6 Interview Questions Regarding SSPs
Vložit
- čas přidán 28. 08. 2024
- Risk Management Framework (RMF) Interview.
Likely questions you could get asked regarding System Security Plan (SSP)
I also have ISSO training that covers more RMF interview questions.
www.cyberfirstacademy.com
#CybersecurityTraining #RMF
Cybersecurity interview questions
beautiful explanation thanks for educating us i just found out about your channel a couple of days ago and i have been stock .
Very informative, helpful and valuable. Thank you for sharing.
This was so helpful thank you so much Sir
This was very helpful. Thank you. Thanks for all u do. I really learn a lot from your videos. Great job always.Very informative. Do you also have some possible questions on POA&M?
Yes. I plan to post that in a couple of days
good day, how can I contact you personally? I need to ask a personal question
Do you have any potential questions for FedRAMP?
It could be helpful if you give the answers and elaborate.
Hi. I here is the transcript I pulled from this CZcams video where I elaborated on the answers to each question "0:00
potential interview questions that you
0:02
could get asked
0:03
as an isso
0:06
or someone working within the risk
0:09
management framework or
0:12
an analyst or
0:14
someone working on
0:16
security assessment and authorization
0:22
[Music]
0:32
questions potential interview questions
0:34
that you could get asked
0:36
as an isso
0:39
or someone working within the risk
0:42
management framework or
0:45
an analyst or
0:47
someone working on security assessment
0:50
and authorization
0:53
so there are six questions you could get
0:55
asked about an ssb obviously there are
0:58
more questions but in this video we're
1:00
going to be talking about six questions
1:02
so the first question is
1:05
do you have
1:06
any experience
1:09
on
1:10
SSPs do you have any experience working
1:12
on SSPss
1:14
so an SSPs is
1:16
called the system security plan and it's
1:18
basically
1:19
uh the security bible for a system or
1:22
application if you will
1:26
this question
1:28
is going to be asked
1:30
to
1:31
gauge
1:32
your
1:34
level of experience
1:37
and then two
1:39
to figure out
1:40
what other follow-up questions you'll
1:43
get asked so please answer this question
1:46
honestly
1:47
um just tell them hey i have experience
1:49
working on ssb
1:51
um i did this at my previous job
1:54
we worked on
1:57
six SSPss
1:59
or i worked on one SSPs a day where i
2:03
updated it blah blah blah
2:06
the next question you get asked about an
2:08
SSPs
2:09
is
2:10
how many years of
2:13
experience do you have working on SSPs so
2:16
the first one was do you have any
2:18
experience
2:20
second one is
2:21
how many years of experience so if you
2:24
had answered the first question
2:27
first question by saying how many years
2:29
of experience obviously they would not
2:31
ask you the second question
2:33
so
2:34
again this second question is another
2:37
way to gauge
2:39
your level of experience and
2:42
to determine
2:44
what other follow-up questions they'll
2:46
ask you
2:47
so if you say that you have five years
2:49
of experience working on SSPSs
2:53
just know
2:55
that in your
2:56
responses to the question you can't
2:59
guess and say uh
3:01
uh i forgot oh you know you can't sound
3:04
like a rookie because now you said you
3:07
have five years of experience there's
3:09
certain things that you should know
3:11
as a seasoned
3:13
uh cyber security professional
3:16
okay so if you my suggestion is if
3:19
you have one year of experience six
3:22
months whatever it is
3:23
answer the question honestly
3:27
third question you could get asked is
3:30
what type of work
3:33
do you do
3:34
with SSPs
3:37
so
3:38
there's only
3:40
four major things you could do
3:42
with an SSP you could either develop the
3:45
SSPs
3:47
you could either update the SSPs
3:50
you could either review the SSPs
3:52
or submit the SSP so those are the four
3:55
major things
3:56
you could do
3:58
or four major categories you could do
4:00
when working on an SSPs
4:03
so your answer could be could fall under
4:06
any of those four categories so develop
4:09
the SSPs then they could have follow-up
4:12
questions how did you develop the SSPs
4:14
did you develop the SSPs from scratch did
4:16
you use templates
4:18
um
4:20
updating the SSPs
4:22
how did you update the SSPs what types of
4:24
things would you do when you update the
4:26
SSPs then you could talk about oh
4:29
i updated the date i updated the
4:31
implementation description updated the
4:33
controls
4:34
and things of that nature i updated the
4:36
pocs reviewing the SSPs
4:39
when we talk about reviewing the SSPs
4:42
there are certain things you could do
4:44
in the interview talk about in the
4:46
interview when reviewing an SSPs
4:48
tell them hey i've reviewed the ssb for
4:51
accuracy i reviewed the SSPs to make sure
4:54
that uh the the dates were
4:58
aligned
4:59
um the pocs were correct i reviewed the
5:02
SSPs for
5:03
grammar issues or spell checks
5:06
um so those are the types of things you
5:08
could do when reviewing the SSPs
5:11
submitting the SSPs
5:14
is
5:14
a part of
5:16
the process where you submit the SSPs
5:19
for
5:20
either for an assessor to
5:22
review you submit the SSPs for
5:26
um the system owner to review and sign
5:30
so you submit the SSPs for signatures to
5:33
be obtained
5:35
the fourth question you get asked about
5:37
how
5:39
you worked on SSPs or SSPs in general
5:43
is
5:44
who signs the SSPs
5:46
who signs the SSPs
5:48
so there is a signature block for the
5:51
SSPs
5:52
and typically the system owner signs
5:56
the isso signs
6:00
the authorizing official signs on the
6:02
ssb now the
6:04
for your organization you could have
6:07
other signatories like the privacy
6:09
officer
6:11
the chief information security officer
6:14
could have a signature block as well but
6:16
just know that those
6:18
are the common uh signatories on
6:22
an SSPs
6:23
the fifth question you could get asked
6:26
about an SSPs
6:27
could be
6:29
the system categorization so they could
6:31
ask you a question like what types of
6:35
SSPs
6:36
do you work with or what types of
6:39
templates if you mention that you work
6:41
use templates what types of templates
6:44
did you work with were they
6:48
high moderate or low
6:50
so this is where you would answer yeah i
6:53
typically worked on
6:54
low systems
6:56
moderate systems and then you could go
6:59
into
7:00
categorization just to let them know
7:02
that you're familiar with
7:04
the concept of system categorization the
7:07
sixth question you get asked about
7:10
working on SSPs
7:13
is
7:15
what are the common problems you've seen
7:19
with SSPs what are the common issues
7:22
you've noticed in SSPs
7:24
and this question could get answered by
7:27
saying hey
7:29
most common question i see is wrong
7:32
implementation descriptions
7:34
or
7:35
wrong information or outdated
7:37
information"
Let me know if there was something specific you were looking for that I didn't go over