Security Control Assessment (SCA) Process Overview
Vložit
- čas přidán 13. 07. 2024
- In this video we looked at how to prepare for a Security Control Assessment (SCA). What we need to do before, during and after the Assessment.
Security Assessment Plan (SAP): - This document clearly defines the process, procedures, and methodologies for testing Information System Security Controls.
Security Assessment Reports (SAR): - This documents is used to document all the results of the testings and assessments conducted. It also clearly defines the process, procedures and methodologies utilized for testing and assessing the security controls of an Information System.
FedRAMP Documents and Templates
www.fedramp.gov/documents-tem...
Computer Security Resource Center
csrc.nist.gov/publications
The free way to help the channel grow is by subscribing using the link below:
czcams.com/users/KamilSec?su...
************Patreon & Channel Support******************
www.patreon.com/kamilSec?fan_...
*******Order your KamilSec (KS) Designs Merch:*********
kamilsec.creator-spring.com/
**************************************************************
CashApp: $Kamilzak
Zelle: kaamilzak@gmail.com
Paypal: paypal.me/MZakari
Thank You!!!
*************************************************************
*I ALSO CONDUCT INDIVIDUALIZED RESUME AND INTERVIEW PREP SESSION*
Connect with me on Social Media:
Twitter: / kamilzak_1
Instagram: @Kamilzak1
Kamil, you are just a generous genius. Bless your heart in the good work you continue to do and life you touch globally. Thank you champ.
Thank you, I appreciate that!!!
A great teachable moment. Thank you Prof.
You are very welcome, Portia.
So thankful. Anytime that I am lost a little bit I come over here and I walked out so satisfied . Thanks again 🙏
You are so welcome
@@KamilSec Please tell me what how far in details and how many minutes should I go with Tell me about yourself question ! After watching so many videos with no clear answer , here I am again seeking for some tips. Thanks again in advance. 🙏
Thank you for the video. So helpful to understand the SCA process.
Glad it was helpful!
Great job as usual Prof👍
Thanks Sir!
Very very helpful. Thank you
Glad it was helpful!
Great content, Legend!
Thanks Elvis!
Excellent content and presentation. I'm using this to prepare for an upcoming SCA interview. Thank you so much brother!
Best of luck!
Thanks sir, very informative as usual 👌🏼
You're welcome Kwame, thanks!
Thank you for such a great presentation. Very informative and helpful. 👍
Glad it was helpful!
Gold! Kamil laying out the blueprint to get into security compliance.
Appreciate it learned more here than on my project team, like they're trying to sabatosh me on purpose.
I am glad it was helpful!
amazing content sir, extremely helpful. Thank you
Most welcome Allison!
such great information.Thanks Kamilsec. Am a new subscriber
You're very welcome Adedola, and thanks for being a subscriber on the channel!
Good job .thanks👍
You're Welcome 👍
Good training and program
Thanks!
Thank you for the video.. very helpful.
You're very welcome! Glad it was helpful!
@@KamilSec do you have some form of training? I just got a job as a SCA... I need some more help.
Amazing content
Thanks!
Great presentation on preparation for control assessment. Definitely learned a lot from this.
Awesome, I am glad to hear that Alhaji, Thanks!
🙏
Awesome- God bless u
Thank you so much, Anne.
How do I contact you?
Kaamilzak@gmail.com
good info
Thanks
Awesome video Sir! Can you share the artifact list, please?
Share a complete ATO package video.
Hello. Do you offer interview prep classes?
The best teaching. Thanks a lot. Question: What skills or qualities are expect by an Organization from a newly hired SCA who has no prior practical/ field knowledge of the job? For instance, one who just graduated from the college.
Usually, they prefer to hire candidates with at least few years of experience.
Awesome presentation... Thank you.. I have a question, how often should Security Assessment Report be updated?
New SARs are only created after every Security Control Assessment (SCA). SAR are updated when/if after the SCA and a finding was disputed, and the assessors agree, then they will update the SAR. Hope that makes sense.
Thanks a lot for this presentation. It a has vicarious feel to it. Can you do on risk assessment?
I am sure I have something on Risk Assessment on the channel as well.
@@KamilSec thanks
Great presentation! Is there any sources or guidance from NIST on artifacts request list? For eg if Access Control Family is being assessed, what are the list of artifacts should be requested? Thanks!
Unfortunately no. This has to be developed by the assessment team members.
Great Video.
Do you have a video on how to develop a test plan for assessing security controls./Control Correlation I identifier (CCI)?
Not yet, will do that soon.
This was would be an awesome video. Thanks!
I have a question what are some of the monitoring tools afther Accessment is done
Well depending on the agency, SIEM tools like Splunk, QRadar as well as Vulnerability scanning tools like Nessus, WebInspect, DBProtect, NexPose etc. can be used to assist in the Continuous Monitoring.
Hi Kamilsec. I will like to join your class for training.
When is the next cissp class?
Not conducting training currently.
great video's, do you have training classes?
Not yet...
What are some common problems you would run into during an assessment ?
1. Clients not providing artifacts/evidence on time
2. Clients deliberately providing wrong artifacts/evidence
3. Clients refusing to accept findings and so on....
@@KamilSec Thankyou! One last question. As an assessor, what are your options or next steps if a client refuses to accept the findings
Is this work a team work or a self work?
Yea, the SCA is a team work
Well done prof! How can I contact you please?
kaamilzak@gmail.com
Hi, can u pls share the artifact request list
There is a link to my Patreon page in the video description where you can find all documents I used in my videos.
Quick question
What’s the difference between security assessment and risk assessment?
I will say Security Assessment can be a subset of Risk Assessment. Because in Risk Assessment, every aspect of the business or the organization such as financial, marketing, competitive advantages etc. of the business will be evaluated and reviewed, where as Security Assessment can be just limited to security operation.
Thanks
How can you be reached?
Kaamilzak@gmail.com
Great one,Can you be my Mentor sir
kaamilzak@gmail.com
Hi uncle
Hi Zee Zee, How are you? I hope you are reading your books.
I think so