FISMA 251
Enterprise Risk Management
4 Day Course/ 6 CPE Credits Per Day
Learn FISMA Certification & Accreditation concepts from top practitioners in the field. The emphasis of the course is on security Certification & Accreditation (C&A) concepts so that they can be applied to any security C&A methodology - NIST, DIACAP, NIACAP, DCID 6/ 3, ICD 503, or NISCAP. This course is not a comparison between the different C&A methodologies. Instead it teaches general concepts to create the broad knowledge base necessary in order to position your career for segue into any C&A project.
The first two days of the course presents an overview of FISMA compliance requirements and discusses what documentation is needed, and what types of information to include in that documentation. The third day offers a survey of how to test for security vulnerabilities, and how to actively exploit and identify actual security vulnerabilities. To get the most out of the third day, you should bring a laptop with you to the course.
FISMA 251 is a intermediate level course. Students should have a basic understanding of information security principles, concepts, and technologies. Although anyone performing security audits can benefit from this course, it is of particular use to U. S. federal agencies that much comply with the Federal Information Security Management Act of 2002 (FISMA). This class is appropriate for students who are novices up to seasoned experts. The hands-on lab exercises are valuable for all experience levels.
Learn FISMA Certification & Accreditation concepts from top practitioners in the field. The emphasis of the course is on security Certification & Accreditation (C&A) concepts so that they can be applied to any security C&A methodology - NIST, DIACAP, NIACAP, DCID 6/ 3, ICD 503, or NISCAP. This course is not a comparison between the different C&A methodologies. Instead it teaches general concepts to create the broad knowledge base necessary in order to position your career for segue into any C&A project.
The first two days of the course presents an overview of FISMA compliance requirements and discusses what documentation is needed, and what types of information to include in that documentation. The third day offers a survey of how to test for security vulnerabilities, and how to actively exploit and identify actual security vulnerabilities. To get the most out of the third day, you should bring a laptop with you to the course.
FISMA 251 is a intermediate level course. Students should have a basic understanding of information security principles, concepts, and technologies. Although anyone performing security audits can benefit from this course, it is of particular use to U. S. federal agencies that much comply with the Federal Information Security Management Act of 2002 (FISMA). This class is appropriate for students who are novices up to seasoned experts. The hands-on lab exercises are valuable for all experience levels.
Related Awards, Degrees or Certifications: Certified FISMA Compliance Practitioner (CFCP)
|
|
||||||||||||
Certificate Program
Provided by FISMA Center
- P asked: I am interested in this class. Can you send me a schedule ferings for FISMA ? Thank you,
- C asked: Where is this coure held? What are the course dates? What is the cost? Thank you
- A asked: When is the FISMA training available and what is the tuition cost? Thank you, Al
- T asked: I am looking for training on FISCAM in St. Louis, Missouri. I am hoping to get accredation or certification from the training.
- T asked: Am looking for training I can send my staff (all levels) to in order to improve our C&A program. Interested in all three levels of training you offer.
- J asked: I would like to learn more about this course as well the pricing, scheduled dates and if there is a corporate discount for Booz Allen Hamilton. My number is -/ John
FISMA 251
Day 1:
Explanation of FISMA Certification and Accreditation terminology;
Types of C&A;
Understanding the C&A process;
Establishing a C&A program;
C&A Project Management;
Preparing the Hardware and Software Inventory;
Determining the C&A Level;
Lab 1: Determine the C&A Level;
Security Awareness & Training;
Creating End-User Rules of Behavior;
Incident Response;
Day 2:
Performing the Security Tests & Evaluation;
Conducting a Privacy Impact Assessment;
Performing a Business Risk Assessment;
Preparing a Business Impact Assessment;
Developing an IT Contingency Plan;
Performing a System Risk Assessment;
Developing a Configuration Management Plan;
Developing a System Security Plan;
Lab 2: Diagramming the Network;
Submitting the Certification Package;
Evaluating the Certification Package
Day 3:
Penetration testing concepts;
Discovery and attack phases;
Intelligence gathering;
Protocols as they relate to pen testing;
Port scanning with nmap;
Sniffers
Day 4:
Buffer overflows;
Race conditions;
Input validation errors;
DNS exploits;
Google dorks;
Metasploit;
CORE Impact
Explanation of FISMA Certification and Accreditation terminology;
Types of C&A;
Understanding the C&A process;
Establishing a C&A program;
C&A Project Management;
Preparing the Hardware and Software Inventory;
Determining the C&A Level;
Lab 1: Determine the C&A Level;
Security Awareness & Training;
Creating End-User Rules of Behavior;
Incident Response;
Day 2:
Performing the Security Tests & Evaluation;
Conducting a Privacy Impact Assessment;
Performing a Business Risk Assessment;
Preparing a Business Impact Assessment;
Developing an IT Contingency Plan;
Performing a System Risk Assessment;
Developing a Configuration Management Plan;
Developing a System Security Plan;
Lab 2: Diagramming the Network;
Submitting the Certification Package;
Evaluating the Certification Package
Day 3:
Penetration testing concepts;
Discovery and attack phases;
Intelligence gathering;
Protocols as they relate to pen testing;
Port scanning with nmap;
Sniffers
Day 4:
Buffer overflows;
Race conditions;
Input validation errors;
DNS exploits;
Google dorks;
Metasploit;
CORE Impact
About The Training Provider: FISMA Center
FISMA Center - The FISMA Center provides information, resources and training to assist U. S. federal agencies in complying with the Federal Information Security Management Act of 2002.
TRAINING:
The FISMA Center offers FISMA training periodically throughout the year. We can also come to your site to train your staff at your location. Registration typically opens approximately two months prior to a...
