minute, conference call at no charge. Whether the training experience has been online, onsite or…
We have just added a course date for the Information Security Continuous Monitoring training that is coming up this fall (September 22 – 24, 2015). Information Security Continuous Monitoring (three days) covers roles and responsibilities, establishment and implementation of the ISCM strategy, analysis and reporting of findings, and program review in accordance with NIST Special Publication…
By Lon Berman of BAI, Inc. Now that RMF is official DoD policy, every DoD system owner needs to begin planning their “transition” from DIACAP. In order to plan and execute the transition, system owners need the answers to three basic questions: What does the transition process entail? When do I need to begin the…
The DoD has announced that RMF for DoD IT will supercede the current DIACAP requirements. Revised DoD IA policies and procedures will not be published until later this year and there’s sure to be a “phase in” period. Why should your organization be concerned about preparing for the upcoming RMF transition now? Get Familiarized with…
IT Dojo offers a comprehensive course on the transition from DIACAP to RMF. Please take a look at our RMF training courses here. Here is a link to a great book on RMF that we highly recommend. A ton of other information can be found on the NIST web site.
By Lon J. Berman, CISSP BAI Consulting The wait is over! RIP DIACAP!! At long last, DoD has announced the start of transition from the legacy DIACAP Certification and Accreditation (C&A) Program to the Risk Management Framework (RMF). This transition is part of a broader effort to bring all Executive Branch departments and agencies ……
Most will agree that there is no substitute for instructor-led classroom training. The interaction and dialogue between teacher and student is tough to beat. But tight budgets and even tighter business needs can make it difficult to break away from the office to attend training. You need to be better at your job but you’re…