My time in the IT world is closer to three decades than two. And anyone else who has been around half as long can testify to the amount of change that has occurred. It’s more than impressive; it’s a shock. Across the years I have more than once likened keeping up with technology to treading…
Details
Note: This post is about the Routing and Switching CCNA exam, not the other specializations. The first time I ever took the CCNA exam was somewhere during the year 2000. That’s bordering on seventeen years ago. Not sure when I got so old… I often tell my students that the CCNA exam back in those…
Details
In my moderately cynical view, vendor certification exists for one reason: To enable vendors to sell more stuff. Cisco, Microsoft, Amazon and VMWare (and all vendors, really) need people to be certified in the use of their products because it enables their salespeople to be able to come into a prospective customer’s office and say,…
Details
By Lon Berman, CISSP of BAI Information Security Like any complex process, RMF is not without its share of potential pitfalls. Now that we have the benefit of some more RMF projects under our belt, we thought it was time for a “revisited edition” of the RMF Top Ten Pitfalls. 10. Assuming system boundaries have…
Details
By Lon Berman, CISSP of BAI Information Security If you ask most system owners about the desired outcome of their RMF efforts, they will readily tell you “we are expecting the Authorizing Official (AO) to sign an Authorization to Operate (ATO) for our system.” But how much do they really know about what goes into…
Details
By Kathryn M. Daily, CISSP of BAI Information Security In this issue we will shine the spotlight on the Contingency Planning (CP) family of security controls. First, we’ll show you how the controls dictate the subject areas that need to be addressed in the organization/system’s disaster recovery and business continuity plans. Second, you’ll learn how…
DetailsAttention information assurance and cyber security professionals in Hampton Roads! IT Dojo is running an RMF for DoD IT training course in the Virginia Beach/Norfolk area July 11 – 14. Seating is limited, but this course is guaranteed to run! We have delivered this course to hundreds of individuals throughout the country and the response…
Details
By Lon J. Berman, CISSP BAI Information Security I recently had the pleasure of consulting for a DoD program that successfully navigated the RMF process and received a full three year Authorization to Operate (ATO). In lieu of … or in addition to … a victory party, the team decided it would be productive to…
Details
By Lon J. Berman, CISSP at BAI Information Security Let’s take a look at some strategies for reviewing the Security Control Baseline and creating “action plans” for implementation. The “Raw Materials” An effective review starts with the right materials. You’ll need two spreadsheets to work with: Security Controls Assessment Procedures (CCIs) Using the Security Controls…
Details
Picture this. You’ve just completed your RMF training with IT Dojo. You spent four days in class learning and doing. So much information and guidance has come your way that at times you felt like you were drinking from a fire hose! Now, at last, you’re sitting in the relative peace and quiet of your…
Details