Loading...

Course Description

ISCM was developed by the US National Institute of Standards and Technology (NIST). NIST provides detailed guidance on implementing a risk management framework. It also provides a detailed and broad control set for federal agencies to adopt— though any organization can adopt the controls as standards. There are lessons to be learned and technology improvements that can be implemented in any industry, such as finance, utilities, health care, and more. A combination of the risk management framework, control set and the continuous monitoring implementation guidance can be used to set up acceptable continuous monitoring plan. In this course students explore new guidance, policy and procedures for implementing a well- developed and thorough strategy for building a continuous monitoring program IAW SP 800-137, 800-39, 800-55, 800-128, 800-37 (Rev. 2), and 800-53 (Rev. 5). Topics include roles and responsibilities, establishment and implementation of the ISCM strategy, analysis and reporting of findings, and program review in accordance with NIST Special Publication (SP) 800-137.

Students will gain thorough knowledge of the theory and policy background underlying continuous monitoring as well as the practical knowledge needed for effective implementation.

Course Outline

  • Introduction to Continuous Monitoring (NIST SP 800-137)
    • Overview/Objectives
    • Key Terms
    • Why Continuous Monitoring?
    • Overview of Continuous Monitoring Process
    • Organization-wide view of ISCM
    • ISCM Roles and Responsibilities
  • Continuous Monitoring and Other NIST Guidance
    • NIST SP 800-39 – Risk Management Process
    • NIST SP 800-55 – Defining Organizational Metrics and Measurements
    • NIST SP 800-128 – Security Configuration Management for Information Systems
    • NIST SP 800-37, Rev. 1 – NIST Risk Management Framework
    • NIST SP 800-53, Rev. 4 – Security Control Catalogue
  • ISCM Process – NIST SP 800-137
    • Step 1 – Define Strategy
    • Step 2 – Establish ISCM program
    • Step 3 – Implement
    • Step 4 – Analyze and Report
    • Step 5 – Respond to Findings
    • Step 6 – Review and Update
  • The Fundamentals – Ongoing Monitoring in Support of Risk Management
    • Organization-wide View of Continuous Monitoring
    • Ongoing System Authorizations
    • Role of Automation in Continuous Monitoring
    • Technologies for Enabling ISCM
  • Building a Continuous Monitoring Program
    • Define Continuous Monitoring Strategy
    • Establish an ISCM Program
  • Implementing and Maintaining a Continuous Monitoring Program
    • Implement a Continuous Monitoring Program
    • Analyze Data and Report Findings
    • Respond to Findings
    • Review and Update the Monitoring Program and Strategy
  • Supporting Technologies
    • Security Automation Domains
    • Security Information and Event Management (SIEM)
    • Security Content Automation Protocol (SCAP)
    • Reference Data Sources
      • National Vulnerability Database
      • Security Configuration Checklists
  • ISCM Reference Model

Prerequisites

Applying the Risk Management Framework (RMF) and NIST Controls

Duration

18 Hours | 3 Days or 6 Nights

Applies Towards the Following Certificates

Loading...
Enroll Now - Select a section to enroll in
Section Title
Information Security Continuous Monitoring (ISCM) Training
Type
Instructor-Led
Days
T, Th
Time (Central Time)
5:30PM to 8:30PM
Dates
Oct 25, 2022 to Nov 10, 2022
Schedule and Location
# of Course Hours
18.0
Delivery Option
Course Fee(s)
Rate non-credit $2,385.00
Potential Discount(s)
Section Title
Information Security Continuous Monitoring (ISCM) Training
Type
Instructor-Led
Days
T, Th
Time (Central Time)
5:30PM to 8:30PM
Dates
Apr 11, 2023 to Apr 27, 2023
Schedule and Location
# of Course Hours
18.0
Delivery Option
Course Fee(s)
Rate non-credit $2,385.00
Potential Discount(s)
Required fields are indicated by .
*Academic Unit eligibility to be determined by college/university in which you are enrolled in a degree seeking program.