ISSO\RMF Training Questions (Please note, your name and question will be publicly posted and seen by others online. Do not post any sensitive information or information that can put you or your client at risk)

12/3/2020

Raphael Osamor

12/11/2020 07:22:44 am

sir Yinka;

Is it the information system owner that is responsible for the continuous monitoring phase? or just the responsible party but others may be assign to handle the phase?

Thanks!!!

PR

CyberFirst Solutions

12/11/2020 09:18:33 am

Hello,

The System Owner, though listed as the responsible party in NIST 800-37, does not do all the leg work in this Phase. The ISSO updates implementation statements if need be and uploads artifacts for the Assessor to assess. The Assessor assesses the controls, reviews the implementation statement and passes or fails the control.

The ISSO then briefs the System Owner on the status of the continuous monitoring (Sir/Madam, this is how many controls failed, this is how many passed). System Owner approves is briefed before, during and after continuous monitoring and signs any documents needed

Kate

8/20/2021 03:13:10 am

The NIST 800 Series, i saw its from U.S Department of commerce,
Is it a general series? can it be use in Africa, Nigeria.

Thanks

Ola

8/20/2021 06:45:46 am

Hi Kate,

The NIST series can be used anywhere. It's basically best practices or guidelines.

KATE

8/20/2021 04:54:02 pm

WHATS THE DIFFERENCE BETWEEN CISSP AND ISSO

Ola

8/28/2021 03:49:46 pm

Hi Kate,

The CISSP is a professional cybersecurity certification while ISSO is a job title.

Now, there is also an ISSO certification by Mile One but it 8s more recognized in Canada

Ola

8/28/2021 03:51:15 pm

*is

Shewalem Addis

9/20/2022 09:14:20 am

Thank you for the classes Sr. if there is anyway you can help me understanding the difference 800-30 =800-53. i have got my Security+ certificate and went through your class afterward i also understand that i can't take the certificate for CAP without 2 year experience. my tough question how do i put my self in the market where do i begin from also i haven't ever put resume together is there any help. please help guiding to this life changing journey

Thank you

Ola

9/20/2022 09:38:26 am

Hi Shewalem. Congrats on your Security +. 800-30 is a guide for conducting risk assessments while 800-53 is regarding security controls that you will apply to a system. You can still take the CAP exam even without experience. You just would not be able to receive the full CAP certificate. You will get the associate CAP. If you have experience, then you can get the full certificate. If you have the security +, you don't need the CAP unless the job you are applying for requires the CAP. To put yourself out there, you need to develop your resume (See the section in the course about developing your resume and use the resume template) You also need to create a Linkedin profile and lastly, start applying for Junior ISSO or Junior Security Control Assessor positions on Indeed.com or Dice.com

Sorie Sesay link

10/26/2022 08:14:16 pm

First, I wanna say thank you for putting a wonderful course. If I am being honest, this is the first course I have taken and completed.

Secondly, from the previous comments I am happy and a little bit relief when you said "If you have a security plus, you don't need a CAP unless the job requires it" I am planning to get the cap cert by the end of the year.

I just completed an associate degree in cybersecurity & cloud computing and also a Security Plus but I decided not to go for my bachelor "yet" until I have a decent paying job. Currently, I work as an account admin for a healthcare company.

Lastly, what advice do you have for me?

Ola

10/27/2022 08:34:22 am

Awesome! That's good to hear. The next step will be to prepare your resume and add "Security + training" on it, then start applying for jobs while you study for your Security +

Sorie link

10/27/2022 08:22:13 pm

Do you help with the resume building for Security+?

Sadat

1/19/2023 10:05:40 am

Good Afternoon Ola,

I was curious if you will hold another Zoom Q&A session?

Annick Kelly

8/11/2023 01:07:45 pm

Hi Mr. Ola,

Can someone send you their resume for review?

Cyber Blog

ISSO\RMF Training Questions (Please note, your name and question will be publicly posted and seen by others online. Do not post any sensitive information or information that can put you or your client at risk)

Leave a Reply.

CyberFirst Solutions

Archives

Categories