RISK MANAGEMENT FRAMEWORK COURSE

Transcription

1 RISK MANAGEMENT FRAMEWORK COURSE Secure Managed Instructional Systems, LLC Consulting Training Staffing Support 3350 Riverview Pkwy Suite 1900 * Atlanta, Georgia * Phone: * semais@semais.net.* Website:

2 Applicative and Innovative Solutions What is RMF? The RMF was developed by the National Institute for Standards and Technology (NIST) to help DoD and Federal agencies manage risks to and from Information Technology (IT) systems more easily, efficiently and effectively. The Risk Management Framework provides a structured, yet flexible approach for managing the portion of risk resulting from the incorporation of information systems into the mission and business processes of the organization. The training at SEMAIS provides a comprehensive learning methodology to capture these key tasks and requirements to accredit DoD and Federal Systems based on OMB 130, FISMA, NIST /37/53/60/114 and DoD 8500 policies and procedures. Our differentiators focus on real-time application principles, processes, and procedures to relay RMF based on agencies goals and requirements. We Focus Beyond Theory-Based Training SEMAIS Methodology Many training companies are focused at Teaching-the-Test, and not Teaching-the-Student. Here at SEMAIS, we employ a different methodology to this practice by focusing on the concepts and aligning those concepts with application principles. This core practice ensures clients receive the most qualified training for career success. The result of this methodology will use adult learning methodologies called (KAC). Knowledge Risk Management Framework Course Application Comprehension

3 SEMAIS Snapshot Cage Code: 6WY63 DUNS Number: NICCS Approved Trainer Certifications Certified Information Security System Professional (CISSP) Certified Authorization Professional (CAP) EC-Council Certified Ethical Hacker (CEHv8) ITIL Foundation (ITILv3) A Step Above Competitors Microsoft Certified Technical Specialist (MCTS) CompTia Security Plus (Sec +) SEMAIS has a unique advantage of delivering RMF training based upon hands-on experience with Federal and DoD security standards for safeguarding data and networks. Our detail experience and certifications achieved provides a comprehensive learning approach to delivering the FISMA and Risk Management process. Master Training Specialist (MTS) Differentiators Socio-Economic Status Minority Owned Business (MOB) Most training companies provide instructor-based knowledge through classroom demonstration of text book information. This learning style forces students to become book-based Small Disadvantaged Business (SDB) Veteran-Owned Small Business (VOSB) Service-Disabled Veteran-Owned Small Business (SDVOSB) learners. Our difference is to employ adult learning practices such as teach back exercises and real-time system accreditation issues for students. The end-state integrates workshop and certification-based training into a single course. The benefit: A company achieves a higher Return-On-Investment. Employees learn their roles within the RMF tasks and gathers the knowledge to pass the ISC2 CAP examination. Risk Management Framework Course

4 Federal Risk Management Framework (RMF) Days of Training: 4 Course Federal Description Risk Management Framework (RMF) Federal Risk Management Framework (RMF) focuses on the Risk Management Framework prescribed by NIST Standards as implemented within the Department of Defense (DoD) and Intelligence Community Days of Training: (IC). The course 4 can also be used as test preparation for the ISC2 Certified Authorization Professional (CAP) certification. Course Description The Federal 3.0 version Risk Management of the course Framework is current (RMF) as of July, Implementation Downloadable 3.0: DoD/IC ancillary Edition materials focuses on including the Risk a Management study guide, a DoD Framework RMF exam, prescribed and a References by NIST Standards Policies as implemented handout. within the Department of Defense (DoD) and Intelligence Community (IC). The course can also be used as test preparation for the ISC2 Certified Authorization Professional Outline (CAP) certification. Module 1: Introduction The 3.0 version of the course is current as of July, Downloadable ancillary materials including a study guide, a Key concepts including assurance, assessment, authorization DoD RMF Reasons exam, for and change a References to the Risk and Management Policies handout. Framework (RMF) Outline Key characteristics of security Security controls Module 1: Introduction Module 2: Cybersecurity Policy Regulations and Framework Key concepts including assurance, assessment, authorization Evolution and interaction of security laws, policy, and regulations in cybersecurity Reasons for change to the Risk Management Framework (RMF) Accessing the correct documents for cyber security guidance Key characteristics of security Assessment and Authorization transformation goals Security controls Module 3: RMF Roles and Responsibilities Module 2: Cybersecurity Policy Regulations and Framework Tasks and responsibilities for RMF roles Evolution and interaction of security laws, policy, and regulations in cybersecurity Module 4: Accessing Risk Analysis the Process correct documents for cyber security guidance Four-step Assessment risk management and Authorization process transformation goals Impact level Module 3: RMF Roles and Responsibilities Level of risk Tasks and responsibilities for RMF roles Effective risk management options Module 4: Risk Analysis Process Module 5: Step 1: Categorize Four-step risk management process Key documents in RMF process Impact level Security Categorization Level of risk Information System Description Information Effective System risk management Registration options Module Lab 5: 1: Step Categorize 1: Categorize a fictitious DoD agency information system Module 6: Key Step documents 2: Select in RMF process Security Categorization Information System Description Information System Registration

5 Federal Risk Management Framework (RMF) Days of Training: 4 Course Description Module 6: Step 2: Select Federal Risk Common Management Control Framework Identification (RMF) focuses on the Risk Management Framework Security prescribed Control by NIST Selection Standards as implemented within the Department of Defense (DoD) and Intelligence Community Tailor (IC). The security course controls can also be used as test preparation for the ISC2 Certified Authorization Professional (CAP) certification. Monitoring Strategy Security Plan Approval The 3.0 version of the course is current as of July, Downloadable ancillary materials including a study guide, a Lab 2: Select security controls for a fictitious DoD agency information system. DoD RMF exam, and a References and Policies handout. Module 7: Step 3: Implement Outline Security Control Implementation Module 1: Security Introduction Control Documentation Key Lab concepts 3: Discuss including and review assurance, decisions assessment, related authorization to implementation of security controls. Module Reasons 8: Step for 4: change Assess to the Risk Management Framework (RMF) Key Assessment characteristics Preparation of security Security Security controls Control Assessment Module 2: Security Cybersecurity Assessment Policy Report Regulations and Framework Evolution Remediation and interaction Actions of security laws, policy, and regulations in cybersecurity Accessing Lab 4: the Consult correct NIST documents SP A for to cyber determine security appropriate guidance assessment techniques for a fictitious DoD Assessment agency. and Authorization transformation goals Module 3: 9: RMF Step Roles 5: Authorize and Responsibilities Tasks Plan and of responsibilities Action and Milestones for RMF roles Module 4: Security Risk Analysis Authorization Process Package Four-step Risk Determination risk management process Impact Risk level Acceptance Level Lab of 5: risk Practice compiling the documents that make up the Security Authorization Package. Module Effective 10: Step risk 6: management Monitor options Module 5: Information Step 1: Categorize System and Environment Changes Key Patches documents in RMF process Security Ongoing Categorization Security Control Assessments Information Ongoing System Remediation Description Actions Information Key Updates System Registration Lab Security 1: Categorize Status a Reporting fictitious DoD agency information system Ongoing Risk Determination and Acceptance Module 6: Step 2: Select Information System Removal and Decommissioning Lab 6: Identify vulnerabilities and deficiencies in the information system of a fictitious DoD agency and propose steps to remediate them.

6 Federal Risk Management Framework (RMF) Days of Training: 4 Course Description Module 11: Risk Management Framework for DoD and the Intelligence Community Federal Risk DoDI Management Framework (RMF) focuses on the Risk Management Framework DFAR prescribed by NIST Standards as implemented within the Department of Defense (DoD) and Intelligence Community Security (IC). The Control course Structure can also be used as test preparation for the ISC2 Certified Authorization Professional (CAP) certification. Evolution of Cybersecurity Policy NIST: Computer Security Division The 3.0 version of the course is current as of July, Downloadable ancillary materials including a study guide, a DoD Cybersecurity Policy Drivers DoD RMF exam, and a References and Policies handout. DIACAP to RMF Outline Transformation Goals Control Selection Module 1: Introduction CNSSI-1253 Key concepts including assurance, assessment, authorization RMF Integration with the SDLC Reasons for change to the Risk Management Framework (RMF) Important Federal Guidelines Key characteristics of security DoD 8500 Cybersecurity Series Security controls Roles and Responsibilities Module 2: Registering Cybersecurity a DoD Policy System Regulations and Framework Evolution emass and interaction of security laws, policy, and regulations in cybersecurity Accessing Types the of Authorizations correct documents for cyber security guidance Assessment and Authorization transformation goals RMF Knowledge Service Module 3: RMF Roles and Responsibilities Tasks and responsibilities for RMF roles Module 4: Risk Analysis Process Four-step risk management process Impact level Level of risk Effective risk management options Module 5: Step 1: Categorize Key documents in RMF process Security Categorization Information System Description Information System Registration Lab 1: Categorize a fictitious DoD agency information system Module 6: Step 2: Select

7 Why Train With SEMAIS? The Cyber Security industry has adopted many standards and management strategies to become compliant.. These standards require in-depth interpretation and sound learning solutions to ensure compliance for corporations and government systems. We have your training solutions for RMF. The privacy laws are changing and security best practices are sometimes omitted from governance strategies. Management has been facing tough decisions to maintain Defense Accreditation for DoD 8500 compliance through Vulnerability Assessments, Security Technical Information Guides (STIGS) implementation, and regulatory policies to achieve Authority to Operate (ATO). What are your shortfalls for RMF training? Are you challenged for meeting compliance through Cyber Security and Information Assurance programs, processes, or procedures that are obsolete, dysfunctional, or non-compliant for RMF? If so, SEMAIS has the expertise to deliver RMF training and tasks related to NIST SA&A. Leave the tough work to SEMAIS! Risk Management Framework Course Secured Managed Instructional Systems, LLC 3350 Riverwood Pkwy Suite 1900 Atlanta, Georgia Phone: , Ext Website: