Home - Training

Security Controls In-Depth – 3 Days

The 3-day Security Authorization Process Security Controls In-Depth course builds on and strengthens the students Security Authorization Process Essentials knowledge base. The blend of lecture and hands-on exercises is continued to provide the student with highly detailed information concerning: security control selection and specification, the activities necessary to translate the security controls identified in the security plan into an effective implementation, and the process of assessing the security controls in organizational information systems.

Duration
3 days

Course Topics:
Security Authorization Process Security Controls In-Depth :

  • Selecting and Specifying the Security Controls
    • Fundamental Concepts
      • Structural components of security controls
      • Minimum (baseline) security controls
      • Common security controls
      • Assurance in the effectiveness of security controls
      • Commitment to maintain currency
    • The Process
      • The organization’s overall approach to managing risk
      • FIPS 199 - categorizing the system
      • Selecting and tailoring the initial set of controls
      • Supplementing the tailored security control baseline
      • Updating the controls
  • Implementing the Security Controls
    • The “Easy” security controls
    • The “Tough” security controls
      • Using the NIST Checklist Program
      • Pre-defined checklist operational environments
      • Threat discussions
      • Baseline technical security practices
      • Selecting the “best” checklists for the environment
      • Tailoring and Implementing Checklists
      • Developing Checklists
  • Assessing the Security Controls
    • Fundamental Concepts
      • Integrating assessments into the SDLC
      • An organization-wide strategy for conducting assessments
      • Developing effective assurance cases
      • Format and content of assessment procedures
      • Extended assessment procedures
    • The Process
      • Organizational activities to prepare for an assessment
      • Assessor activities to prepare for security control assessments
      • Developing the Security Assessment Plan (SAP)
      • Conducting and Analyzing the security control assessments
      • Reporting assessment results – the SAR
      • Organizational post-assessment report analysis
      • Organizational follow-on activities

Cost of Course: Contant SANS for more information.

Laptop Required
Laptops are required for this course, as each student will be asked to create documentation and participate in practical exercises that guide the students learning from Security Authorization Process essentials, fundamental concepts, and Security Authorization Phases to the details of selecting, specifying, implementing, and assessing the security controls. The laptop must have a Web browser, Adobe Acrobat Reader, Excel, and Word. Resource Kits are provided via Thumb Drives for students attending the course, for in-class work, as well as supplemental materials.

Who Should Attend?
This 3 day course is intended to serve a diverse group of information system and information security professionals in and supporting the federal government including:

  • Individuals with information system development and integration responsibilities (e.g., program managers, information technology product developers, information system developers, systems integrators)
  • Individuals with information system and security management and oversight responsibilities (e.g., authorizing officials, chief information officers, senior agency information security officers, information system managers, information security managers)
  • Individuals with information system and security control assessment and monitoring responsibilities (e.g., system evaluators, assessors/assessment teams, independent verification and validation assessors, auditors, Inspectors General, or information system owners)
  • Individuals with information security implementation and operational responsibilities (e.g., information system owners, common control providers, information owners/stewards, mission/business owners, information system security engineers/officers).

Register Now

Questions about our corporate training may be directed to training@secureinfo.com, or call 888.677.9351.

Ask about our mobile training capability--it saves you money!