In the ever-evolving landscape of IT training, the debate between self-paced online courses and instructor-led training continues to thrive. While self-paced learning offers flexibility, the pivotal role of live, instructor-led training cannot be overstated, especially in the fast-paced world of technology. In this article, we’ll delve into the significance of instructor-led IT training over self-paced…
In today’s fast-paced and dynamic business environment, traditional project management approaches often fall short in delivering timely and impactful results. Enter SCRUM, a popular Agile framework that revolutionizes project management by promoting collaboration, adaptability, and iterative development. In this blog post, we delve into the principles of SCRUM and highlight how IT Dojo offers specialized…
In the realm of cybersecurity, adherence to rigorous standards and best practices is paramount to safeguarding sensitive information and maintaining the integrity of IT systems. Among the essential tools in the arsenal of cybersecurity professionals are Security Technical Implementation Guides (STIGs). These comprehensive guides, developed by the Defense Information Systems Agency (DISA), provide detailed instructions…
In an era marked by evolving cyber threats and stringent security requirements, the Department of Defense (DoD) plays a pivotal role in safeguarding sensitive information and critical infrastructure. To effectively manage risks and ensure the security of DoD IT systems, the Risk Management Framework (RMF) serves as a comprehensive framework for cybersecurity governance and compliance.…
In the realm of technology, few innovations have captured the imagination and transformed industries as profoundly as Artificial Intelligence (AI) and Machine Learning (ML). From enhancing business operations to revolutionizing healthcare and driving breakthroughs in scientific research, the potential applications of AI and ML are virtually limitless. In this blog post, we embark on a…
In an era of ever-evolving cyber threats, traditional security models are proving to be inadequate in safeguarding sensitive data and systems. Enter Zero Trust, a revolutionary approach to cybersecurity that challenges the conventional notion of trust within networks. In this blog post, we delve into what Zero Trust entails, why it’s crucial for modern businesses,…
By Kathryn Daily, CISSP, RDRP I’m sure by now you’ve at least familiarized yourself with NIST 800- 171, “Protecting Unclassified Information in Nonfederal Information Systems and Organizations.” What wasn’t made clear was how DoD will evaluate a contractor’s System Security Plan (SSP). In May, DoD released draft DoD Guidance for Reviewing System Security Plans and…
Article By Lon J. Berman, CISSP In the last issue of RMF Today and Tomorrow, we walked through the System Categorization process step-bystep. Now that we’ve categorized our system, let’s take a look at the steps for creating a Security Control Baseline. Step 1: Create Initial Control Set Your System Categorization defines the initial set of…
Article by Annette Leonard The Defense Information Systems Agency (DISA) is responsible for developing security guidance for configuring DoD information systems. An extensive collection of Security Technical Implementation Guides (STIGs) is published at http:// iase.disa.mil/stigs/Pages/index.aspx. STIGs contain detailed configuration guidance (settings) for commonly-used software products and other system components. Most of these documents are updated…
Article by Kathryn Farrish, CISSP Imagine this dialog between Edward, a System Owner, and Christine, his Information System Security Manager (ISSM): Edward (System Owner):“Now that we’ve completed our System Categorization, have you built the Security Control Baseline for our system?” Christine (ISSM): “Yes, sir, I have. Our system has been categorized as “Moderate -Moderate-Moderate (M-M-M)”.…