Information Security Continuous Monitoring Workshop

 

STS Systems Support, LLC (SSS) is offering a 5-day course on Information Security Continuous Monitoring for Federal Information Systems and Organizations. The course explores new/updated guidance, policy and procedures for implementing a well-developed and thorough approach for building a continuous monitoring program IAW SP 800-137, 800-39, 800-55, 800-128, 800-37 (Rev. 1), 800-53 (Rev. 4 [soon Rev. 5]) and 800-53A.

 

This in-depth course builds on the principles of the NIST Risk Management Framework (Step 6) and supporting NIST guidance (Risk Management, Performance Measurements, Security Control Catalogue, Security Control Assessment Procedures, Configuration Management, System Development Life Cycle, etc.). It familiarizes students with the new continuous monitoring guidance relating to understanding the process, identifying procedures, developing an organizational strategy and ultimately, incorporating a continuous monitoring program into the organizational mission/business functions.

 

Duration: 5-days

 

Cost of Course: $2,300.00 per student (Government Rates and Volume Rates are available)

 

Materials Required: Laptops are required as each student will be asked to create documentation and participate in practical exercises that guide the students. The laptop must have Adobe Acrobat Reader (free version), Excel, Word and a browser. ResourceCD are provided to each student via download and CDs for those attending this course, for in-class work, as well as supplemental materials.

 

NOTE: All SSS training locations have appropriately configured laptops for each student to use during class.

 

Course Materials Provided: Students will receive a workbook (to include instructional slides) and a ResourceCD (that includes supporting materials and exercises).

 

Instructor Policy: Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival, please let us know at the time of registration. Please do not make any travel arrangements prior to 5pm (local time) on the last day of training.

 

Locations: We offer this course in San Antonio, TX. Mobile training is also available at your facility for up to 15 students per course. Contact us at Training@sss-anc.com or (888) 939-4313 for details, pricing and availability for mobile training options.

 

Course Topics

Information Security Continuous Monitoring Workshop (5 days)

 

 

 

 

 

 

 

 

 

 

 

• Module 1: Introduction to Continuous Monitoring (NIST SP 800-137)

   

  • Course Overview/Objectives
  • Key Terms
  • Continuous Monitoring Background
  • Purpose and Applicability
  • Overview of Continuous Monitoring Process

   

• Module 2: Continuous Monitoring Relationship to Other NIST Guidance

   

  • NIST SP 800-39—Risk Management Process
  • NIST SP 800-55—Defining Organizational Metrics and Measurements
  • NIST SP 800-128—Security Configuration Management for Information Systems
  • NIST SP 800-37, Rev. 1—NIST Risk Management Framework
  • NIST SP 800-53, Rev. 4 (soon Rev. 5)—Security Control Catalog
  • NIST SP 800-53A,—Security Control Assessment Guide

   

• Module 3: The Fundamentals—Ongoing Monitoring in Support of Risk Management

   

  • Organization-wide View of Continuous Monitoring
  • Ongoing System Authorizations
  • Role of Automation in Continuous Monitoring
  • Continuous Monitoring Roles and Responsibilities

   

• Module 4:The Process— Building a Continuous Monitoring Program

   

  • Define Continuous Monitoring Strategy
  • Establish Measures and Metrics
  • Establish Monitoring and  Assessment Frequencies

   

• Module 5: Implementing and Maintaining a Continuous Montoring Program

   

  • Implement a Continuous Monitoring Program
  • Analyze Data and Report Findings
  • Respond to Findings
  • Review and Update the Monitoring Program and Strategy
  • Course Summary / Q&A Session