Courses

    Pages & Posts

      • IT Training
        • Amazon Cloud (AWS)
        • Analytics and Big Data
        • Blockchain
        • Cisco
        • Citrix
        • CompTIA Certifications
        • Cybersecurity
        • Development Tools
        • DevOps
        • F5
        • Google Cloud
        • IBM
        • Java
        • Juniper Networks
        • Linux
        • Microsoft
        • Microsoft ON-DEMAND
        • Mobile Computing
        • NetApp
        • Nutanix
        • Oracle
        • Salesforce
        • VMware
        • Web Development, HTML, and JavaScript
      • Business Training
        • Business Analysis
        • Enterprise Architecture
        • HIPAA Certification & Training
        • IT Governance
        • ITIL® Certification
        • Program / Project Management
        • Salesforce
        • Scrum & Agile
        • Seminars
      • Services
        • Cybersecurity Compliance and Risk Management
        • Enterprise Learning Solutions
        • IT Performance Management
        • Media Security Solutions
        • Microsoft Certificate Program
        • Returning Citizens Initiative
        • Rental Request Form
        • State & Local Government
      • Student Resources
        • Navigating Babbage Simmel Academy Courses
        • Student Guide / Daily Schedule
        • College Credit / Tuition Reimbursement
        • Student Policies
        • Testing & Certifications
        • Promotions
        • Area Hotels
        • Area Restaurants
      • Information Systems Certification and Accreditation Professional

      Course Details

      Download PDF
      ISCAP
      3 Days
      01/27/2020 $2,500.00
      Sign Up for This Class

      Information Systems Certification and Accreditation Professional

      Share this course

      Tweet Share
      babsimLIVE Delivery

      This vendor-neutral Information Systems Certification and Accreditation Professional certification training quantifies the process of certifying, reviewing and accrediting an information system by IT professionals. This certification is designed to provide, through its contents and referenced resources, a complete guide to establishing a certified and accredited information system in any organization.


      This course was created as a standard to measure the set of skills that specific members of an organization are required to have for the practice of certifying, reviewing and accrediting the security of information systems.  Specifically, this training was designed for the individuals who are responsible for creating and implementing the processes used to evaluate risk and institute security baselines and requirements.  These critical decisions will be essential in making sure that the security of the information systems outweighs the potential risks to an organization from any internal or external threats.


      Upon completion, Information Systems Certification and Accreditation Professional students will be able to establish a certified and accredited (authorized) information system in any organization according to current best practices and Federal standards. Students will also be ready to take the ISCAP exam.

      • Course Outline
      • Audience
      • Available Dates

      Course Outline

      Module 1 – Introduction 

      • Logistics
      • Introduction
      • Class Rules
      • The ISCAP Credential
      • What information will be covered?
      • Relationship to Other Processes
      • Changes in Terminology
      • Understanding the Risk Management Framework
      • NIST SP800-37 Rev1
      • Emphasis of SP800-37
      • Multi-tiered Risk Management 
      • The Risk Management Framework
      • What information will be covered?
      • Summary 

       Module 2 - Introduction to the RMF

      • What’s covered in this domain?
      • The RMF
      • The pillars of CIA
      • National Strategy on Cybersecurity
      • Cyber Attacks
      • Federal Policy
      • Actions of Executive Agencies
      • Federal Policies
      • E-Government Act of 2002
      • FISMA
      • Applying NIST 
      • Special Publications
      • 800-39 Purpose
      • NIST SP 800-39
      • Information Systems 
      • What is Risk?
      • Types of Risk
      • Security Risk
      • Information Security Risk
      • Core Documents 
      • Risk Management
      • Risk Management Process
      • IS Risk Management
      • Threats
      • Objectives of the RMF
      • Effective Risk Management
      • Risk Tolerance / Acceptance
      • Risk Assessment
      • Risk Response
      • Risk Monitoring
      • Risk Management Process
      • Frame Risk
      • Multi-tiered Risk Management 
      • Key Parts of Tier 1
      • Tier 2 Activities
      • Key Parts of Tier 2 
      • IS Requirements Integration
      • Tier 3
      • Developing Trust
      • Trustworthiness
      • Frame Risk
      • Frame Risk Activities
      • Risk Assessment
      • Assess Risk Activities
      • Threat
      • Vulnerability
      • Likelihood
      • Adversarial Likelihood
      • Impact
      • Aggregation
      • Quantitative Risk 
      • Qualitative Risk
      • Semi-Quantitative
      • Risk Assessment Process
      • Step 1 – Preparing for the Assessment
      • Conducting the Risk Assessment
      • Conducting the Risk Assessment
      • Communicating and Sharing Risk Assessment Information 
      • Maintaining the Risk Assessment 
      • Risk Management Process
      • Risk Responses
      • Risk Response Strategy
      • Risk Management Process
      • Monitoring Risk
      • Risk Monitoring Activities
      • Moving to the RMF
      • The RMF
      • Security Control Assessment
      • Applying the RMF
      • Applying the RMF cont.
      • The RMF Process
      • Summary

      Module 3 - The Software Development Life Cycle

      • The RMF Process
      • Purpose of SP800-37
      • Definitions
      • Guidelines for Implementing SP800-37
      • Relationship with other SPs
      • Tiered Risk 
      • Management Approach
      • Steps of the RMF
      • Effective Controls
      • The SDLC
      • Balancing all Considerations
      • The Phases of the SDLC Security Requirements
      • Benefits of Early Integration
      • Integration
      • Integrated Project Teams
      • Role of ISSOs
      • Reuse of Information
      • Benefits of Reuse
      • Identifying Boundaries
      • Well-defined Boundaries
      • Correct Boundary Size
      • Size of Information System Boundaries
      • Key Words in Boundary Determination
      • Software Applications
      • Boundaries for Complex Systems
      • Complex System Boundaries
      • What is Security?
      • Allocation of Controls to Subsystems
      • Types of Controls
      • Architecture and Controls
      • Common Controls
      • Control Selection
      • Security Control Allocation
      • Summary

      Module 4 - RMF Step 1

      • The RMF Tasks
      • RMF Tasks
      • Milestones
      • Sequence
      • The Last Step
      • Legacy Systems
      • Level of Effort Required
      • The RMF Process
      • Security Categorization
      • Categorization
      • Map Impact Levels
      • Influence of Architecture
      • Accuracy of Categorization
      • Impact–based Categorization
      • Categorization Levels
      • Format of Categorization
      • Categorization
      • Appropriate Controls
      • SSP
      • Information System Description
      • Information System Registration
      • System Registration
      • Milestone Checkpoint # 1
      • Summary

      Module 5 - RMF Step 2 

      • Common Control Identification
      • Common Controls
      • Supplementing Common Controls
      • Inheriting Controls
      • Common Control Providers
      • Documentation of Common Controls
      • Security Control Selection
      • Selection of Controls
      • Control Selection
      • Preparing for Monitoring
      • Monitoring Strategy
      • Control Monitoring
      • Effective Monitoring
      • Continuous Monitoring
      • Security Plan Approval
      • Milestone Checkpoint # 2

      Module 6 - RMF Step 3 

      • The RMF Process
      • Security Control Implementation
      • Security Controls
      • Security Control Assurance
      • Common Controls
      • Assessments
      • Security Control Documentation
      • Documentation
      • Functional Description
      • Milestone Checkpoint #3

      Module 7 - RMF Step 4

      • The RMF Process
      • Assessment Preparation
      • The Assessment Plan
      • Purpose of the Plan
      • Type of Assessment
      • Approval of the Plan
      • External Providers
      • Assessor Competence
      • Assessor Independence
      • Security Control Assessment
      • Control Assessments
      • Timing of Assessments
      • Assess and Recommend Findings
      • Incremental Assessments
      • Access
      • Security Assessment Report
      • Assessment Report
      • Determination of Risk
      • Assessment Results
      • Remediation Actions
      • Report Findings
      • Response to Findings
      • Reassessment
      • Updating the Security Plan
      • The Updated Plan
      • Optional Addendum
      • Milestone #4

      Module 8 - RMF Step 5

      • The RMF Process
      • Plan of Action and Milestones
      • PoA&M
      • Milestones
      • Monitoring the PoA&M
      • Documenting Weaknesses
      • PoA&M Not Required
      • Security Authorization Package
      • Common Controls
      • Updating the SSP
      • Risk Determination
      • Assess Current Security State
      • Risk Management Strategy
      • Risk Acceptance
      • Explicit Acceptance of Risk
      • Risk Decision
      • The Authorization Decision
      • Communicating the Decision
      • Authorization to Operate
      • Termination Date
      • Interim Authorization to Test
      • Interim Authorization to Operate
      • Type Authorization
      • Examples of Type Authorizations
      • Authorization Approaches
      • Authorization Rescission
      • Denial of Authorization
      • Authorization Decision Document
      • The Decision
      • Termination Date
      • Decision Document
      • Change in Authorizing Official
      • Acceptance of Previous Authorization
      • Milestone Checkpoint #5 

      Module 9 - RMF Step 6

      • The RMF Process
      • Information System and Environment Changes
      • Constant Change
      • Controlling Change
      • Record Changes
      • Impact on Security
      • Impact on Controls
      • Documenting Impact
      • Reauthorization
      • Ongoing Security 
      • Control Assessments
      • Ongoing Monitoring
      • Continuous Monitoring
      • Control Monitoring
      • Ongoing Remediation Actions
      • Updated Assessments
      • Remediation Actions
      • Reassessing Controls
      • Key Updates
      • Updating the SSP
      • Updating the PoA&M
      • Supporting 
      • Continuous Monitoring
      • Security Status Reporting
      • Reporting to 
      • the Authorizing Official
      • Security Status Reports
      • Frequency of Reporting
      • Reauthorization
      • Ongoing Risk 
      • Determination and Acceptance
      • Reviewing Reports
      • Metrics and Dashboards
      • Maintaining Security
      • Information System Removal and Decommissioning
      • Disposal
      • Milestone Checkpoint #6

      Audience

      WHO SHOULD ATTEND?

      • Information System Owners
      • Information System Security Officers
      • Authorizing Officials Information Owners
      • Certifiers and Security Control   Assessors
      • System Managers
      • Project Managers
      • User and Business Representatives
      • U.S. State and Local Governments

      Prerequisites: 

      • 12 months experience in information systems

      Available Course Dates

      01/27/2020 9:00 am - 01/29/2020 5:00 pm babsimLive Delivery
      04/27/2020 9:00 am - 04/29/2020 5:00 pm babsimLive Delivery
      08/10/2020 9:00 am - 08/12/2020 5:00 pm babsimLive Delivery
      Click here to sign up for this class

      Related Courses

      Certified Information Systems Security Manage...

      Today, when it comes to identifying critical issues and providing effective IS m...

      View course details

      Certified Penetration Testing Consultant...

      The vendor-neutral Certified Penetration Testing Consultant course is designed f...

      View course details

      Certified Penetration Testing Engineer...

      The vendor-neutral Certified Penetration Testing Engineer certification course i...

      View course details

      Certified Professional Ethical Hacker...

      The Certified Professional Ethical Hacker vendor-neutral certification course is...

      View course details

      Certified Security Principles...

      Mile2’s Certified Security Principles course provides the skills necessary...

      View course details

      College Credit, CEUs, PDUs and CDUs
      When you take courses with the Babbage Simmel, be sure you get the credit you deserve. Curriculum offered by Babbage Simmel can earn you college credit, CEUs, PDUs or CDUs.

      College Credit
      Select curriculum offered by Babbage Simmel can be utilized for College Credit. For questions please E-Mail: info@babsim.com or call 614-481-4345.

      Continuing Education Units (CEUs)
      Continuing Education Units (CEUs) are nationally recognized standard units of measurement earned for satisfactory completion of qualified programs of continuing education. If you need more information about CEUs, please E-Mail: info@babsim.com or call 614-481-4345.

      Professional Development Units (PDUs)
      Professional Development Units (PDUs) can be issued by PMI® for formal learning activities related to project management. Project Management Professionals (PMPs®) are required to earn a minimum of 60 PDUs every 3 years to maintain certification. For more information about this program go to the PMI® web site or call 1-855 746 4849.

      Continuing Development Units (CDUs)
      CDUs may be earned by attending professional development (e.g. courses, seminars) offered by organizations endorsed by IIBA® and designated as an EEP vendor. As an IIBA Endorsed Education Provider (EEP) Babbage Simmel's IIBA® endorsed courses qualify for CDU credit. For more information about CDUs go the IIBA® web site or call 1-647-426-3735.

      Our babsimLIVE distance learning brings the classroom learning experience to you by seating you virtually into a real-life instructor-led classroom taught by award winning world-class instructors with other IT professionals like yourself. From the comfort of your home, workplace, or at the Babbage Simmel Columbus Campus, you acquire the training you need, when you want it, in the environment that is most comfortable for you to be successful.

      About Us Contact Us Blog Find A Course

      © Copyright 2019 • Babbage Simmel. All Rights Reserved. Columbus Web Design by Jetpack | Privacy Policy