Developing and Performing Security Assessments and Control Compliance

Security assessments are an important process in determining the value and importance of an organization’s assets and the cost and impacts should they be compromised. Assets are not only technological and can span networks, devices, data, intelligence and even materials, equipment, inventories and human workers and the workforce.

Every organization sector has a different reliance on assets and the security controls for them will differ, reflecting their value as well as levels of confidentiality and sometimes legislative requirements. Both private and public sectors, across all industries will find this webinar useful. Law enforcement, government and military will find this webinar very useful as it covers assessment and compliance with NIST and also addresses the importance of the Authorization to Operate and that the proper controls are selected and implemented.

This webinar will cover the basics of the Security Assessment and Authorization (SA&A) process, generically and using the industry standard NIST 800:53. It will also cover the main SA&A deliverables and reports and what they are used for, and SA&A formulas and procedures for assessing assets, the current security posture, vulnerabilities, and the four threat scenarios we aim the protect against. A short discussion on insider threats will be given to provide an understanding of how this threat is a derivative of the common threat scenarios and how it is mitigated through certain security controls and the security assessment tool, TIGIR, will be used to demonstrate some of the more complex deliverables. Other standards and assessments, such as SOC 1,23, ISO 27000 series, CMMC and others will also be explained. Attendees will leave with a working knowledge on develop the scope and how to perform a security assessment and the NIST standard, as well as an understanding of other industry standards, and common terms and deliverables in Security Assessments.