ไม่สามารถเล่นวิดีโอนี้
ขออภัยในความไม่สะดวก
NIST RMF System Categorization Step Hands On (Using SP 800-60 Vol II)
ฝัง
- เผยแพร่เมื่อ 25 ธ.ค. 2020
- Federal Information Security Modernization Act (FISMA) Risk Management Framework (RMF). In this video we went over how new information system is categorized into Low, Moderate or High impact levels using FIPS-199 and SP 800-60 Vol II as guides.
csrc.nist.gov/publications
**You can download a copy of the Assessment Test Case I used in this video for your practice if need be, from my Patreon Page, link below.***
www.patreon.com/kamilSec?fan_...
The free way to help the channel grow is by subscribing using the link below:
th-cam.com/users/KamilSec?su...
************Patreon & Channel Support******************
www.patreon.com/kamilSec?fan_...
*******Order your KamilSec (KS) Designs Merch:*********
kamilsec.creator-spring.com/
**************************************************************
CashApp: $Kamilzak
Zelle: kaamilzak@gmail.com
Paypal: paypal.me/MZakari
Thank You!!!
*************************************************************
*I ALSO CONDUCT INDIVIDUALIZED RESUME AND INTERVIEW PREP SESSION*
Udemy Affliate link:
track.flexlinkspro.com/g.ashx...
Connect with me on Social Media:
Twitter: / kamilzak_1
Instagram: @Kamilzak1
In all honesty, you are a natural born Teacher. You are very amazing at breaking down seemingly complicated documents such as NIST RMF. I tip my hat to you with a standing ovation.
Thank you!
This is awesome presentation, this is my first exposure to the RMF, this presentation has broken the CATEGORIZATION STEP down, I love it.
Thank you.
Glad it was helpful!
I am currently taking RMF class and I thought I understood what I was taught until I watched this video. This is awesome. Great job Prof!! Love it.
Glad it was helpful!
So helpful. Currently talking this class and this is so clear. Plan to contact you for interview prep. Thanks
This guy was born a lecturer... Excellent explanation !!!
Thank you!
Hello Professor, I like to join your class
wow wow wow wow wow this is awesome i wish i met this this class before paying those classes i attended . you are just the best
You are most welcome, please help share the videos to promote the channel
@@KamilSec please I need your contact so we can talk I am interested in having some details
This is the best explanation of RMF and Categorization I've seen so far. Thank you!
You're very welcome! Glad it was helpful.
Thank you much , been in security realm for 10+ years, mostly in technical roles. I have never taken the time to understand the basics of policy and compliance. Now in leadership role and have to learn the hard way. Your videos made everything easy.
You are very welcome, I am very glad my videos are helpful.
Best class you explained everything without reading can’t wait for other classes
Thank you for watching, I am glad you found it beneficial.
@@KamilSec You are doing a wonderful JOB!!!!
@@KamilSec do u have classes in 2022?
You the MAN!! This is exactly what I was looking to clarify. Thanks for your time and the video. Much appreciated. Info categorization is half the battle.
Glad it was helpful!
Great explanations and easy to follow, nice job.
Hi,I just join this group and the information giving is well understood and easy to apply interns of categorizing the system..This is so informative..Thanks prof.
I am glad it was helpful.
Thank you so this video. Down to the nitty gritty. Can't wait for more detailed hands on video.
Awesome, I am glad you like it. Stay subscribed for more videos...
Wow wow! Teaching is a gift and Talent. Thank you for this wonderful explanation and teaching. This is teaching at its finest.
You are very welcome!
I just stumbled upon your channel. You're a great teacher. Thank you so much for these videos. 🙏🏾
Glad you like them! Thanks...
Hi how can one contact you...?
Awesome job done. Thank u!
wow great job ....you took your time and explain everything perfectly... i'm very impressed
Glad it was helpful!
Men, you are wonderful, and your mastery of the subject matter is commendable. I wish i came across your videos before paying for a training that wasn't worth a dime.
Glad you like them!
This is the best session ever. Very very hands-on. I subscribed.
Thanks and Welcome aboard!
Great videos, appreciate you taking the time out of your busy schedule to drop this knowledge.
Thanks.
My pleasure!
@@KamilSec how do I join your class
So well explained! its beyond amazing!
Glad it was helpful!
Excellent!
Thank you so Much Sir,,,, I have been looking for hands on to make me feel like I have been working. I think I find one and I think am now ready to hit the Job Market. May God continue to bless you Sir 🙏🏽🙏🏽
Best of luck!
I love this very insightful
Glad it was helpful!
I have an interview tomorrow thank you for the information it is helpful.
Best of luck on the interview!!!
Thank you so much.
Boss .. u are just a master at ur craft..
thank you so much for these videos and the explanations. it helps a lot
You're very welcome!
Good job bro . You did a great job. Well done 👏
Thank you so much 😀
This video is gold. Thank you 🙏🏽
Glad it was helpful!
Excellent, this worth paying for, great knowledge, thanks
Glad it was helpful!
Thanks so much for the info GOD bless, I m trying to get into GRC
Best of luck!
Great presentation sir!
Thank you kindly!
Good job 👍🏽 👏👏👏
You know what you doing , make it easy and make sense,those others guys all over the place like shit confused
Thank you!
This is great
Thanks!
Ty prof.
Well explained
However can u help differentiate the meanings of
1) Baseline.
2) Impact Level.
3) High/Low water Mark.
Ty
Hello M.K, Baseline in regards to control, is the minimum control needed to provide protection to a system.
Impact Level, is the qualitative descriptions of risk
For High Water Mark please check out the video again, I provided a detailed explanation on that.
This is just amazing. Do you have all your classes for RMF in one place where I can subscribe to and follow step by step?
Yes, you can reach out kaamilzak@gmail.com
Hello bro, are you going to have videos on implementation, Assessment, Authorization and Monitoring?
Whats bro, yea I have 2 videos on Control Assessment on the channel. I will be doing something on Control Implementation, Authorization and Monitoring soon.
@@KamilSec okay bro thank you so much and I appreciate what you are doing for us. Your videos are very helpful.
Hi, i sent you a personal email regarding Training one on one. Im thinking about taking CAP exam or security plus after studying the RMF. I Need some directions. Thank you
With all the GRC tools available, do assessors still go through the process of the NIST SP800 series?
Yes they do...
Great class...😯 wow....Since we need 800-60 for categorization, where does FIPS 199 come into play and for what purpose?
Great question. FIPS-199 is a 13 page document that explains some key concepts we use in the categorization process such as the security objectives, Confidentiality, Integrity, and Availability. It also explains the impact levels (Low, Moderate, and High) what they mean, and how they affect organization/agency, nations and people. It further explains what High Water Mark means. Last but not the least it shows us the format to follow to create our categorization templates and documentation. Hope this help.
@@KamilSec This is excellent. I enjoyed the video. Could you please share more videos that talk about the complete process of building the full RMF? I would greatly appreciate that (ambeben@gmail.com)
@@chakap Sure stay tune I will discuss the full RMF process soon.
@@KamilSec Thank you so much.
@@KamilSec looking forward to that Kamil.
You can make this method for financial institutions as well correct?
Yes, you can. Even though they are different set of controls, the approach is generally similar.
@@KamilSec sorry for asking you again is there an automated excel spreadsheet that you manually use this framework? Eg add a risk and use as a remediation action 2-3 controls and leave a residual risk with a percentage (e.g 5%)
Do you accept GI bill as payment for your class ?
No, we don't accept GI Bills
Please what job is this under as a security analyst....job application...is it auditing....new to cybersecurity please
IT Security Analyst
why was reporting considered the amongst the others in that phrase. was it the choice of the system owner? could you please help me?
Not sure what the ask is here, please elaborate more...
It’s ok I had the answer already
Thank you so much 🙏
Hello sir. What about OSCAL ? any ideas please?
Not there yet, very soon I will look into the automation part...
Not problem sir. Thanks
Hi are you teaching any rmf classes?
Yes
Do you still teach the class? When is the next class starting ?
Currently I do not teach the RMF class due to time constraints, hopefully I will get back to teaching soon...
How can I contact you please!
@@olamish4846 kaamilzak@gmail.com
How much you charge for your ISSO PROGRAM??
th-cam.com/video/wK_1PBMCR4Y/w-d-xo.html
I’ve been trying to connect with you boss..
Look at the videos descriptions for my social media handles and email.
High Impact systems are not all NSS systems!!!! 🤣
Thanks for the comment.
Kamil, what’s your email if someone wants to contact you
kaamilzak@gmail.com
@@KamilSec thanks
@@KamilSec pls your number