Security Control Assessment (SCA) Process Overview

Подписаться 9 тыс.

Просмотров 27 тыс.

50% 1

In this video we looked at how to prepare for a Security Control Assessment (SCA). What we need to do before, during and after the Assessment.
Security Assessment Plan (SAP): - This document clearly defines the process, procedures, and methodologies for testing Information System Security Controls.
Security Assessment Reports (SAR): - This documents is used to document all the results of the testings and assessments conducted. It also clearly defines the process, procedures and methodologies utilized for testing and assessing the security controls of an Information System.
FedRAMP Documents and Templates
www.fedramp.gov/documents-tem...
Computer Security Resource Center
csrc.nist.gov/publications
The free way to help the channel grow is by subscribing using the link below:
ru-vid.com?su...
************Patreon & Channel Support******************
www.patreon.com/kamilSec?fan_...
*******Order your KamilSec (KS) Designs Merch:*********
kamilsec.creator-spring.com/
**************************************************************
CashApp: $Kamilzak
Zelle: kaamilzak@gmail.com
Paypal: paypal.me/MZakari
Thank You!!!
*************************************************************
*I ALSO CONDUCT INDIVIDUALIZED RESUME AND INTERVIEW PREP SESSION*
Connect with me on Social Media:
Twitter: / kamilzak_1
Instagram: @Kamilzak1

Опубликовано:

21 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 86

@lawrencemichael6002 Год назад

Kamil, you are just a generous genius. Bless your heart in the good work you continue to do and life you touch globally. Thank you champ.

@KamilSec Год назад

Thank you, I appreciate that!!!

@poshtecconsults8 2 года назад

A great teachable moment. Thank you Prof.

@KamilSec 2 года назад

You are very welcome, Portia.

@germainkone9029 Год назад

So thankful. Anytime that I am lost a little bit I come over here and I walked out so satisfied . Thanks again 🙏

@KamilSec Год назад

You are so welcome

@germainkone9029 Год назад

@@KamilSec Please tell me what how far in details and how many minutes should I go with Tell me about yourself question ! After watching so many videos with no clear answer , here I am again seeking for some tips. Thanks again in advance. 🙏

@Fidelisinspire 3 месяца назад

Excellent content and presentation. I'm using this to prepare for an upcoming SCA interview. Thank you so much brother!

@KamilSec 2 месяца назад

Best of luck!

@leviteshouse7213 2 года назад

Great job as usual Prof👍

@KamilSec 2 года назад

Thanks Sir!

@Risklearner 5 месяцев назад

Thank you for the video. So helpful to understand the SCA process.

@KamilSec 5 месяцев назад

Glad it was helpful!

@elvistuffour1731 2 года назад

Great content, Legend!

@KamilSec 2 года назад

Thanks Elvis!

@Nsorkwame 2 года назад

Thanks sir, very informative as usual 👌🏼

@KamilSec 2 года назад

You're welcome Kwame, thanks!

@realchanger8220 Год назад

Very very helpful. Thank you

@KamilSec Год назад

Glad it was helpful!

@adedolaadediran4712 2 года назад

such great information.Thanks Kamilsec. Am a new subscriber

@KamilSec 2 года назад

You're very welcome Adedola, and thanks for being a subscriber on the channel!

@XX2LFEUSNVET 2 года назад

Appreciate it learned more here than on my project team, like they're trying to sabatosh me on purpose.

@KamilSec 2 года назад

I am glad it was helpful!

@ALLISONFolks Год назад

amazing content sir, extremely helpful. Thank you

@KamilSec Год назад

Most welcome Allison!

@user-vb8nc5cf5q 5 месяцев назад

Thank you for such a great presentation. Very informative and helpful. 👍

@KamilSec 3 месяца назад

Glad it was helpful!

@sjames916 2 года назад

Gold! Kamil laying out the blueprint to get into security compliance.

@iyamahsylva7316 Год назад

Good training and program

@KamilSec Год назад

Thanks!

@algbla6042 2 года назад

Great presentation on preparation for control assessment. Definitely learned a lot from this.

@KamilSec 2 года назад

Awesome, I am glad to hear that Alhaji, Thanks!

@FM-zp2hl 2 года назад

Amazing content

@KamilSec 2 года назад

Thanks!

@princenanafosu8161 Год назад

Good job .thanks👍

@KamilSec Год назад

You're Welcome 👍

@AdeleClarice 2 года назад

Thank you for the video.. very helpful.

@KamilSec 2 года назад

You're very welcome! Glad it was helpful!

@AdeleClarice 2 года назад

@@KamilSec do you have some form of training? I just got a job as a SCA... I need some more help.

@annetish1205 2 года назад

Awesome- God bless u

@KamilSec 2 года назад

Thank you so much, Anne.

@annetish1205 2 года назад

How do I contact you?

@KamilSec 2 года назад

Kaamilzak@gmail.com

@juddybest1612 Год назад

The best teaching. Thanks a lot. Question: What skills or qualities are expect by an Organization from a newly hired SCA who has no prior practical/ field knowledge of the job? For instance, one who just graduated from the college.

@KamilSec Год назад

Usually, they prefer to hire candidates with at least few years of experience.

@RodThePRConsult 2 года назад

Awesome presentation... Thank you.. I have a question, how often should Security Assessment Report be updated?

@KamilSec 2 года назад

New SARs are only created after every Security Control Assessment (SCA). SAR are updated when/if after the SCA and a finding was disputed, and the assessors agree, then they will update the SAR. Hope that makes sense.

@estheranddemiyaforsang6171 Год назад

Awesome video Sir! Can you share the artifact list, please?

@lachampagnia 2 года назад

Hello. Do you offer interview prep classes?

@abdulzar1050 2 года назад

Thanks a lot for this presentation. It a has vicarious feel to it. Can you do on risk assessment?

@KamilSec 2 года назад

I am sure I have something on Risk Assessment on the channel as well.

@abdulzar1050 2 года назад

@@KamilSec thanks

@farahatiqah9988 2 года назад

Great presentation! Is there any sources or guidance from NIST on artifacts request list? For eg if Access Control Family is being assessed, what are the list of artifacts should be requested? Thanks!

@KamilSec 2 года назад

Unfortunately no. This has to be developed by the assessment team members.

@maxwellaburam4911 2 года назад

Great Video. Do you have a video on how to develop a test plan for assessing security controls./Control Correlation I identifier (CCI)?

@KamilSec 2 года назад

Not yet, will do that soon.

@CFH298 2 года назад

This was would be an awesome video. Thanks!

@sidalpha2000 Год назад

good info

@KamilSec Год назад

Thanks

@cgao5599 Год назад

Share a complete ATO package video.

@benjaminacquaye6444 5 месяцев назад

🙏

@atohambe5775 2 года назад

Hi Kamilsec. I will like to join your class for training. When is the next cissp class?

@KamilSec 2 года назад

Not conducting training currently.

@jesl3nt64 2 года назад

I have a question what are some of the monitoring tools afther Accessment is done

@KamilSec 2 года назад

Well depending on the agency, SIEM tools like Splunk, QRadar as well as Vulnerability scanning tools like Nessus, WebInspect, DBProtect, NexPose etc. can be used to assist in the Continuous Monitoring.

@AlmondHealthcareServicesLLC Год назад

great video's, do you have training classes?

@KamilSec Год назад

Not yet...

@cricriy1400 2 года назад

Is this work a team work or a self work?

@KamilSec 2 года назад

Yea, the SCA is a team work

@joycefynn8496 2 года назад

Well done prof! How can I contact you please?

@KamilSec 2 года назад

kaamilzak@gmail.com

@tanveerahmed9494 7 месяцев назад

Hi, can u pls share the artifact request list

@KamilSec 7 месяцев назад

There is a link to my Patreon page in the video description where you can find all documents I used in my videos.

@jackybandoh7335 2 года назад

Quick question What’s the difference between security assessment and risk assessment?

@KamilSec 2 года назад

I will say Security Assessment can be a subset of Risk Assessment. Because in Risk Assessment, every aspect of the business or the organization such as financial, marketing, competitive advantages etc. of the business will be evaluated and reviewed, where as Security Assessment can be just limited to security operation.

@jackybandoh7335 2 года назад

Thanks

@maryniang7683 Год назад

How can you be reached?

@KamilSec Год назад

Kaamilzak@gmail.com

@uche2564 Год назад

What are some common problems you would run into during an assessment ?

@KamilSec Год назад

1. Clients not providing artifacts/evidence on time 2. Clients deliberately providing wrong artifacts/evidence 3. Clients refusing to accept findings and so on....

@uche2564 Год назад

@@KamilSec Thankyou! One last question. As an assessor, what are your options or next steps if a client refuses to accept the findings