NIST RMF System Categorization Step Hands On (Using SP 800-60 Vol II)

Рет қаралды 59,616

Күн бұрын

Federal Information Security Modernization Act (FISMA) Risk Management Framework (RMF). In this video we went over how new information system is categorized into Low, Moderate or High impact levels using FIPS-199 and SP 800-60 Vol II as guides.
csrc.nist.gov/...
**You can download a copy of the Assessment Test Case I used in this video for your practice if need be, from my Patreon Page, link below.***
www.patreon.co...
The free way to help the channel grow is by subscribing using the link below:
www.youtube.co...
************Patreon & Channel Support******************
www.patreon.co...
*******Order your KamilSec (KS) Designs Merch:*********
kamilsec.creat...
**************************************************************
CashApp: $Kamilzak
Zelle: kaamilzak@gmail.com
Paypal: paypal.me/MZakari
Thank You!!!
*************************************************************
*I ALSO CONDUCT INDIVIDUALIZED RESUME AND INTERVIEW PREP SESSION*
Udemy Affliate link:
track.flexlink...
Connect with me on Social Media:
Twitter: / kamilzak_1
Instagram: @Kamilzak1

Пікірлер: 128

@1step2life Жыл бұрын

In all honesty, you are a natural born Teacher. You are very amazing at breaking down seemingly complicated documents such as NIST RMF. I tip my hat to you with a standing ovation.

@KamilSec Жыл бұрын

Thank you!

@joseskobena9801 3 жыл бұрын

This is awesome presentation, this is my first exposure to the RMF, this presentation has broken the CATEGORIZATION STEP down, I love it. Thank you.

@KamilSec 3 жыл бұрын

Glad it was helpful!

@jimmyk3443 2 жыл бұрын

I am currently taking RMF class and I thought I understood what I was taught until I watched this video. This is awesome. Great job Prof!! Love it.

@KamilSec 2 жыл бұрын

Glad it was helpful!

@germainkone9029 2 жыл бұрын

So helpful. Currently talking this class and this is so clear. Plan to contact you for interview prep. Thanks

@leema5051 2 жыл бұрын

This is the best explanation of RMF and Categorization I've seen so far. Thank you!

@KamilSec 2 жыл бұрын

You're very welcome! Glad it was helpful.

@Tonezatl Жыл бұрын

This guy was born a lecturer... Excellent explanation !!!

@KamilSec Жыл бұрын

Thank you!

@joyful422 10 ай бұрын

Hello Professor, I like to join your class

@wilfredoduro6017 18 күн бұрын

I’m currently taking this class and his tutorials have been a great help ..Thanks Prof.

@lepatriote007 Жыл бұрын

Thank you much , been in security realm for 10+ years, mostly in technical roles. I have never taken the time to understand the basics of policy and compliance. Now in leadership role and have to learn the hard way. Your videos made everything easy.

@KamilSec Жыл бұрын

You are very welcome, I am very glad my videos are helpful.

@kafagodwill9185 2 жыл бұрын

wow wow wow wow wow this is awesome i wish i met this this class before paying those classes i attended . you are just the best

@KamilSec 2 жыл бұрын

You are most welcome, please help share the videos to promote the channel

@kafagodwill9185 2 жыл бұрын

@@KamilSec please I need your contact so we can talk I am interested in having some details

@rahmadiallo2896 3 жыл бұрын

Best class you explained everything without reading can’t wait for other classes

@KamilSec 3 жыл бұрын

Thank you for watching, I am glad you found it beneficial.

@ericmicheltsanga9714 3 жыл бұрын

@@KamilSec You are doing a wonderful JOB!!!!

@saved123 3 жыл бұрын

@@KamilSec do u have classes in 2022?

@ppvshenoy 2 жыл бұрын

You the MAN!! This is exactly what I was looking to clarify. Thanks for your time and the video. Much appreciated. Info categorization is half the battle.

@KamilSec 2 жыл бұрын

Glad it was helpful!

@chindaleonardawudu7573 Жыл бұрын

Wow wow! Teaching is a gift and Talent. Thank you for this wonderful explanation and teaching. This is teaching at its finest.

@KamilSec Жыл бұрын

You are very welcome!

@skylarngugi9894 6 ай бұрын

So well explained! its beyond amazing!

@KamilSec 6 ай бұрын

Glad it was helpful!

@oliviangwa3473 Жыл бұрын

Thank you so Much Sir,,,, I have been looking for hands on to make me feel like I have been working. I think I find one and I think am now ready to hit the Job Market. May God continue to bless you Sir 🙏🏽🙏🏽

@KamilSec Жыл бұрын

Best of luck!

@lawrencencelanyegha8079 Жыл бұрын

Men, you are wonderful, and your mastery of the subject matter is commendable. I wish i came across your videos before paying for a training that wasn't worth a dime.

@KamilSec Жыл бұрын

Glad you like them!

@wilson2423 3 жыл бұрын

Hi,I just join this group and the information giving is well understood and easy to apply interns of categorizing the system..This is so informative..Thanks prof.

@KamilSec 3 жыл бұрын

I am glad it was helpful.

@Naa4mla 2 жыл бұрын

wow great job ....you took your time and explain everything perfectly... i'm very impressed

@KamilSec 2 жыл бұрын

Glad it was helpful!

@DamagesOverTime 3 жыл бұрын

Great explanations and easy to follow, nice job.

@akwadasays6330 2 жыл бұрын

This is the best session ever. Very very hands-on. I subscribed.

@KamilSec 2 жыл бұрын

Thanks and Welcome aboard!

@kga3758 Жыл бұрын

Boss .. u are just a master at ur craft..

@tyronedotson 10 ай бұрын

Thanks so much for the info GOD bless, I m trying to get into GRC

@KamilSec 9 ай бұрын

Best of luck!

@thandekambonambi5007 5 ай бұрын

I love this very insightful

@KamilSec 5 ай бұрын

Glad it was helpful!

@akofabulous 3 жыл бұрын

I just stumbled upon your channel. You're a great teacher. Thank you so much for these videos. 🙏🏾

@KamilSec 3 жыл бұрын

Glad you like them! Thanks...

@dastylee 3 жыл бұрын

Hi how can one contact you...?

@technop.8461 2 жыл бұрын

Excellent, this worth paying for, great knowledge, thanks

@KamilSec 2 жыл бұрын

Glad it was helpful!

@adrienkelli8954 3 жыл бұрын

Thank you so this video. Down to the nitty gritty. Can't wait for more detailed hands on video.

@KamilSec 3 жыл бұрын

Awesome, I am glad you like it. Stay subscribed for more videos...

@magnus5316 Жыл бұрын

You know what you doing , make it easy and make sense,those others guys all over the place like shit confused

@KamilSec Жыл бұрын

Thank you!

@stephenasare3328 2 жыл бұрын

Good job bro . You did a great job. Well done 👏

@KamilSec 2 жыл бұрын

Thank you so much 😀

@derekl.301 2 жыл бұрын

Great videos, appreciate you taking the time out of your busy schedule to drop this knowledge. Thanks.

@KamilSec 2 жыл бұрын

My pleasure!

@rebeccaoseitutu3515 Жыл бұрын

@@KamilSec how do I join your class

@yvetteayire6641 2 жыл бұрын

thank you so much for these videos and the explanations. it helps a lot

@KamilSec 2 жыл бұрын

You're very welcome!

@ThaRealCLang 3 жыл бұрын

Great presentation sir!

@KamilSec 3 жыл бұрын

Thank you kindly!

@ABiitOfEverything 2 жыл бұрын

This video is gold. Thank you 🙏🏽

@KamilSec 2 жыл бұрын

Glad it was helpful!

@HD-dl3ud 3 жыл бұрын

Awesome job done. Thank u!

@dannylopez8734 3 жыл бұрын

I have an interview tomorrow thank you for the information it is helpful.

@KamilSec 3 жыл бұрын

Best of luck on the interview!!!

@montecristo2160 Жыл бұрын

Excellent!

@jokeawotunde7149 Жыл бұрын

This is great

@KamilSec Жыл бұрын

Thanks!

@mbarkawalter2307 9 ай бұрын

Do you accept GI bill as payment for your class ?

@KamilSec 9 ай бұрын

No, we don't accept GI Bills

@ngwasiripaul6604 Жыл бұрын

This is just amazing. Do you have all your classes for RMF in one place where I can subscribe to and follow step by step?

@KamilSec Жыл бұрын

Yes, you can reach out kaamilzak@gmail.com

@MK-ru1dx 2 жыл бұрын

Ty prof. Well explained However can u help differentiate the meanings of 1) Baseline. 2) Impact Level. 3) High/Low water Mark. Ty

@KamilSec 2 жыл бұрын

Hello M.K, Baseline in regards to control, is the minimum control needed to provide protection to a system. Impact Level, is the qualitative descriptions of risk For High Water Mark please check out the video again, I provided a detailed explanation on that.

@selftaughtviolinist6583 Жыл бұрын

Please what job is this under as a security analyst....job application...is it auditing....new to cybersecurity please

@KamilSec Жыл бұрын

IT Security Analyst

@AzizBTL 2 жыл бұрын

Good job 👍🏽 👏👏👏

@chukwuzubeluchibinezie8427 3 ай бұрын

Good day, during categorization, when you set up a meeting with the stakeholders, what questions will you ask the system owner to know the type of information type to choose from the nist.

@KamilSec 2 ай бұрын

Ask about the system descriptions, purpose of the system and the what information would the system process?

@oladimejimichaeloloyede7203 Жыл бұрын

With all the GRC tools available, do assessors still go through the process of the NIST SP800 series?

@KamilSec Жыл бұрын

Yes they do...

@InvestWithSN 4 ай бұрын

did you have anything that discusses the CUI portion of the categorization?

@KamilSec 2 ай бұрын

No, I do not

@mom0f457 3 жыл бұрын

Thank you so much.

@coffie313 Жыл бұрын

Hi are you teaching any rmf classes?

@KamilSec Жыл бұрын

Yes

@Ruffgemm 3 жыл бұрын

Great class...😯 wow....Since we need 800-60 for categorization, where does FIPS 199 come into play and for what purpose?

@KamilSec 3 жыл бұрын

Great question. FIPS-199 is a 13 page document that explains some key concepts we use in the categorization process such as the security objectives, Confidentiality, Integrity, and Availability. It also explains the impact levels (Low, Moderate, and High) what they mean, and how they affect organization/agency, nations and people. It further explains what High Water Mark means. Last but not the least it shows us the format to follow to create our categorization templates and documentation. Hope this help.

@chakap 3 жыл бұрын

@@KamilSec This is excellent. I enjoyed the video. Could you please share more videos that talk about the complete process of building the full RMF? I would greatly appreciate that (ambeben@gmail.com)

@KamilSec 3 жыл бұрын

@@chakap Sure stay tune I will discuss the full RMF process soon.

@chakap 3 жыл бұрын

@@KamilSec Thank you so much.

@phyllisobeng4763 3 жыл бұрын

@@KamilSec looking forward to that Kamil.

@yvetteayire6641 2 жыл бұрын

why was reporting considered the amongst the others in that phrase. was it the choice of the system owner? could you please help me?

@KamilSec 2 жыл бұрын

Not sure what the ask is here, please elaborate more...

@yvetteayire6641 2 жыл бұрын

It’s ok I had the answer already

@yvetteayire6641 2 жыл бұрын

Thank you so much 🙏

@ezy8mobi 3 жыл бұрын

Hello bro, are you going to have videos on implementation, Assessment, Authorization and Monitoring?

@KamilSec 3 жыл бұрын

Whats bro, yea I have 2 videos on Control Assessment on the channel. I will be doing something on Control Implementation, Authorization and Monitoring soon.

@ezy8mobi 3 жыл бұрын

@@KamilSec okay bro thank you so much and I appreciate what you are doing for us. Your videos are very helpful.

@magnus5316 Жыл бұрын

How much you charge for your ISSO PROGRAM??

@KamilSec Жыл бұрын

kzbin.info/www/bejne/rXzCYoN4gqiFars

@germainkone9029 Жыл бұрын

Hello sir. What about OSCAL ? any ideas please?

@KamilSec Жыл бұрын

Not there yet, very soon I will look into the automation part...

@germainkone9029 Жыл бұрын

Not problem sir. Thanks

@ryoka1g 3 жыл бұрын

You can make this method for financial institutions as well correct?

@KamilSec 3 жыл бұрын

Yes, you can. Even though they are different set of controls, the approach is generally similar.

@ryoka1g 3 жыл бұрын

@@KamilSec sorry for asking you again is there an automated excel spreadsheet that you manually use this framework? Eg add a risk and use as a remediation action 2-3 controls and leave a residual risk with a percentage (e.g 5%)

@Miahealdd 2 жыл бұрын

Hi, i sent you a personal email regarding Training one on one. Im thinking about taking CAP exam or security plus after studying the RMF. I Need some directions. Thank you