nist

Data Security Analyst State of Colorado denver RMF NIST JOB

February 1, 2020 by Leave a Comment

check out the course:
http://convocourses.com

Check out the job:
Job Details:
Job title: Data Security Analyst (0000076025)
Location: Denver, #Colorado(80203)
Estimated Duration: 01/13/2020 – 09/30/2020

Job Description:
Reports to the Director of Security Risk and Compliance or Delegate to perform activities for the oversight of the risk and compliance program.
Perform activities to reduce vulnerabilities for the overall enterprise risk management program.
Performs duties to facilitate confidentiality, integrity, and availability of systems to protect data from unauthorized users.
May require a bachelor’s degree in area of specialty and at least 5 years or more of risk management, experience working in a complex environment, and assessment of internal controls.
Has knowledge of commonly-used concepts, practices, and procedures in accordance with the #NIST #RMF (risk management framework).
The specialized individual must have previous experience with implementing an enterprise risk management (ERM) framework and applicable certifications such as CISSP, CISA, or CISM.
In addition, experience working with a Governance Risk and Compliance tool is highly desired, but not a must-have.
This individual should be a self-starter, able to provide consultative advice and able to work autonomously.

STIG Update – Windows 10 Support Dates and Information

October 2, 2017 by Bruce Brown Leave a Comment

STIG Update – Windows 10 Support Dates and Information

Every Windows product has a lifecycle. The lifecycle begins when a product is released and ends when it’s no longer supported. Knowing key dates in this lifecycle helps you make informed decisions about when to upgrade or make other changes to your software. Below are the dates for Windows 10 lifecycle support:

Windows 10 version 1507 – May 9, 2017

Windows 10 version 1511 – October 10, 2017

Windows 10 version 1607 – Tentatively March 2018

Windows 10 version 1703 – Tentatively September 2018

Windows 10 Version v1511 will become unsupported on 10 October 2017 at which time it will become a CAT I severity to have it installed. Organizations must upgrade to at least v1607 by that time.

It is recommended upgrading to the latest released version.

Refer to this link for additional information: https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet.

For all STIG related questions, please contact the DISA STIG Customer Support Desk: disa.stig_spt@mail.mil

Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs)

September 28, 2017 by Bruce Brown Leave a Comment

STIG Update – Group Policy Objects (GPOs) for Security Technical Implementation Guides (STIGs) – September 2017

Group Policy Objects (GPOs) have been updated for September 2017. See the Change Log document included in the zip file for additional information. DISA Risk Management Executive is posting the GPOs for use by system administrators to ease the burden in securing systems within their environment. The GPOs can be found on IASE website on the Group Policy Objects tab located at this link: https://iase.disa.mil/stigs/Pages/index.aspx

List of GPOs currently in the package:

Office Products:
Access 2013
Access 2016
Excel 2013
Excel 2016
InfoPath 2013
Lync 2013
Office System 2013
Office System 2016
OneDrive for Business 2016
OneNote 2013
OneNote 2016
Outlook 2013
Outlook 2016
PowerPoint 2013
PowerPoint 2016
Project 2013
Project 2016
Publisher 2013
Publisher 2016
SharePoint Designer 2013
Skype for Business 2016
Visio 2013
Visio 2016
Word 2013
Word 2016

Browsers:
Internet Explorer 11
Google Chrome

Antivirus:
Windows Defender AV

Operating Systems:
Windows 10
Windows 7
Windows 8/8.1
Windows Firewall
Windows Server 2008 R2 DC
Windows Server 2008 R2 MS
Windows Server 2012 R2 DC
Windows Server 2012 R2 MS
Windows Server 2016

WEBINAR: GSA, DHS, NIST on personal mobile security, THU 11/10 (CPEs)

November 8, 2016 by Bruce Brown Leave a Comment

Securing and managing agency mobile apps.
WEBINAR, THU 11/10, Complimentary, CPEs

This important video webinar will explore how mobile apps
rapidly expand in agency networks and how agency experts
limit security risks while they manage mobile Web devices
to drive agency productivity and mission achievement.

REGISTRATION AND INFO
https://goto.webcasts.com/starthere.jsp?ei=1123951&sti=emc

ALTERNATE REGISTRATION LINK: www.FedInsider.com

WEBINAR TOPIC
The Framework for Mobile Security in Government

DATE: THU 11/10
TIME: 2:00 PM ET / 11:00 AM PT
DURATION: 1 hour
CPE: 1 CPE from the George Washington University,
Center for Excellence in Public Leadership
COST: Complimentary

SPEAKERS
– JON JOHNSON, Enterprise Mobility Team Manager, GSA

– VINCENT SRITAPAN, Program Manager, Cyber Security
Division, DHS Science and Technology (S&T) Directorate

– JOSHUA FRANKLIN, Information Security Engineer, NIST

– JOHNNY OVERCAST, Director of Government Sales, Samsung
Electronics America

– TOM TEMIN, Host and Managing Editor, The Federal Drive,
Federal News Radio 1500 AM

PRESENTED BY: WTOP, Federal News Radio, FedInsider News,
and The George Washington University Center for
Excellence in Public Leadership

*** OTHER GOVT-INDUSTRY CPE CREDIT EVENTS IN THE SERIES ***
Visit www.fedinsider.com

CART services provided for captioning for all webinars.

Looking forward to meeting you online!

Peg Hosky, President

Email: peg@hosky.com
Phone: 202-237-0300
www.FedInsider.com
LinkedIn: www.linkedin.com/in/peghosky
Twitter: @peghosky

FedInsider News
3811 Massachusetts Avenue NW
Washington DC 20016
F10-171912

Remote Position: Security Engineer/ Architect: Greenwood Village, CO

April 5, 2016 by Bruce Brown Leave a Comment

Job Title: Security Engineer/ Architect (50% Remote)
Location: Greenwood Village, CO
Duration: 12+ Months Contract (Very High possibility of Extension/ Conversion)

Job Description:
KP’s Cyber Security team is looking to expand, mature, and execute the Enterprise Technology Security Hardening Service. The goal of the Security Hardening Service is to develop security-hardening standards for platforms, applications, networks and protocols. These hardening standards serve as the gold image requiring compliance for all implementation of a particular technology or a protocol. The hardening standards take into account the entire lifecycle of a technology or a protocol, and include hardening requirements and/or security recommendations for each phase in the lifecycle from a people, process and technology perspective. These baselines are produced and maintained for applications, networks, and platforms to ensure consistent implementation of technical security controls across KP’s technology landscape. This position is focused towards providing expert level security guidance for producing and maintaining security certifications for KP’s IT landscape based on identification and analysis of security control gaps, industry security best practices, regulatory guidance, and KP’s IS Policies. The position will also involve building a security strategy for the service to ensure the service is extensible to accommodate the changing IT landscape for near term future (e.g. cloud, mobile, big data etc.).

Top 3-5 Daily Responsibilities:

Perform Security Hardening Service Design including process, methodology, and any tools that would be required to ensure hardening standards are developed using a repeatable methodology.
Formally document the artifacts for various phases of security architecture engagements, and obtain sign-off from all stakeholders.

Top 3-5 Required Skills:

BS in IT-related or engineering degree and 4 years of experience in IT industry, OR Associates/ equivalent collegiate certificate in an IT-related or engineering degree program and six years of experience in IT industry.
At least two years of experience in general endpoint configuration management and/or computer engineering, with one year of specialized experience in the following platform OS’s: (requirements can be broken up among different people)

Windows Professional
Windows Server
Linux (RedHat & Suse)
Unix (Solaris)

At least one year specialized experience in interpreting and applying a system of cyber security controls to endpoints, such as NIST 800-53, Defense Information Systems Agency Security Technical Implementation Guides (DISA STIGs), or Center for Internet Security (CIS) Security Benchmarks.
Demonstrated understanding of cloud computing and mobile computing concepts and how to apply them.

Desired Skills:

At least one year’s specialized experience in configuring security settings and setting Enterprise security policy for the following operating systems: (requirements can be broken up among different people)

RedHat Enterprise Linux 7.1, 6.x and 5.x
Suse Linux 11 and 12
Solaris 10 and 11
IBM AIX 5.x, 6.x and 7.x
MacOS 10.x

Experience in working in one of the following cloud architecture environments:

AWS
Azure

Experience in working with and managing mobile devices in an Enterprise environment.
Advanced GIAC certification and/or CISSP

Soft Skills:

Very strong communication skills

If you are qualified, available, interested and planning to make a change, or know of a friend who might have the required qualifications and interest, you can contact me on desk: 415-915-1164 even if we have spoken recently about a different position. If you do respond via e-mail please include the Best time to call and phone number so I can reach you.

Thank you,

Anuj S. Verma
Executive – Resourcing
Pyramid Consulting, Inc.
Email: anuj.verma@pyramidci.com

risk assessment worksheet

January 26, 2014 by Bruce Brown Leave a Comment

Risk Assessment Worksheets are in the form of a spreadsheet or a database that creates a Risk assessment worksheet. These are also known as a risk assessment register or risk log.

Here are some risk assessment worksheets:

Risk Assessment Worksheet a

Risk Assessment Worksheet b

The risk assessment worksheet can be used in the Authentication Package in the DIARMF process / Risk Management. It can be used in the Risk Assessment Report / Security Assessment Report to quantify the potential impact of risk.