• Skip to main content
  • Skip to primary sidebar

ConvoCourses

Cyber Security Compliance and IT Jobs

  • Cyber Security Training
  • about me.
  • Information Assurance Jobs

ISACA

cism certification

July 23, 2014 by Bruce Brown Leave a Comment

CISM certification
CISM certification

I have known a few people with the the Certified Information Security Manager – CISM certification.  I don’t think it holds as much weight that the CISSP, but then again I am biased.  The industries that I have worked in (federal) give CISSP a pretty high level of trust for general security management type work.  But I have heard that the financial world (banks, investment firms) give more weight to CISA and CISM.

The CISA (certified Information system auditor) and CISM are closely related and kind of cut from the same cloth.  They are both from ISACA.  Since both the CISM certification and CISA are on the DoD’s approved list of certifications, its a pretty valuable certification.

I noticed that those with security manager aspirations go for the CISM.  Its a well respected certification and is often put on the same level as the CISSP for high level security positions.

Filed Under: cyberspace workforce, Risk Management For DoD IT Tagged With: CISM, cism certification, ISACA

risk management association

February 5, 2014 by Bruce Brown Leave a Comment

Security Analysis and Risk Management Association (SARMA) is one of many risk management associations.  SARMA is a non-profit dedicated to security practitioners that are in the business of mitigating risks from man made threats.

ISACA is another risk management association with over 100,000 constituents in 180 countries.  They are the creators and proprietors of Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) and Certified in Risk and Information System Controls (CRISC) certifications.  They also created an Risk IT Framework.

More than just a risk management association, the Information Systems Security Association (ISSA) is a non-profit international organization for information security practitioners an managers.  I have been a member of this organization, and it has LOTS of great people involved in it.  They have local chapters in most major cities in the U.S.  They are great at bringing security professionals together to solve common issues in the industry, barter skill sets, teach new skills, train for IT certifications and promote products and services that involve risk management and/or security.

RIMS – Risk Management Society

The Risk Management Society has a vision of becoming the global leading in all aspects of risk management.  A VERY tall order.

As the preeminent organization dedicated to advancing the practice of risk management, RIMS, the risk management society™, is a global not-for-profit organization representing more than 3,500 industrial, service, nonprofit, charitable and government entities throughout the world. Founded in 1950, RIMS brings networking, professional development and education opportunities to its membership of more than 11,000 risk management professionals who are located in more than 60 countries. For more information on RIMS, visit www.RIMS.org

Filed Under: NIST Security Framework, risk management Tagged With: association of risk management, at risk management, business risk, ISACA, ISSA, risk, risk management, risk management association, rmf, SARMA

isaca risk it framework

January 29, 2014 by Bruce Brown Leave a Comment

ISACA is one of the leading international, non-profit organizations putting out what is now one of the world’s most respected set of information security and risk IT framework & IT certifications:

ISACA Risk IT framework
ISACA Risk IT framework
    • COBIT, Business Framework for Governance and Management of IT Val IT, IT Framework for Business Technology Management
    • Risk IT, Framework for IT Related Business Risk
    • CISA, Certified Information System Auditor
    • CISM, Certified Information System Manager
    • CGEIT, Certified in Governance of IT
    • CRISC, Certified in Risk of Information Systems  Controls
    • ISACA used to stand for Information Systems Audit and Control Association, but is now just ISACA.

ISACA Risk IT Framework

The ISACA has a The Risk IT Practitioner Guide

The Risk IT Framework fills the gap between generic risk management frameworks and detailed (primarily security-related) IT risk management frameworks. It provides an end-to-end, comprehensive view of all risks related to the use of IT and a similarly thorough treatment of risk management, from the tone and culture at the top, to operational issues. In summary, the framework will enable enterprises to understand and manage all significant IT risk types, building upon the existing risk related components within the current ISACA frameworks, i.e., COBIT and Val IT.  http://www.isaca.org/Knowledge-Center/Research/ResearchDeliverables/Pages/The-Risk-IT-Framework.aspx

ISACA Risk IT Framework is more that just a complement to DIARMF/NIST Risk Management framwork, its a complete framework that stands on its own that would be great for a non-government corporate entity to use.

 

Filed Under: DIARMF Tagged With: COBITS, ISACA, isaca risk it framework, IT related business risk, risk, risk it framework, risk management, risk management framework, rmf

Primary Sidebar

search


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book


This book is an overview of how the NIST SP 800-37 risk management framework works from the perspective of an information system security officer (ISSO).

also available on Amazon!

View Book

NIST RMF 800-37 templates
Free 800-37 templates

The NIST 800 Template download contains a .doc file template and xls templates for POAMs, Federal, State, cloud based and a legacy template as well as resources where you can find more on NIST 800-37 documents for your use.

View Book

Learn to Make 6 Figures in CyberSecurity

RMF ISSO Foundations Training
RMF ISSO Foundations Training

RMF ISSO Foundations

I was an Information System Security Officer (ISSO) doing Risk Management Framework (NIST SP 800-37) for over a decade. I am a Cybersecurity veteran and I can explain (in plain English) what you DO in the Risk Management Framework process as an ISSO.

View Course

NIST SP 800-37 Presentation
NIST SP 800-37 Presentation

View Course

login

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Posts

  • Cybersecurity Jobs Resume Marketing: Book 1 Find Cybersecurity jobs
  • Security Control Assessor (SCA) Methods table top exercise
  • Cybersecurity Pro opinion about Tiktok
  • Las Vegas teleworking
  • STIGS in the RMF Process

Meta

  • Register
  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org

Recent Comments

  • http://Www.Finance.Ipt.Pw/ on SRG/STIG Applicability Guide and Collection Tool Update
  • Elsa7 on ConvoCourses podcast: Cyber Security day to day activity
  • Tony on STIG Update – DISA has released the Microsoft SQL Server 2016 STIG Version 1
  • horloge on SCAP Compliance Checker SCC)
  • 218 Information assurance Success Criteria – ITSECURITYSURVIVAL.COM on Information Assurance Vulnerability Alert

Tags

8140 8570 ArcSight c&a CISSP convocourses cyber cybersecurity cyber security DIACAP DIARMF diarmf - implement disa DISA STIG dodd 8140 dodd 8140 cyberspace workforce HBSS IA implement implementation info assurance information assurance information security ISSO it jobs it jobs in usa job jobs Linux mcafee network nist nist risk management framework nist risk management framework 800-37 podcast risk risk assessment risk management risk management framework rmf security STIG stigs unix windows


This is a breakdown of each of the NIST 800-53 security control families and how they relate to each step in the NIST 800-37 risk management framework process.

also available on Amazon!

View Book

Copyright © 2023 · Author Pro on Genesis Framework · WordPress · Log in