Security Control Assessor (SCA) Training

$398 or 2 monthly payments of $199

Security Control Assessor (SCA) Training

Course
295 Lessons

This course is meant to train you to get the skills needed to land a Cybersecurity Risk Management job. It takes you from Novice to Pro at your own pace. No technical skills needed

Buy now

Documenting Observations and Results Part 2.mp4

Module 1: Introduction

SCA Training Preview

Intro

Who is a SCA?

Duties of a SCA

Documenting Observations and Results

Sceduling meetings

Scheding Meetings

Keeping to Schedule

Reviewing evidence part 1

Reviewing evidence part 2

Job Environment for a SCA

Qualifications of a SCA

Sceduling meetings

Scheding Meetings Part2

Assessment Readiness Checklist.docx

Preparing the SAP

Security Assessment Plan (SAP) Template.docx

Reviewing evidence part 1

Reviewing evidence part 2

RMF Rev. 2

RMF and Where the SCA comes in

Prepare

RMF Continued: Prepare

Categorize

Select

Implement

Assess

Authorize

Monitor

Summary

RMF (Driver's License Analogy)

Resume Update

Module One Quiz

Module 2: Cybersecurity Basics

What is Cybersecurity?

The CIA Triad: The 3 Pillars of Security

Integrity

Availability

Separation of Duties

Job Rotation and Mandatory Leave

Risk Management Framework (RMF)

Common Roles and Responsibilities

Top Down Approach

Control Frameworks

Due Care and Due Diligence

Compliance

Privacy

Privacy Continued

European Union Privacy Laws

GDPR

Computer Crime

MOM

How Data Breaches Occur

Threats: Virus, Trojan, Logic bomb, Worm, Bot, Rootkit, Spyware, Spam

BIA

Business Continuity Plan (BCP)

Disaster Recovery Sites

Threat Modeling

OWASP

DoS and DDoS Attacks

Man-in-the Middle Attacks

Social Engineering

Types of Social Engineering

Types of security controls

RAT and Backdoor

Adware

Keylogger

Data Protection

Wireless Security

Ports

OS Hardening

Multifactor Authentication

Identifying Authentication Factors

Mobile Security

Social Media

What is Networking?

Networking

Quiz

Module 3: Assessment and Authorization (A&A) Documents

Security Assessment and Authorization Documents That the SCA Creates

Conducting PTAs and PIA

Reviewing PIA as a SCA

PTA As a SCA (LAB)

Incident Response

Change Management

Developing ISAs

ISA Walk-through

Developing MOU/MOA (MEMORANDUM OF UNDERSTANDING or AGREEMENT)

Reviewing and Developing Contingency Plan Documentation

Contingency Plan (ISCP) Intro

SIA (Security Impact Analysis)

SIA Walkthrough

Site for viewing Security Controls

AC-3

NIST Control Families

Developing an SSP part 1

Developing an SSP part 2

Module 4: Risk Management Framework (RMF)

RMF

RMF Rev2 Part1

Prepare (New Phase)

NIST 800-53 Rev 5

RMF Analogy (Building a House)

Prepare Analogy

Categorize Analogy

Select Analogy

Implement Analogy

Assess Analogy

Authorize Analogy

Monitor Analogy

RMF House Analogy House Summary

Driver's License Analogy

Main Roles and their Objectives

RMF Phases and Roles in Real World

Prepare Phase

Categorize Phase

How to categorize an information system

Kickoff

Case Study Kickoff Meeting

Kickoff Walkthrough

SDLC

Class Project Categorize LCM

Class Project Categorize LCM Walkthrough

Entering System Categorization in SSP

SAP (Security Assessment Plan)

Selecting Controls Class Project LCM

Selecting Common Controls

Selecting Common controls continued (Hybrid Controls)

Implementing Security Controls

Upload Artifacts and Contact Assessor

Assess Security Controls

Evidence Review Tips

Reviewing Security Controls Artifacts

2 Main Roles and thier Objectives.

System Information XYZ system

ISSO and SCA Duties in a Nutshell

A to Z break down Prepare to Implementation

A to Z break down Assessment to Monitor

Quiz (Categorize Information System)

Select Phase Tasks

Selecting security Controls: What is a Security Control?

Select Phase Types of Controls Management Technical and Operational

Select Phase Common control System Specific Control and Hybrid Control

Select Phase: NIST 800-53 and FIPS 200

Select Phase NIST Website and SSP Templates

Select Phase: NIST Control Families

Select Phase: Low, Moderate, High and Enhancements

Select Phase Tailoring

Baseline and Benchmark

Implement 1

Implement Documenting Implementation Statements

Assess Tasks

Assess Evidence Review Tips

Conducting the assessment

Assessment Using the SAP worksheet

Assess Phase: Entering Assessment Observations

Assess SAP 1

Assess Phase: SAR

Assess Phase: Documenting the Findings in the SAR

Assess Phase: Remediation Actions

Assess Phase: POA&M Report

Assess Phase: Documenting Plan of Action and Milestones POA&Ms

Authorize Phase

Monitor Phase

Monitor Phase Part 2

NIST 800-37 Rev 2 (Free)

Security Assessment Process from A to Z

Module 5: Mastering Security Controls (NIST 800-53 Rev 5)

Assess SAP 2

Security Controls

AC Controls

AC-2(4)

AC-2(4)_Evidence

AC-2(5)_ with Evidence

AC-2(6)

AC-2(7)

AC-2(8)_AC-2(9)_AC-2(10_AC-2(11)_AC-2(12)

AC-3

AC-3(3)

AC-3(4)

AC-3(5)

AC-4

AC-3(7)

AC-5

AC-6

AC-7

AC-8

AC-9

AC-10

AC-11

AC-12

AC-13

AC-14

AC-15

AU controls

AT-1

AT-2 (6)

AT-2 (5)

AT-2 part 2

AT-3 (4)

AT-2 (1)_AT-2 (2)

AT-2 (3)_AT-2 (4)

AT-3 (5)

AT-4

AT-2 part 1

AT-3 (1) (2) (3)

AT-3

AC-17

AC-17 Evidence

PT-1

AC-23 part 1

AC-20

AC-18

AC-19

AC-23 part 2

AC-21

PT-2 part2

AC-22

PT-2

PT-3

Assessing a PTA As a SCA

PT-4

SR-2 (1)

SR-3

SR-2

Examining a PIA as a SCA

SR-3(1), SR-3(2), and SR-3(3)

SR-4 plus enhancements

Assessment Evidence Cheat Sheet.xlsx

FEA Security Assessment Report (SAR)_final.docx

System Administration Manual_LCM.doc

Security Assessment Plan (SAP) Template_Student version.docx

Evidence Review Tips.pdf

SSP_for LCM System_v3-.docx

SAP Worksheet.xlsx

Test Plan.xlsx

Module 5: Finding a Job

Finding a Job

Finding a Job with no Experience

Job Search Sites

Job Search Sites Indeed

Job Search Sites Glassdoor

Job Market

Background Investigation

Module 6: Interview Questions and Tips

Tips on finding a Job

The Interview

Things to do before you go for an Interview

Interview process

Interview Tips 1st Call

Interview Questions PDF

Interview Questions

ISSO Salary Indeed

Interview Tips 2nd Call

Interview Tips: In-person interview

Zoom interview.mp4

Zoom interview Checklist.pdf

Negotiating your Salary.

Researching your Salary

Company Reviews, Salaries on Glassdoor.

Interview Session.mp4

Module 7: Things You Should do in Your First Week

Things You Should do in Your First Week

Module 8: 7 Step Playbook to Get Hired

7 Step Playbook to Get Hired in Cybersecurity

Module 9: Resources: Templates, Forms, Guides, Cheat Sheets

NIST.SP.800-53r5

NIST.SP.800-18r1

Templates

NIST.FIPS.199

nistspecialpublication800-137

nistspecialpublication800-64r2

nist.sp.800-53ar4

POA&M Template

Resume Template

Security Controls Assessor Resume Template

nist.sp.800-37r1

ATO Letter Template

Cybersecurity Links to free online Resources

FAQ Monitor Phase

FAQ Categorize Phase

FAQ Select Phase

Career Advice Pocket Guide

RMF Cheat Sheet.pdf

RMF Cheat Sheet Video

Security Assessment Plan (SAP) Template.docx

Module 10: A Day in the Life of an ISSO

ISSO Tips

Module 11: CGRC Certification Exam Prep

CGRC Exam Outline and Exam Requirements

How to pass the cGRC Part 1

How to pass the CGRC exam Part 2

CGRC-Exam-Outline.pdf

Exam Prep Questions

Module 12: Developing Your Resume

Developing Your Resume.

Developing Your Resume part 2

Resume Template

ASK a QUESTION

Ask a Question

Asking a question Guidelines Part 1

Asking a question Guidelines Part 2

FAQ (Frequently Asked Questions)

Outro

Q&A

Live Q&A Session 7/14/21