Course Overview:

The Certified Information Security Manager (CISM) certification program is developed specifically for experienced information security managers & those who have information security management responsibilities. The CISM certification is for the individual who manages, designs, oversees and/or assesses an enterprise’s information security (IS). The CISM certification promotes international practices & provides executive management with assurance that those earning the designation have the required experience & knowledge to provide effective security management & consulting services. Individuals earning the CISM certification become part of an elite peer network, attaining a one-of-a-kind credential. The CISM job practice also defines a global job description for the information security manager & a method to measure existing staff or compare prospective new hires.

This course is designed to assist in your exam preparation for the CISM exam.

Attendees to TN-825: Certified Information Security Manager (CISM) Seminar will receive TechNow approved course materials and expert instruction.

Document Flow Chart iconsm

Dates/Locations:

No Events

Duration: 5 Days

Course Objectives:

  • Information Security Governance (24%)
  • Establish and/or maintain an information security governance framework and supporting processes to ensure that the information security strategy is aligned with organizational goals and objectives
  • Information Risk Management (30%)
  • Manage information risk to an acceptable level based on risk appetite to meet organizational goals and objectives
  • Information Security Program Development and Management (27%)
  • Develop and maintain an information security program that identifies, manages and protects the organization’s assets while aligning to information security strategy and business goals, thereby supporting an effective security posture
  • Information Security Incident Management (19%)
  • Plan, establish and manage the capability to detect, investigate, respond to and recover from information security incidents to minimize business impact

Prerequisites:

A minimum of five years of information security work experience, with a minimum of three years of information security management work experience in three or more of the job practice analysis areas.

Comments

Latest comments from students


User: tracycampbell

Instructor comments: Dave had great command of the class and the flow of information. The lessons seem relevant to the exam and the course material should assist greatly with passing. As a bonus, his breakdown of PKI helped with my current job requirements.

Facilities comments: The Home2Suites by Hilton was FANTASTIC!



Liked the class?  Then let everyone know!

Twenty years of experience in the area of information assurance ensures that you are benefiting from a very mature and successful security training program.  TechNow offers the full suite of security training courses to meet any DoD 8570 requirements.

Security Course Flow

Unix Course Flow

Here is our list of security related courses.

in   

Security Course Flow

Unix Course Flow

Here is our list of security related courses.

in   

TechNow’s GSA Contract

Learn how TechNow can help you achieve your career and education goals with the information below or contact a Training Advisor today at 1-800-324-2294.  To request more information via the web click here.

Information

SPECIAL NOTICE TO AGENCIES: Small Business Participation – SBA strongly supports the participation of small business concerns in the Federal Supply Schedules Program. To enhance Small Business Participation SBA policy allows agencies to include in their procurement base and goals, the dollar value of orders expected to be placed against the Federal Supply Schedules, and to report accomplishments against these goals.

For orders exceeding the micro-purchase threshold, FAR 8.404 requires agencies to consider the catalogs/price lists of at least three schedule contractors or consider reasonably available information by using the GSA Advantage!( on-line shopping service www.fss.gsa.gov. The catalog/price lists, GSA Advantage!( and the Federal Supply Service Home Page www.fss.gsa.gov contain information on a broad array of products and services offered by small business concerns.   This information should be used as a tool to assist ordering activities in meeting or exceeding established small business goals. It should also be used as a tool to assist in including small, small disadvantaged, and women-owned small businesses among those considered when selecting price lists for a best value determination. For orders exceeding the micro-purchase threshold, customers are to give preference to small business concerns when two or more items at the same delivered price will satisfy their requirement.

1. Geographic Scope of Contract:?The 48 contiguous states of the United States of America, the District of Columbia, Puerto Rico, Alaska, and Hawaii, the United Kingdom and Europe.

2. Contractor’s Ordering Address and Payment Information:

Ordering and Payment Assistance
Maria Askey,
Sales Development
14117 Jones Maltsberger Rd.
San Antonio, TX  78247
800-324-2294  Toll Free
210-733-1093  ext. 224
210-733-6032  Fax
askey.maria@technow.com

Contractors are required to accept the Government purchase card for payments equal to or less than the micro-purchase threshold for oral or written delivery orders. Government purchase cards will be acceptable for payment above the micro-purchase threshold. In addition, bank account information for wire transfer payments will be shown on the invoice.

The following telephone numbers can be used by ordering agencies to obtain technical and/or ordering assistance:

a. Ordering Assistance
Maria Askey, Sales Development
14117 Jones Maltsberger Rd.
San Antonio, TX  78247
800-324-2294 Toll Free
210-733-1093 ext. 224
210-733-6032  Fax
askey.maria@technow.com  

b. Technical Assistance
David Askey
14117 Jones Maltsberger
San Antonio, TX  78247
800-324-2294 Toll Free
210-733-1093 Local
210-733-6032  Fax
askey.davidr@technow.com

3. LIABILITY FOR INJURY OR DAMAGE: The Contractor shall not be liable for any injury to Government personnel or damage to Government property arising from the use of equipment maintained by the Contractor, unless such injury or damage is due to the fault or negligence of the Contractor.

4. Statistical Data for Government Ordering Office Completion of Standard   Form 279:

Block 9:G.Order/Modification
Under Federal Schedule
Block 16: Data Universal Numbering System
(DUNS) Number:   624661591
Block 30: Type of Contractor –  A. Small Disadvantaged Business
Block 31: Woman-Owned Small Business – Yes
Block 36: Contractor’s Taxpayer ID -(TIN):  74-2573500
a. CAGE Code: 0R9N0
b. Contractor has registered with the Central
Contractor Registration  Database.

5. FOB Destination

6. DELIVERY SCHEDULE

a. TIME OF DELIVERY: The Contractor shall deliver   to destination within the number of calendar days after receipt of order (ARO), as set forth below:
SPECIAL ITEM NUMBER  – 132-50

DELIVERY TIME (Days ARO)

For courses at client site, as mutually agreed, for courses at contractor site, per training schedule.

b. URGENT REQUIREMENTS: When the Federal Supply Schedule contract delivery period does not meet the bona fide urgent delivery requirements of an ordering agency, agencies are encouraged, if time permits, to contact the Contractor for the purpose of obtaining accelerated delivery. The Contractor shall reply to the inquiry within 3 workdays after receipt. (Telephonic replies shall be confirmed by the Contractor in writing.) If the Contractor offers an accelerated delivery time acceptable to the ordering agency, any order(s) placed pursuant to the agreed upon accelerated delivery time frame shall be delivered within this shorter delivery time and in accordance with all other terms and conditions of the contract.

7. Discounts: Prices shown are NET Prices; Basic Discounts have been deducted.

a. Prompt Payment: _1_% – _29_ days from receipt of invoice or   date of acceptance, whichever is later.
b. Quantity-None.
c. Dollar Volume-None.
d. Government Educational Institutions- Government – Educational Institutions are offered the same discounts as all other Government customers.
e. Other-20% discount from commercial prices.

8. Trade Agreements Act of 1979, as amended:?All items are U.S. made end products, designated country end products, Caribbean Basin country end products, Canadian end products, or Mexican end products as defined in the Trade Agreements Act of 1979, as amended.

9. Statement Concerning Availability of Export Packing: Export packing will be provided when required.

10. Small Requirements: The minimum dollar value of orders to be issued is  $no limit.

11. Maximum Order (All dollar amounts are exclusive of any discount for prompt payment.)

a. The Maximum Order value for the following Special Item Numbers (SINs) is $25,000:?Special Item Number 132-50 – Training Courses

12. USE OF FEDERAL SUPPLY SERVICE INFORMATION TECHNOLOGY SCHEDULE CONTRACTS. In accordance with FAR 8.404:[NOTE: Special ordering procedures have been established for Special Item Numbers (SINs) 132-51 IT Professional Services and 132-52 EC Services; refer to the terms and conditions for those SINs.]

Orders placed pursuant to a Multiple Award Schedule (MAS), using the procedures in FAR 8.404, are considered to be issued pursuant to full and open competition. Therefore, when placing orders under Federal Supply Schedules, ordering offices need not seek further competition, synopsize the requirement, make a separate determination of fair and reasonable pricing, or consider small business set-asides in accordance with subpart 19.5. GSA has already determined the prices of items under schedule contracts to be fair and reasonable. By placing an order against a schedule using the procedures outlined below, the ordering office has concluded that the order represents the best value and results in the lowest overall cost alternative (considering price, special features, administrative costs, etc.) to meet the Government’s needs.

a. Orders placed at or below the micro-purchase threshold. Ordering offices can place orders at or below the micro-purchase threshold with any Federal Supply Schedule Contractor.

b. Orders exceeding the micro-purchase threshold but not exceeding the maximum order threshold. Orders should be placed with the Schedule Contractor that can provide the supply or service that represents the best value. Before placing an order, ordering offices should consider reasonably available information about the supply or service offered under MAS contracts by using the “GSA Advantage!” on-line shopping service, or by reviewing the catalogs/price lists of at least three Schedule Contractors and selecting the delivery and other options available under the schedule that meets the agency’s needs. In selecting the supply or service representing the best value, the ordering office may consider–

(1) Special features of the supply or service that are required in effective program performance and that are not provided by a comparable supply or service;
(2) Trade-in considerations;
(3) Probable life of the item selected as compared with that of a comparable item;
(4) Warranty considerations;
(5) Maintenance availability;
(6) Past performance; and
(7) Environmental and energy efficiency considerations.

c. Orders exceeding the maximum order threshold. Each schedule contract has an established maximum order threshold. This threshold represents the point where it is advantageous for the ordering office to seek a price reduction. In addition to following the procedures in paragraph b, above, and before placing an order that exceeds the maximum order threshold, ordering offices shall– ?       Review additional Schedule Contractors’

(1) catalogs/price lists or use the “GSA Advantage!” on-line shopping service;
(2) Based upon the initial evaluation, generally seek price reductions from the Schedule Contractor(s) appearing to provide the best value (considering price and other factors); and
(3) After price reductions have been sought, place the order with the Schedule Contractor that provides the best value and results in the lowest overall cost alternative. If further price reductions are not offered, an order may still be placed, if the ordering office determines that it is appropriate.

NOTE: For orders exceeding the maximum order threshold, the Contractor may:

(1) Offer a new lower price for this requirement (the Price Reductions clause is not applicable to orders placed over the maximum order in FAR 52.216-19 Order Limitations);
(2) Offer the lowest price available under the contract; or
(3) Decline the order (orders must be returned in accordance with FAR 52.216-19).

d. Blanket purchase agreements (BPAs). The establishment of Federal Supply Schedule BPAs is permitted when following the ordering procedures in FAR 8.404. All schedule contracts contain BPA provisions. Ordering offices may use BPAs to establish accounts with Contractors to fill recurring requirements. BPAs should address the frequency of ordering and invoicing, discounts, and delivery locations and times.

e. Price reductions. In addition to the circumstances outlined in paragraph c, above, there may be instances when ordering offices will find it advantageous to request a price reduction. For example, when the ordering office finds a schedule supply or service elsewhere at a lower price or when a BPA is being established to fill recurring requirements, requesting a price reduction could be advantageous. The potential volume of orders under these agreements, regardless of the size of the individual order, may offer the ordering office the opportunity to secure greater discounts. Schedule Contractors are not required to pass on to all schedule users a price reduction extended only to an individual agency for a specific order.

f. Small business. For orders exceeding the micro-purchase threshold, ordering offices should give preference to the items of small business concerns when two or more items at the same delivered price will satisfy the requirement.

g. Documentation. Orders should be documented, at a minimum, by identifying the Contractor the item was purchased from, the item purchased, and the amount paid. If an agency requirement in excess of the micro-purchase threshold is defined so as to require a particular brand name, product, or feature of a product peculiar to one manufacturer, thereby precluding consideration of a product manufactured by another company, the ordering office shall include an explanation in the file as to why the particular brand name, product, or feature is essential to satisfy the agency’s needs.

13. FEDERAL INFORMATION TECHNOLOGY/TELECOMMUNICATION STANDARDS REQUIREMENTS: Federal departments and agencies acquiring products from this Schedule must comply with the provisions of the Federal Standards Program, as appropriate (reference: NIST Federal Standards Index). Inquiries to determine whether or not specific products listed herein comply with Federal Information Processing Standards (FIPS) or Federal Telecommunication Standards (FED-STDS), which are cited by ordering offices, shall be responded to promptly by the Contractor.

FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATIONS (FIPS PUBS): Information Technology products under this Schedule that do not conform to Federal Information Processing Standards (FIPS) should not be acquired unless a waiver has been granted in accordance with the applicable “FIPS Publication.” Federal Information Processing Standards Publications (FIPS PUBS) are issued by the U.S. Department of Commerce, National Institute of Standards and Technology (NIST), pursuant to National Security Act. Information concerning their availability and applicability should be obtained from the National Technical Information Service (NTIS), 5285 Port Royal Road, Springfield, Virginia 22161. FIPS PUBS include voluntary standards when these are adopted for Federal use. ??Individual orders for FIPS PUBS should be referred to the NTIS Sales Office, and orders for subscription service should be referred to the NTIS Subscription Officer, both at the above address, or telephone number (703) 487-4650.

13.2 FEDERAL TELECOMMUNICATION STANDARDS (FED-STDS): Telecommunication products under this Schedule that do not conform to Federal Telecommunication Standards (FED-STDS) should not be acquired unless a waiver has been granted in accordance with the applicable “FED-STD.” Federal Telecommunication Standards are issued by the U.S. Department of Commerce, National Institute of Standards and Technology (NIST), pursuant to National Security Act. Ordering information and information concerning the availability of FED-STDS should be obtained from the GSA, Federal Supply Service, Specification Section, 470 East L’Enfant Plaza, Suite 8100, SW, Washington, DC 20407, telephone number (202)619-8925. Please include a self-addressed mailing label when requesting information by mail. Information concerning their applicability can be obtained by writing or calling the U.S. Department of Commerce, National Institute of Standards and Technology, Gaithersburg, MD 20899, telephone number (301) 975-2833.

14. SECURITY REQUIREMENTS. In the event security requirements are necessary, the ordering activities may incorporate, in their delivery orders, a security clause in accordance with current laws, regulations, and individual agency policy; however, the burden of administering the security requirements shall be with the ordering agency. If any costs are incurred as a result of the inclusion of security requirements, such costs will not exceed ten percent (10%) or $100,000, of the total dollar value of the order, whichever is less.

15. CONTRACT ADMINISTRATION FOR ORDERING OFFICES: Any ordering office, with respect to any one or more delivery orders placed by it under this contract, may exercise the same rights of termination as might the GSA Contracting Officer under provisions of FAR 52.212-4, paragraphs (l) Termination for the Government’s convenience, and (m) Termination for Cause (See C.1.)

16. GSA Advantage! GSA Advantage! is an on-line, interactive electronic information and ordering system that provides on-line access to vendors’ schedule prices with ordering information. GSA Advantage! will allow the user to perform various searches across all contracts including, but not limited to:

(1) Manufacturer;
(2) Manufacturer’s Part Number; and
(3) Product categories.

Agencies can browse GSA Advantage! by accessing the Internet World Wide Web utilizing a browser (ex.: NetScape). The Internet address is http://www.fss.gsa.gov/

17. PURCHASE OF INCIDENTAL, NON-SCHEDULE ITEMS:

For administrative convenience, open market (non-contract) items may be added to a Federal Supply Schedule Blanket Purchase Agreement (BPA) or an individual order, provided that the items are clearly labeled as such on the order, all applicable regulations have been followed, and price reasonableness has been determined by the ordering activity for the open market (non-contract) items.

18. CONTRACTOR COMMITMENTS, WARRANTIES AND REPRESENTATIONS

a. For the purpose of this contract, commitments, warranties and representations include, in addition to those agreed to for the entire schedule contract:

(1) Time of delivery/installation quotations for individual orders;
(2) Technical representations and/or warranties of products concerning performance, total system performance and/or configuration, physical, design and/or functional characteristics and capabilities of a product/equipment/ service/software package submitted in response to requirements which result in orders under this schedule contract.
(3) Any representations and/or warranties concerning the products made in any literature, description, drawings and/or specifications furnished by the Contractor.

b. The above is not intended to encompass items not currently covered by the GSA Schedule contract.

19. OVERSEAS ACTIVITIES?The terms and conditions of this contract shall apply to all orders for installation, maintenance and repair of equipment in areas listed in the price list outside the 48 contiguous states and the District of Columbia, except as indicated below: Not applicable-equipment is not offered.???Upon request of the Contractor, the Government may provide the Contractor with logistics support, as available, in accordance with all applicable Government regulations. Such Government support will be provided on a reimbursable basis, and will only be provided to the Contractor’s technical personnel whose services are exclusively required for the fulfillment of the terms and conditions of this contract.

20. YEAR 2000 WARRANTY-COMMERCIAL SUPPLY ITEMS

a. As used in this clause, “Year 2000 compliant” means, with respect to information technology, that the information technology accurately processes date/time data (including, but not limited to, calculating, comparing and sequencing) from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000, and leap year calculations, to the extent that other information technology used in combination with the information technology being acquired, properly exchanges date/time data with it.

b. The Contractor shall warrant that each hardware, software, and firmware product delivered under this contract shall be able to accurately process date time data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the twentieth and twenty-first centuries, including leap year calculations, when used in accordance with the product documentation provided by the Contractor, provided that all products (e.g. hardware, software, firmware) used in combination with products properly exchange date time data with it. If the contract requires that specific listed products must perform as a system in accordance with the foregoing warranty, then that warranty shall apply to those products as a system. The duration of this warranty and the remedies available under this warranty shall include repair or replacement of any product whose non-compliance is discovered and made known to the Contractor in writing within ninety (90) days after acceptance (installation is considered acceptance). The Contractor may offer an extended warranty to the Government to include repair or replacement of any product whose non-compliance is discovered and made known to the Contractor in writing at any time prior to June 1, 2000, or for a period of 6 months following acceptance (installation is considered acceptance) whichever is later. Nothing in this warranty shall be construed to limit any rights or remedies the Government may otherwise have under this contract with respect to defects other than Year 2000 performance.

21. BLANKET PURCHASE AGREEMENTS (BPAs)?Federal Acquisition Regulation (FAR) 13.303-1(a) defines Blanket Purchase Agreements (BPAs) as “…a simplified method of filling anticipated repetitive needs for supplies or services by establishing ‘charge accounts’ with qualified sources of supply.” The use of Blanket Purchase Agreements under the Federal Supply Schedule Program is authorized in accordance with FAR 13.303-2(c)(3), which reads, in part, as follows:

“BPAs may be established with Federal Supply Schedule Contractors, if not inconsistent with the terms of the applicable schedule contract.”

Federal Supply Schedule contracts contain BPA provisions to enable schedule users to maximize their administrative and purchasing savings. This feature permits schedule users to set up “accounts” with Schedule Contractors to fill recurring requirements. These accounts establish a period for the BPA and generally address issues such as the frequency of ordering and invoicing, authorized callers, discounts, delivery locations and times. Agencies may qualify for the best quantity/volume discounts available under the contract, based on the potential volume of business that may be generated through such an agreement, regardless of the size of the individual orders. In addition, agencies may be able to secure a discount higher ?than that available in the contract based on the aggregate volume of business possible under a BPA. Finally, Contractors may be open to a progressive type of discounting where the discount would increase once the sales accumulated under the BPA reach certain prescribed levels. Use of a BPA may be particularly useful with the new Maximum Order feature. See the Suggested Format, contained in this Schedule Price List, for customers to consider when using this purchasing tool.

22. CONTRACTOR TEAM ARRANGEMENTS?Contractors participating in contractor team arrangements must abide by all terms and conditions of their respective contracts. This includes compliance with Clauses 552.238-74, Contractor’s Reports of Sales and 552.238-76, Industrial Funding Fee, i.e., each contractor (team member) must report sales and remit the IFF for all products and services provided under its individual contract.

in   

Course Overview:

This course begins by introducing you to fundamental cloud computing and AWS security concepts including AWS access control and management, governance, logging, and encryption methods. It also covers security-related compliance protocols and risk management strategies, as well as procedures related to auditing your AWS security infrastructure.

The course continues to teach students how to efficiently use AWS security services to stay secure and compliant in the AWS cloud. The course focuses on the AWS-recommended security best practices that you can implement to enhance the security of your data and systems in the cloud. The course highlights the security features of AWS key services including compute, storage, networking, and database services. This course also refers to the common security control objectives and regulatory compliance standards and examines use cases for running regulated workloads on AWS across different verticals, globally. You will also learn how to leverage AWS services and tools for automation and continuous monitoring—taking your security operations to the next level.

Attendees to CL-425: AWS Security Operations and Architecture will receive TechNow approved course materials and expert instruction.

Duration: 5 Days

Audience:
• Security engineers
• Security architects
• Security analysts
• Security auditors
• Individuals who are responsible for governing, auditing, and testing an organization’s IT infrastructure, and ensuring conformity of the infrastructure to security, risk, and compliance guidelines

DoD 8140: Not Mandated

Course Prerequisites:

We recommend that attendees of this course have the following prerequisites:
This course assumes you have the equivalent experience or have taken the AWS operational courses that are in the TechNow AWS track.
CL-415: AWS Security Operations

The above courses encapsulate prerequisite knowledge:
• Experience with governance, risk, and compliance regulations and control objectives
• Working knowledge of IT security practices
• Working knowledge of IT infrastructure concepts
• Familiarity with cloud computing concepts

Course Objectives:

This course teaches you how to:
• Identify the security and compliance benefits of using the AWS cloud.
• Discuss the AWS Shared Responsibility Model.
• Describe the access control and access management features of AWS.
• Use AWS services for security logging and monitoring.
• Describe data encryption methods to secure sensitive data.
• Describe AWS services used to protect network security.
• Describe the basic steps to ensure strong governance of your AWS resources.
• Identify AWS services used to maintain governance of control environments.
• Use the AWS audit features.
• Explain how to audit an AWS environment.
• Explain the AWS compliance and assurance programs.
• Describe how AWS audits and attestations validate that security controls are implemented and operating effectively.
• Assimilate and leverage the AWS shared security responsibility model.
• Mange user identity and access management in the AWS cloud.
• Use AWS security services such as AWS Identity and Access Management, Amazon Virtual Private Cloud, AWS Config, AWS CloudTrail, AWS Key Management Service, AWS CloudHSM, and AWS Trusted Advisor.
• Implement better security controls for your resources in the AWS cloud.
• Manage and audit your AWS resources from a security perspective.
• Monitor and log access and usage of AWS compute, storage, networking, and database services.
• Analyze events by capturing, monitoring, processing, and analyzing logs.
• Identify AWS services and tools to help automate, monitor, and manage security operations on AWS.
• Perform security incident management in the AWS cloud.
• Perform security assessments to ensure that common vulnerabilities are patched and security best practices are applied. The assessment outline deals both with AWS specifics and also lays down the workflow of NIST, FedRAMP, and Cloud Security Alliance STAR compliance for a deployed AWS solution.

Dates/Locations: No Events

Course Outline:

Day 1
• Introduction to Cloud Computing and AWS Security
• Access Control and Management
• AWS Security: Governance, Logging, and Encryption
• Compliance and Risk Management

Day 2
• Introduction to Cloud Security Course Objectives
• Security of the AWS Cloud: Entry Points, Web Application, Communications, and Incident Response.
• Cloud Aware Governance and Compliance and related control frameworks.
• Identity and Access Management
Day 3
• Securing AWS Infrastructure Services
• Securing AWS Container Services
• Securing AWS Abstracted Services
• Using AWS Security Services
Day 4
• Data Protection in the AWS Cloud
• Managing security in a hybrid environment
• Deep dive into AWS monitoring and log analysis
• Protecting against outside threats to AWS VPC
Day 5
• How to carry out a Pentest on an AWS solution
• Security Incident Management and Automating security and incident response
• Threat detection and monitoring sensitive data
• Lets Do it! Building Compliant Workloads on AWS—Case Study