Training

The following information security courses are available from SeNet:


Introduction to Practical Computer Security Assessments


DESCRIPTION


This class will teach the basics of assessing your network for security vulnerabilities using open-source and low cost tools.  You will learn how to perform port scans to identify systems running unnecessary or dangerous services, how to perform vulnerability scans, and how to assess the security posture of your systems on a regular basis.  Tips and tricks will be provided to make this process more efficient and delivering better results.  The class will consist of several labs where you will have the opportunity to perform the scanning activities yourself.


INTENDED AUDIENCE


This class is attended for system administrators and other IT professionals who are responsible for managing and operating computer networks.  Information security personnel who did not have hands-on experience in security assessments are also the target audience.

 

C_A101: CERTIFICATION AND ACCREDITATION FUNDAMENTALS (3 DAYS)

 

DESCRIPTION


The Federal Information Security Management Act (FISMA) directed the National Institute of Standards (NIST) to develop a comprehensive security certification and accreditation (C&A) process for information systems that support the federal government.  The guidelines for implementing this process are contained in NIST SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems.  SeNet has designed this introductory course to instruct government personnel and their contractors on the fundamentals of this process.


INTENDED AUDIENCE


Government personnel and their contractors who are:
Tasked with performing or maintaining their organizations system/network (C&A) process.
Responsible for any portion of a C&A effort but who have less than one year of active participation in the process.
Interested in learning how to build the team necessary to conduct a successful, efficient C&A effort.
Authorizing Officials, Authorizing Official Designated Representative, Chief Information Officers, Senior Agency Information Security Officers, Risk Executives, Information System Owners, Common Control Providers, Information Owners, Information System Security Officers, Information System Security Engineers, Security Control Assessors, and User Representatives

 

C_A102-1: PHASE 1 C & A INITIATION PHASE (2 DAYS)


DESCRIPTION


This session covers the basic documents and tasks involved in the initial documentation phase of the C&A process. Attendees will learn the specifics about what goes into each of the documents that are required for (C&A) of information systems under FISMA and NIST SP 800-37.


INTENDED AUDIENCE


Government personnel and their contractors who are:
Responsible for performing or maintaining their organizations system/network (C&A) and testing.
Authorizing Officials, Authorizing Official Designated Representative, Chief Information Officers, Senior Agency Information Security Officers, Risk Executives, Information System Owners, Common Control Providers, Information Owners, Information System Security Officers, Information System Security Engineers, Security Control Assessors, and User Representatives.


C_A102-2: PHASE 2 SECURITY CERTIFICATION (3 DAYS)


DESCRIPTION


This session covers the basic tasks involved in the certification phase of the C&A process.  This phase of the C&A process is about execution of security control assessments for components of an information system.  This session covers how to develop the plans for testing those components and then executing those tests and analyzing the results.


INTENDED AUDIENCE


Government personnel and their contractors who are:
Responsible for performing or maintaining their organizations system/network (C&A) and testing.
Authorizing Officials, Authorizing Official Designated Representative, Chief Information Officers, Senior Agency Information Security Officers, Risk Executives, Information System Owners, Common Control Providers, Information Owners, Information System Security Officers, Information System Security Engineers, Security Control Assessors, and User Representatives

 

C_A102-2L: PHASE 2 SECURITY CERTIFICATION + LABS (5 DAYS)


DESCRIPTION


This session covers the same content as in C_A102-2.  This phase of the C&A process is about execution of the system test and evaluation (ST&E) of the components of an information system.  This session covers how to develop the plans for testing those components and test execution, as well as collating the test results.  In addition, it includes laboratory exercises that are actual C&A testing exercises using available tools and techniques for testing on information system components.  Actual hands-on use of testing tools are utilized during lab exercises.


INTENDED AUDIENCE


Government personnel and their contractors who are:
Responsible for performing or maintaining their organizations system/network (C&A) and testing.
Information System Owners, Common Control Providers, Information Owners, Information System Security Officers, Information System Security Engineers, and Security Control Assessors