Individuals associated with the design, development, implementation, operation, maintenance, and disposition of federal information systems including:

Individuals with mission / business ownership responsibilities or fiduciary responsibilities. (e.g., heads of federal agencies, chief executive officers, chief financial officers)
Individuals with information system development and integration responsibilities. (e.g., program managers, information technology product developers, information system developers, information systems integrators, enterprise architects, information security architects)
Individuals with information system and / or security management / oversight responsibilities. (e.g., senior leaders, risk executives, authorizing officials, chief information officers, senior information security officers)
Individuals with information system and security control assessment and monitoring responsibilities. (e.g., system evaluators, assessors /assessment teams, independent verification and validation assessors, auditors, or information system owners)
Individuals with information security implementation and operational responsibilities. (e.g., information system owners, common control providers, information owners / stewards, mission/business owners, information security architects, information system security engineers / officers)

REGISTER NOW

Training@sss-anc.com

or

(888) 939-4313

Information Security Continuous Monitoring Workshop

STS Systems Support, LLC (SSS) is offering a 4-day course on Information Security Continuous Monitoring for Federal Information Systems and Organizations along with an Industrial Controls Systems (ICS) 'add-on, if needed. The course explores new/updated guidance, policy and procedures for implementing a well-developed and thorough approach for building a continuous monitoring program IAW SP 800-137, 800-39, 800-55, 800-128, 800-37 (Rev. 1), 800-53 (Rev. 4 [soon Rev. 5]), 800-53A, and 800-82 (Rev. 2).

One area that requires more continuous monitoring is in the Industrial Controls Systems (ICS) arena. Clearly, ICS has become a global phenomenon and a vital part of the world economy. They have made it easier to control complex industrial operations and facilities, enhancing productivity and efficiency in the process. Unfortunately, our reliance on ICS has led to a kind of dependence, which leaves industry vulnerable to cyberattacks, so it makes sense to do what we can to keep ourselves secure.

This in-depth course builds on the principles of the NIST Risk Management Framework (Step 6) and supporting NIST guidance (Risk Management, Performance Measurements, Security Control Catalogue, Security Control Assessment Procedures, Configuration Management, System Development Life Cycle, etc.). It familiarizes students with the new continuous monitoring guidance relating to understanding the process, identifying procedures, developing an organizational strategy and ultimately, incorporating a continuous monitoring program into the organizational mission/business functions. It also includes the methodologies NIST recommends to harden an ICS IAW SP 800-82 Rev.2 which includes supervisory control and data acquisition (SCADA) systems, distributed control systems (DCS), and other control system configurations such as Programmable Logic Controllers (PLC) that are often found in the industrial control sectors. ICS are typically used in industries such as electric, water and wastewater, oil and natural gas, transportation, chemical, pharmaceutical, pulp and paper, food and beverage, and discrete manufacturing (e.g., automotive, aerospace, and durable goods.)

Duration: 4-days

Cost of Course: $2,300.00 per student (Government Rates, Volume Rates, and Training Credits are available)

Materials Required: Laptops are required as each student will be asked to create documentation and participate in practical exercises that guide the students. Laptops must have Adobe Acrobat Reader (free version), Excel, Word, and a browser. Resource CDs are provided to each student via download and CDs for those attending this course, for in-class work, as well as supplemental materials.

NOTE: All SSS training locations have appropriately configured laptops for each student to use during class.

Course Materials Provided: Students will receive a workbook (to include instructional slides) and a Resource CD (that includes supporting materials and exercises).

Instructor Policy: Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival, please let us know at the time of registration. Please do not make any travel arrangements prior to 5pm (local time) on the last day of training.

Locations: We offer this course in San Antonio, TX as well as mobile training at your facility for up to 15 students per course. Contact us at Training@sss-anc.com or (888) 939-4313 for details, pricing, and availability for mobile training options.

Course Topics

Module 1: Introduction to Continuous Monitoring (NIST SP 800-137)
- Course Overview/Objectives
- Continuous Monitoring Background
- Purpose and Applicability
- Key Terms
- Key Players and Roles and Responsibilities
- Overview of Continuous Monitoring Process
- NIST SP 800-37, Rev. 1 – NIST Risk Management Framework
- NIST SP 800-39 – Risk Management Process
Module 2: Continuous Monitoring Relationship to Other NIST Guidance
- NIST SP 800-55 – Defining Organizational Metrics and Measurements
- NIST SP 800-128 – Security Configuration Management for Information Systems
- NIST SP 800-53, Rev. 4 (soon Rev. 5) – Security Control Catalog
- Organization-wide View of Continuous Monitoring
- Ongoing System Authorizations
- Role of Automation in Continuous Monitoring
- Technologies for Enabling ISCM
Module 3: The Fundamentals—Ongoing Monitoring in Support of Risk Management
- Organization-wide View of Continuous Monitoring
- Ongoing System Authorizations
- Role of Automation in Continuous Monitoring
- Continuous Monitoring Roles and Responsibilities
Module 4: Industrial Control Systems (ICS) Arena
- Overview of Industrial Control Systems
- ICS Risk Management and Assessment
- ICS Security Program Development and Deployment
- CS Security Architecture
- Applying Security Controls to ICS
- Course Summary/Q&A Session

STS Systems Support 1826 North Loop 1604 W Suite 336A San Antonio, TX 78248

STS Systems Support is a Bristol Bay Native Corporation Company

Phone: (210) 892-3511 Fax: (210) 892-3522 www.sss-anc.com

TIMESHEET

EMAIL

CERIDIAN/DAYFORCE

DUNS: 08-0448-7230 CAGE: 7S2T6 Tax ID: 81-4325845