Home - Training

Information Security Continuous Monitoring for Federal Information Systems and Organizations

3 Day Course

The Information Security Continuous Monitoring for Federal Information Systems and Organizations 3-day course explores new guidance, policy and procedures for implementing a well-developed and thorough strategy for building a continuous monitoring program IAW NIST SPs 800-137, 800-39, 800-55, 800-128, 800-37 (Rev. 1), and 800-53 (Rev. 3).

This course builds on the principles of the NIST Risk Management Framework (Step 6) and supporting NIST guidance (Risk Management, Performance Measurements, Security Control Catalogue, Security Control Assessment Procedures, Configuration Management, System Development Life Cycle, etc.) to provide the students with knowledge and understanding of the new continuous monitoring guidance relating to understanding the process, identifying procedures, developing an organizational strategy and ultimately incorporating a continuous monitoring program into the organizational mission/business functions

Cost of Course: $1,500.00 per student (GSA and Volume Rates Available)

Materials Required

There are no materials required of students attending courses at either SecureInfo location.

Students attending mobile courses at customer sites must furnish their own laptops as each student will be asked to create documentation and participate in practical hands-on exercises that guide the students learning experience. The laptop must have Adobe Acrobat Reader, Microsoft Excel and Word.

Course Materials Provided

Students will receive a workbook (to include instructional slides) and Resource Kit via CD (includes all supporting materials and exercises).

Instructor Policy

Students should arrive no later than 10 minutes prior to start time on the first day of class. If you have any special requirements that need to be addressed prior to arrival, please let us know at the time of registration. Please do not make any travel arrangements prior to 6:00 PM on the last day of training.

Locations

We offer this course in the SecureInfo training classroom (San Antonio, Texas or Alexandria, Virginia locations) or via mobile training at your facility for up to 15 students per course. Contact us at training@secureinfo.com or (888) 677-9351 (ask for training) for more information and pricing on mobile training options.

Who Should Attend?

  • Individuals associated with the design, development, implementation, operation, maintenance, and disposition of federal information systems
  • Individuals with information system development and integration responsibilities (e.g., program managers, information technology product developers, information system developers, information systems integrators, enterprise architects, information security architects)
  • Individuals with information system and/or security management/oversight responsibilities (e.g., senior leaders, authorizing officials, chief information officers, senior information security officers)
  • Individuals with information system and security control assessment and monitoring responsibilities (e.g., system evaluators, assessors/assessment teams, independent verification and validation assessors, auditors, or information system owners)
  • Individuals with information security implementation and operational responsibilities (e.g., information system owners, common control providers, information owners/stewards, mission/business owners, information system security engineers/officers)

Course Topics

Module 1: Introduction to Continuous Monitoring (NIST SP 800-137)

  • Course Overview/Objectives
  • Key Terms
  • Continuous Monitoring Background
  • Purpose and Applicability
  • Overview of Continuous Monitoring Process
  • Relationship to Other Guidance Documents

Module 2: The Fundamentals – Ongoing Monitoring in Support of Risk Management

  • Organization-wide View of Continuous Monitoring
  • Ongoing Security Authorizations
  • Role of Automation in Continuous Monitoring
  • Continuous Monitoring Roles and Responsibilities

Module 3: The Process – Building, Implementing, and Maintaining a Continuous Monitoring Program

  • Define Continuous Monitoring Strategy
  • Establish Measures and Metrics
  • Establish Monitoring and Assessment Frequencies
  • Implement a Continuous Monitoring Program
  • Analyze Data and Report Findings
  • Respond to Findings
  • Review and Update the Monitoring Program and Strategy

Register Now

Questions about our corporate training may be directed to training@secureinfo.com, or call 888.677.9351.

Ask about our mobile training capability--it saves you money!