Risk Management For DoD IT

Convocourses Podcast: Plan of Action and Milestone

February 20, 2023 by Bruce Brown Leave a Comment

A Plan of Action and Milestones (POA&M) is a document that identifies tasks needing to be accomplished to remediate or mitigate risks to a system. It is a requirement under NIST 800-53, which is a guideline for federal agencies and contractors to follow when managing their information security programs. A NIST 800 POA&M, therefore, is a POA&M that is developed in compliance with NIST 800-53 standards.

The NIST 800 POA&M details the resources required to accomplish the elements of the plan, any milestones for meeting the tasks, and scheduled milestone completion dates [1]. The document is continuously updated as progress is made towards remediation, making it a living, dynamic document [2]. The POA&M is a critical tool for anyone responsible for tracking and reporting compliance issues or risks identified for a system [3].

NIST 800-53r5 recommends the use of security automation software to support the POA&M process. This software can help with tracking POA&M items and milestones, and integrate with ticketing systems for streamlined management of remediation activities [2].

https://youtube.com/live/Q4_fKRo0jdU

Start with These IT Certifications (Part 1)

February 18, 2023 by Bruce Brown Leave a Comment

There are some entry-level security certifications such as CompTIA Security+ and ISC2 Certified in Cybersecurity (CC).

If you don’t know ANYTHING and have no experience, then you will need to start with courses that will teach basics for information technology.

How to Tailor Security Controls in NIST 800

February 17, 2023 by cyberaware2 Leave a Comment

There are over 1000 NIST 800 controls, but you are not supposed to use them all. You only use what you need.

For a break down of the NIST RMF process check out my course:

https://securitycompliance.thinkific.com/courses/rmf-isso-foundations

#cybersecurityjobs are recession proof

February 16, 2023 by cyberaware2 Leave a Comment

I have been working in cybersecurity since 2000 and I have not been without a job unless I wanted to be without a job.

The need for cybersecurity is still very hot.

#cybersecurityjobs are recession proof

https://securitycompliance.thinkific.com/courses/cybersecurity-jobs-resume-marketing

What IT Certifications for Information Security (part 2) (8140)

February 15, 2023 by cyberaware2 Leave a Comment

Here is a breakdown of the 8140.

What IT Certifications for Information Security (8140)

February 14, 2023 by Bruce Brown Leave a Comment

The previous name was DoD Directive (DoDD) 8570.01. It was updated to expand established DoD policies and assigned responsibilities for managing the DoD cyberspace workforce.

The directive unifies the overall cyberspace workforce and establishes specific workforce elements (cyberspace effects, cybersecurity, and cyberspace information technology (IT)) to align, manage and standardize cyberspace work roles, baseline qualifications, and training requirements.