• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

information system security officer

ConvoCourses Podcast: RMF ISSO Assignment SSP

January 30, 2022 by Leave a Comment

RMF ISSO Assignment https://securitycompliance.thinkific.com/courses/rmf-isso-assignments-101

https://securitycompliance.thinkific.com/courses/cybersecurity

check out our courses at:
http://convocourses.com

0:00 Convocourses screen
4:29 Convocoures Big Thank you
6:11 Free Training on NIST 800-37 on Convocourses
8:11 New to the ISSO no technical background Where do I get training
19:11 CISSO vs ISSO RMF convoCourses
31:49 Have I Ever Resubmitted a Resume I have already applied for
34:30 ISSO or Cybersecurity Analyst (which should I do)
41:30 ISSO Assignment – System Description for SSP
47:30 From ISSO to SCA (my opinion)
59:52 Remote Work From Home Since 2015
01:05:00 Post Your Cybersecurity Course on Convocourses
01:11:14 Can I Become an ISSO with No Experience
01:20:49 ISSM vs ISSO roles
01:45:46 Do I Need a Masters Degree or CISSP for ISSO
01:32:04 Convocourses podcast
01:33:21 IT position for Working Remote
01:47:17 Looking for SCA Courses and Reading Comments
01:50:00 Resume Marketing for Cybersecurity IT
01:53:52 Thank you Convocourses

http://www.nist80037rmf.com/wp-content/uploads/2022/01/ConvoCourse-Podcast-RMF-ISSO-Assignment-SSP.mp3

Podcast: Play in new window | Download

Subscribe: Google Podcasts | Pandora | iHeartRadio | Stitcher | TuneIn | Deezer | RSS

Filed Under: Risk Management For DoD IT Tagged With: information system security officer, ISSO, risk management framework, rmf, ssp, system security plan

ISSO II @ Schriever AFB

February 23, 2020 by Leave a Comment

The ISSO’s primary function is working within Special Access Programs (SAPs) supporting Department of Defense (DoD) agencies, such as HQ Air Force, Office of the Secretary of Defense (OSD) and Military Compartments efforts. The position will provide “day-to-day” support for Collateral, Sensitive Compartmented Information (SCI) and Special Access Program (SAP) activities.

Performance shall include:

Review, prepare, and update AIS authorization packages
Notify customer when changes occur that might affect AIS authorization
Perform AIS self-inspections, provide security coordination and review of all system test plans
Identify AIS vulnerabilities and implement countermeasures
Represent the customer on various technical review and inspection teams
Conduct security surveys at subordinate facilities and gather pertinent security documentation for inclusion into system authorization packages
Coordinate, prepare, and track AIS inspections, reports, and responses
Maintain AIS security records and prepare Co-Utilization Agreements for network nodes operating in government facilities
Prepare reports on the status of security safeguards applied to computer systems
Ensure AIS and network nodes are operated, maintained, and disposed of in accordance with security policies and practices
Perform ISSO duties in support of in-house and external customers
Assist Department of Defense, National Agency and Contractor organizations with the development of assessment and authorization (A&A) efforts
Review, track, and conduct AIS training
Experience:

4 years related experience
Education:

Bachelor’s degree or equivalent experience (4 years)
Certifications:

Must meet position and certification requirements outlined in DoD Directive 8570.01-M for Information Assurance Technician Level 2 within 6 months of the date of hire
Security Clearance:

Current Top Secret Clearance with SCI Eligibility
Eligibility for access to Special Access Program Information
Willingness to submit to a Counterintelligence polygraph
Other Requirements:

Must be familiar with current security policy/manuals Must have the ability to work in a dynamic environment and effectively interact with numerous DOD, military/civilian personnel and industry partners
Working knowledge of Microsoft Office (Word, PowerPoint, and Excel)
Possess a high degree of originality, creativity, initiative requiring minimal supervision
Willingness to travel within the organizational geographic Area of Responsibility (AOR) (note – could be extensive, and will include both air and ground transportation)

PL Consulting, Inc. Dedicated to Cyber Security

A Service Disabled Veteran Owned Small Business

C: 443.880.7716 O: 571.525.2477

https://www.plcinc.us/

Filed Under: cyberspace workforce, DIARMF Jobs, Information Assurance Jobs, IT Security Jobs Tagged With: afb, cybersecurity, IAO, information assurance officer, information system security officer, Information Systems Security Managers (ISSMs), ISSO, schriever, usaf

Information System Security Officer DC

April 5, 2019 by Leave a Comment

checkout the courses:
http://securitycompliance.thinkific.com

****
Title: Information System Security Officer (#ISSO)
Location : Washington, DC
Duration : Full time

Active Clearance required.

Description:
The contractor shall assist the government in the assessment process for all new and legacy systems to determine the security requirements associated with each system. The contractor shall interact with both technical and non-technical personnel in order to conduct a comprehensive review of a system, network or application. This is a technical role requiring moderate to advanced knowledge of security engineering, the #ATO process, enterprise monitoring, and incident response. The contractor shall assist in building or refining the program to achieve the assessment process. The contractor shall work with various elements of the cybersecurity team to understand roles, missions and requirements in order to inform this process.

Minimum Qualifications and Experience
At least 3 years serving as an Information Systems Security Officer (ISSO) at a cleared facility.
Minimum of 5 years work experience in a computer science- or Information Assurance-related field.
At least one of the following certifications: Certified Information Systems Security Professional (#CISSP), Global Information Security Professional (#GISP), or the CompTIA Advanced Security Practitioner (#CASP) or other certifications exemplifying skill sets such as those described in DoD Instruction #8570.1 IAM Level III proficiency.
Familiarity with the use and operation of security tools including Tenable. Nessus and/or SecurityCenter, IBM Guardium, Client Weblnspect, or like applications and Network Mapper (#NMAP).
A bachelor’s or advanced degree in Computer Science, Information Assurance, or Engineering is preferred.

Please provide the following information
Rate Expectation:
Full Name:
Contact No:
Alternate contact (if any):
Email address:
Current Location:
Relocation:
Availability:
Visa status

Kindly share your detailed resume at zoeyw@etalentnetwork.com

If you are qualified and interested in making a change or know of a friend who might have the required qualifications, please call me ASAP at (703) 261-7028 Ext.267, even if we have spoken recently about a different position. If you do respond via e-mail please include a daytime phone number so I can reach you. In considering candidates, time is of the essence, so please respond ASAP. Thank you.

Sincerely yours,
ZoeyWest
E TalentNetwork

Home


8251 Greensboro Drive, Suite 250
McLeanVA
zoeyw@etalentnetwork.com
(703) 261-7028 Ext.267

Filed Under: cyberspace workforce, DIARMF, Information Assurance, Information Assurance Jobs, IT Security Jobs, risk jobs, roles, security compliance Tagged With: ATO, casp, comptia, dod, information system security officer, ISSO, nessus, network, system, webinspect

Information System Security Officer sunnyvale, CA

April 4, 2019 by Leave a Comment

check out my courses:
http://securitycompliance.thinkific.com

*****
the job in this video:
Job Title: Information Systems Security Officer
Location: Sunnyvale, CA
Duration: 6 Months (Possible extension)


Secret Clearance

Job Description:
Performs system and program auditing to ensure compliance to system security plan.
Conducts risk assessments and provides recommendations for secure implementation and compliance in accordance with government regulations and information assurance/cybersecurity guidelines. Creates, maintains and submits information system security documents and reports to regulatory agencies and leadership.
Assesses and mitigates system security threats/risks throughout the program life cycle; validates system security requirements definition and analysis; establishes system security documentation; assists with the implementation of security procedures; verifies information system security requirements; performs information system certification and accreditation planning, testing, assessing and liaison activities.
Familiar with information system security architectural documentation standards.
Able to apply information assurance / cyber security standards, directives, guidance and policies to an architectural/risk based framework.
Provide architectural / risk based analysis of information assurance / cyber security features and relate existing system to future needs and trends and requirements.

Skills Required
Windows client/server background. Some UNIX/LINUX technical experience, knowledge of OS security requirements and IS (Information Systems) auditing experience.
HBSS and SIPRNet experience required.

Experience Required
Previous ISSO and SIPRNet experience needed.

Education Required
Bachelor or equivalent work experience.

Please provide the following information
Rate Expectation:
Full Name:
Contact No:
Alternate contact (if any):
Email address:
Current Location:
Relocation:
Availability:
Visa status

Kindly share your detailed resume at zoeyw@etalentnetwork.com

If you are qualified and interested in making a change or know of a friend who might have the required qualifications, please call me ASAP at (703) 261-7028 Ext.267, even if we have spoken recently about a different position. If you do respond via e-mail please include a daytime phone number so I can reach you. In considering candidates, time is of the essence, so please respond ASAP. Thank you.

Sincerely yours,
ZoeyWest
E TalentNetwork

Home


8251 Greensboro Drive, Suite 250
McLeanVA
zoeyw@etalentnetwork.com
(703) 261-7028 Ext.267

Filed Under: cyberspace workforce, diarmf - implement, Information Assurance, Information Assurance Jobs, IT Security Jobs, risk jobs, Risk Management For DoD IT Tagged With: cyber, cyber security, IA, information assurance, information system security architectural, information system security officer, Information Systems Security Managers (ISSMs), ISSO, sunnyvale, threats

Information security officer

July 2, 2014 by Bruce Brown Leave a Comment

Information security officer (aka Information system security officer, ISSO) is an important role in the risk management process.  In fact, they are often the foot soldiers “charging the hill” during the entire risk management framework process.. (or sometimes, “ice skating uphill”).

The information system security role begins at the Initial phase of the System Development Lifecycle (SDLC).  According to the NIST SP 800-37, “The information system security officer is an individual responsible for ensuring that the appropriate operational security posture is maintained for an information system and as such, works in close collaboration with the information system owner”.  In the legacy DIACAP days this role was called  Information Assurance Officer (IAO).  The ISSO is created and managed by the Information System Security Manager (ISSM).

information system security officer
information system security officer

The information security officer is often expected to do multiple security disciplines not limited to: technical, administrative or even  physical security.

From a technical perspective, the ISSO can be tasked with doing continuous monitoring of threats, data loss prevention, detecting and resolving vulnerabilities using tools like security information and event managers (SIEM), vulnerability scanners, and anti-virus servers. They may assist the system administrators in implementing required security patches.  They may have to review code for security flaws, help with initial security architectures, conduct incident handling or any number of technical security tasks.

The administrative “to do list” of an information security officer might include creating, editing or reviewing security policies.  They may write standards, guideline and best practices related to the security features of systems.  Paperwork and policy in security requires a LOT of meetings and coordination with other parts of an organization.  The ISSO must be very good at dealing with technical subject matter experts and managers at every level since they are often the one in the middle of everything.

Information security officer’s are sometimes in-charge of making sure the physical security surrounding the information system is commensurate with the level of the information that needs to be protected.  That means that if the information on the asset is classified it may have to have MORE physical security than a system that has data processed on a web server for the public.  To do this, the ISSO will have to work with facility managers, security guard services and even building developers (in some cases).  They may also have to do crypto security.

The overall job of the ISSO is to maintain the security posture and security baseline of the system. For this reason they often wear many hats.

Filed Under: Risk Management For DoD IT, roles Tagged With: Information security officer, information system security officer, ISSO

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Cybersecurity Jobs Resume Marketing: Book 1 Find Cybersecurity jobs
  • Security Control Assessor (SCA) Methods table top exercise
  • Cybersecurity Pro opinion about Tiktok
  • Las Vegas teleworking
  • STIGS in the RMF Process

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in