Students are guided to create effective security and governance systems through analysis, negotiation, systematic approaches, and utilization of feedback. They will gain skills to generate robust security reports, construct comprehensive Authorization to Operate (ATO) packages, and develop actionable plans with identified remediation tasks. They will learn to apply critical thinking in problem-solving, especially in risk management, and will be able to enhance processes using research findings effectively. Additionally, they will understand how to design governance structures that align with an organization's objectives and interpret laws and regulations for effective compliance program implementation. They will also learn to integrate and monitor governance, risk management, and compliance activities effectively, and report their effectiveness to stakeholders. Additionally, they'll master effective communication and negotiation skills, crucial in professional settings. Students develop competencies to utilize NIST RMF Steps 0-6 (Prepare, Categorize, Select, Implement, Assess, Authorize, Monitor). Students will also prepare for the CGRC Certification.
Learning Objectives
Synthesize an effective Security Assessment Plan (SAP) using comprehensive analysis of the System Security Plan (SSP) and negotiation with a third-party assessor. Generate a robust Security Assessment Report (SAR) using collated on-site testers' feedback and interview outcomes. Formulate an actionable Plan of Action and Milestones (POA&M) using a systematic approach to remediation task identification and timeline establishment. Construct a comprehensive Authorization to Operate (ATO) package through critical evaluation, use of essential tools, and application of effective business writing skills. Execute Information Security Continuous Monitoring (ISCM) processes through understanding of security assessment roles and awareness of audit triggers. Amend the Systems Security Plan (SSP) through continuous evaluation and consideration of proposed system changes during monitoring. Develop a transition strategy to the NIST Risk Management Framework (RMF) and FedRAMP using secondary research and application of risk management knowledge. Employ critical thinking to create innovative solutions to risk management issues across various disciplines. Apply gathered research effectively to enhance risk management processes. Utilize effective communication and negotiation skills within professional settings. Understand and design effective governance structures that align with an organization's strategy and objectives. Identify, assess, and manage risks to the organization, and develop strategies to mitigate these risks. Understand and interpret relevant laws, regulations, and industry standards to design and implement effective compliance programs. Develop the skills to integrate governance, risk management, and compliance activities across the organization for better alignment and effectiveness. Implement processes to monitor ongoing risk and compliance management activities, and report on their effectiveness to stakeholders.
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Competency Areas
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.