Information Systems Security Officer (Isso) 101

The Only Six Skills You Need

What you'll learn

Learn The Core Responsibilities Of An ISSO: The Only 5 Core Skills You'll Need

What You Need to Know About NIST frameworks - SP 800-37 (RMF) and SP 800-53 (REV 5)?

How Does FedRAMP (Cloud-based Systems) Relate To RMF (On-Prem Systems)?

Categorize An Information System - Low, Moderate or High | FIPS 199

Quickly How Orgs Establish baselines and How ISSOs tailor baseline controls

Assess Document : Review/Edit/Write Implementation Statements

Complete Continuous Monitoring Tasks - Review Audit Logs, Analyze Scans Reports, Create POAMs

BONUS: ISSO Workload: How To Manage All Your Tasks - Daily, Monthly, Quarterly, Annuallly - There are lots of them

BONUS: Assessments: How to Keep Them On Track Even Though You Aren't In Charge

BONUS: Collaborate: How to Successfully Work With Key Stakeholders - SO, ISSM, CISO, IA, SAOP

Requirements

Required: Security Certification* - Security Plus, Network Plus, CISSP (*Obtained or studying for)

Helpful: Some hands-on experience in one of the following roles is helpful - web development, database management, network administration, Tier 1 technical support

Plus: Some working knowledge of federal/DoD terms and acronyms

Description

From categorizing information systems to establishing baseline controls and identify vulnerabilities by analyzing scan reports and reviewing audit log to tracking vulnerabilities with plan of actions and milestones. This course ensures you will be able to use your knowledge as an ISSO  to establish and maintain the security posture of information systems.  From categorizing information systems to establishing baseline controls and identify vulnerabilities by analyzing scan reports and reviewing audit log to tracking vulnerabilities with plan of actions and milestones. This course ensures you will be able to use your knowledge as an ISSO  to establish and maintain the security posture of information systems.  From categorizing information systems to establishing baseline controls and identify vulnerabilities by analyzing scan reports and reviewing audit log to tracking vulnerabilities with plan of actions and milestones. This course ensures you will be able to use your knowledge as an ISSO  to establish and maintain the security posture of information systems.  From categorizing information systems to establishing baseline controls and identify vulnerabilities by analyzing scan reports and reviewing audit log to tracking vulnerabilities with plan of actions and milestones. This course ensures you will be able to use your knowledge as an ISSO  to establish and maintain the security posture of information systems.  From categorizing information systems to establishing baseline controls and identify vulnerabilities by analyzing scan reports and reviewing audit log to tracking vulnerabilities with plan of actions and milestones. This course ensures you will be able to use your knowledge as an ISSO  to establish and maintain the security posture of information systems. 

Overview

Section 1: Introduction

Lecture 1 Course Overview

Lecture 2 Course Overview: Outline

Lecture 3 CPE/CEU: Earn By Learning

Lecture 4 Course Glossary of Terms And Acronyms List

Section 2: What is an ISSO?

Lecture 5 ISSO Role

Lecture 6 ISSO Resources

Lecture 7 ISSO Resource

Section 3: BACKGROUND: NIST, RMF and FedRAMP

Lecture 8 NIST SP 800-37 Rev 2: Risk Management Framework (RMF)

Lecture 9 NIST SP 800-53 Rev 5 Cybersecurity Framework (CSF)

Lecture 10 FedRAMP

Lecture 11 Rev 5 | Rev 2 (RMF) | FedRAMP Resources

Section 4: System Categorization: FIPS 199 (RA-2)

Lecture 12 Categorization Intro

Lecture 13 Categorize Exercise: Complete FIPS-199

Lecture 14 Time-Saving Tip #1

Section 5: Select Baseline Controls (PL-10)

Lecture 15 Baseline Intro

Lecture 16 Select Baseline Security & Privacy Controls

Lecture 17 Time-Saving Tip #2

Section 6: Tailor/Filter Security & Privacy Controls (PL-11)

Lecture 18 Control Tailoring: Intro Video

Lecture 19 Control Tailoring: Hybrid Controls Exercise

Lecture 20 Control Tailoring: Not Applicable Exercise

Lecture 21 Time-Saving Tip #3

Section 7: Write/Edit Implementation Statements (SA-5)

Lecture 22 Documentation: Implementation Statements Intro

Lecture 23 Implementation Statements: Exercise- Writing Hybrid Controls

Lecture 24 Implementation Statements Exercise: Writing Not Applicable Controls

Lecture 25 Time-Saving Tip #4

Section 8: Continuous Monitoring: POAMS (CA-5)

Lecture 26 POAM Intro Vid

Lecture 27 POAM: Exercise Create A POAM

Lecture 28 POAM Exercise: Create POAM Milestones

Lecture 29 Time-Saving Tip #5

Section 9: Continuous Monitoring: Analyze Scans (RA-5)

Lecture 30 Scans Intro

Lecture 31 Continuous Monitoring: Scan Analysis Exercise

Lecture 32 Continuous Monitoring: Scan Notes Exercise

Lecture 33 Continuous Monitoring: Log Review - IIS (Web) - Authorized User Activity

Lecture 34 Time-Saving Tip #6

Section 10: Continuous Monitoring: Review Logs (AU-6)

Lecture 35 Continuous Monitoring: Logs Intro

Lecture 36 Copntinuous Monitoring: Log Review User Accounts

Lecture 37 Continuous Monitoring: Log Review User Last Login

Lecture 38 Continuous Monitoring: Log Review User Separation of Duties

Lecture 39 Continuous Monitoring: Log Review Web (IIS)

Lecture 40 Continuous Monitoring: Log Exercise -DDOS

Lecture 41 Time-Saving Tip #7

Section 11: QUIZ/EXAM

Section 12: BONUS SECTION 1: Top Tips To Be Successful ISSO

Lecture 42 Top 3 Ways to Keep Your Assessments On Schedule

Lecture 43 Top 3 Ways to Collaborate With Your Stakeholders

Lecture 44 Manage Your Workload In 3 Easy Steps

Beginner Intermediate Experienced Cybersecurity Professionals