Category Archives: information system compliance

IT security position job Q&A (part 1)

Check out my FREE courses at: https://securitycompliance.thinkific.com

In this video we read some of your questions about getting IT Security Jobs.

masaki23joe
“I have a B.A in Telecommunications, would this work for this career field.” see the answer at 00:00:45

shawn 08
“Hey Bruce I got my security + and cap. What do you suggest on how to get into the risk management/ security auditing field when someone doesn’t have any experience? I do have 7 years experience in desktop support and data center monitoring just want to try a different field but not sure how to go about this.”
answer at 00:02:53

David petrell
“What training is need to get into the security field? I have a BS in information security and working a MS in Cybersecurity and working on getting my CEH cert. What are ways that I can get into the security field as I don’t have any security experience and most jobs postings are wanting at least 4 to 5 years of experience”
answer at 00:06:26

diacap tarry town

DIACAP Compliance Engineer and Information Assurance Lead Jobs (risk management framework)

Role: DIACAP Compliance Engineer
Location: Tarrytown, NY
Duration: 6+ months

Enterprise Solution Inc.
500 E. Diehl Road, Suite 130, Naperville, IL 60563
Office: # 630-214-9485
E-Mail : pradyut@enterprisesolutioninc.com
Gmail : pradyut10.esi@gmail.com

Title: Information Assurance Lead
Location: Aberdeen, MD
Client: Federal
Duration: Full Time

Home


8251 Greensboro Drive, 9th Floor

McLean VA 22102
yogeshk@etalentnetwork.com

Office: (877) 715-3865 Ext.328

I get people contacting me every week about jobs all around the US! Today, I am going to show you a couple that I received recently. I hope that it will give you some idea of what employers and contracts look for in security compliance professionals.

3_NIST SP 800-37 (rev 2) changes

NIST 800 37 Revision 2 – RMF for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy

NIST 800 37 Revision 2 Risk Management Framework for Information Systems and Organizations A System

Download the presentation in this Video & Learn more here:

http://securitycompliance.thinktific.com

This is an overview of NIST 800-37 Revision 2. I discuss the changes, the sources and Cybersecurity Framework.

NIST Special Publication 800-37, Revision 2
Risk Management Framework for Security and Privacy
Initial Public Draft: May 2018
Final Public Draft: July 2018
Final Publication: October 2018

NIST 37-800 Rev 2:
http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-37r1.pdf

Executive Order:
https://www.whitehouse.gov/presidential-actions/presidential-executive-order-strengthening-cybersecurity-federal-networks-critical-infrastructure/

OMB:
https://www.whitehouse.gov/sites/whitehouse.gov/files/omb/memoranda/2017/M-17-25.pdf

Cybersecurity Framework:
https://www.nist.gov/sites/default/files/documents/cyberframework/cybersecurity-framework-021214.pdf

NIST SP 800-53 (Revision 5):
https://csrc.nist.gov/publications/detail/sp/800-53/rev-5/draft

Source of Changes:
President’s Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure
Office of Management and Budget Memorandum M-17-25 – next-generation Risk Management Framework (RMF) for systems and organizations
NIST SP 800-53 Revision 5 Coordination

PCI DSSPCI an example of information system security framework

Information Security Framework aka System Compliance

What are Cyber Security Standards?
These are rules that put in place to protect every aspect of an information system.

Also know as information system security standards, information security framework, security system compliance, information system compliance, risk management framework. There are also many types that specialize on different functions of a given industry. For example the medical industry has a standard for protecting patient information called HIPAA which is an acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996. And there is a standard for protecting point of sale and merchant systems called PCI. There are many others.. but the mission is the same… to protect the confidentiality, availability and integrity of important data.