Duration:

1 Day

Audience:

Employees of federal, state and local governments; and businesses working with the government.

Course Description:

Information Security Continuous Monitoring (ISCM) is not just a regulatory requirement; it is the heartbeat of a modern cybersecurity program. This one-day supplemental training dives deep into Step 6 of the Risk Management Framework (RMF).

We move beyond theory to cover the practical application of NIST SP 800-137. You will learn how to design an ISCM strategy that transitions your organization from “Point-in-Time” compliance to “Ongoing Authorization” (OA).

Course Prerequisite:

A strong understanding of RMF is required. We highly recommend completing our 4-day Building a DoD Security Package – RMF in Practice program prior to attending.

Course Agenda:

Strategy & Design

  1. Define Strategy:Setting risk tolerance and monitoring frequencies.
  2. Establish Program:Roles, responsibilities, and resource allocation.
  3. Implement:Deploying sensors and collecting security data.

Execution & Analysis

  1. Analyze & Report:Turning raw data into actionable risk intelligence.
  2. Respond:Mitigation strategies for findings and POA&M updates.
  3. Review & Update:Maturing the ISCM strategy over time.
Practical guidance on ISCM automation and support tools is provided. Student exercises, collaboration and case studies are used to reinforce the concepts taught in the class.
The course content of Information Security Continuous Monitoring (ISCM) is geared to meet the needs of a diverse audience covering the spectrum of management, operational and technical roles.
Students will gain thorough knowledge of the theory and policy background underlying continuous monitoring as well as the practical knowledge needed for effective implementation.

Course Prerequisites

A prerequisite to this course is a strong understanding of RMF, and it is highly recommended students complete the 4-day RMF training program prior to registration.

Who Should Attend?

The Continuous Monitoring training program is suitable for government employees and contractors in DoD, federal “civil” agencies and the intelligence community, particularly those responsible for managing and monitoring security posture on an ongoing basis.

About the Instructors

The instructors tasked to complete this training have previously developed training programs for DoD Information Assurance Certification and Accreditation Process (DIACAP) and the Federal Information Security Management Act (FISMA). These have now been completely revamped to reflect the unification of information security and risk management  practices in accordance with the Risk Management Framework (RMF).  To date, thousands of military personnel, civilian government employees and contractor personnel have completed one or more these training programs.
If you are looking for other dates or would like to bring an instructor into your facility or city, please contact us!