Security Control Assessment (SCA) Training

Course Overview

Security Controls Assessment provides a current and well-developed approach to evaluation and testing of security controls to prove they are functioning correctly in today's IT systems. This course shows you how to evaluate, examine, and test installed security controls in the world of threats and potential breach actions surrounding all industries and systems. If a system is subject to external or internal threats and vulnerabilities - which most are - then this course will provide a useful guide for how to evaluate the effectiveness of the security controls that are in place.

The Security Control Assessment (SCA) is a process for assessing and improving information security. It is a systematic procedure for evaluating, describing, testing, and examining information system security prior to or after a system is in operation. The SCA process is used extensively in the U.S. Federal Government under the RMF Authorization process. Security assessments are conducted to support security authorization events for agencies and organizations. These assessments provide data in a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise.

This security control assessment process identifies vulnerabilities and countermeasures and determines residual risks; then the residual risks are evaluated and deemed either acceptable or unacceptable. More controls must be implemented to reduce unacceptable risk and then re-evaluated. The system may be deployed only when the residual risks are acceptable to the enterprise.

The goal of the SCA activity is to assess the security controls using appropriate assessment procedures to determine the extent to which the controls are:

• Implemented correctly,
• Operating as intended, and
• Producing the desired outcome with respect to meeting the security requirements for the system.

Who Should Attend?

• Those who are Citizens of the United States of America
• Those who are Permanent Resident of the United States of America. A permanent resident can also take this training, but there are fewer jobs posted requiring Permanent Resident compared to jobs requiring US Citizens. However, if a Green Card holder decides to take this training, there will be no guarantee of getting a job in a timely manner as opposed to a Citizen, especially in a federal structure.
• Those permitted to work in the United States of America.
• Those who want to possess the technical competency in assessing security control for effectiveness.

Learning Objectives

• Introduction to Cybersecurity and Controls
• Overview of Risk Management Framework (RMF) Steps
• Review of the SCA role in RMF Implementation
• SCA Criteria and Requirements
• Assessing Security Controls – The Process
• How to Prepare for Assessment
• How to Conduct Assessment
• How to Conclude Assessment

Delivery Methods

• Online, Instructor-Led
• 1-On-1 Training
• Self-Paced
• Corporate Training

Course Duration

• 12 Weeks (48 Hours)

Materials Required

• Laptop – Student Responsibility
  • A laptop is required as each student will be required to perform project tasks and exercises that will guide the student’s learning process.

What is included?

• Industry-Relevant Projects (Gain on the job experience)
• Microsoft 365 suite access (Duration of the class)
• Adobe Acrobat Pro DC (Duration of the class)
• Mentorship Program (Duration of the class)
• Interview preparation
• Resume Building
• LinkedIn Profile Development
• LinkedIn Networking Tips

Hardware Required

• Laptop (Windows PC Preferred)
• Access to high-speed internet connection.
• A headset with a microphone is Required.

Key Features of the Security Control Assessor Training

• 100% hands-on projects — no exams
• Validation you are NIST RMF/FedRAMP Assessor job-ready
• NIST RMF/FedRAMP Assessor project experience employers seek
• Taught by industry experts and designed to meet the ever-evolving cybersecurity industry.

JOBS AFTER THIS CRMF TRAINING

• Security Control Assessor (SCA)
• Independent Verification and Validation (IV&V)
• FISMA Auditor
• IT Control Auditor
• Internal Control Auditor
• Audit & Compliance Analyst