Assessing Security Controls Workshop

Assessing Security Controls focuses on helping teams validate that their security controls are doing what they’re supposed to do. You’ll learn how to evaluate and test controls in real-world environments where threats and vulnerabilities are a constant concern.

If your systems face internal or external risks, as most do, this course gives you practical tools to measure how effective your controls really are. The goal is to determine the extent to which the controls are: implemented correctly, operating as intended, and producing the desired outcome.

Workshop Curriculum

This course is based on NIST SP 800-53A (Assessing Security and Privacy Controls). We teach you the science of verification.

Core Learning Objectives:

SCA Roles & Responsibilities: Understanding independence and authority.
Assessment Methods: Mastering the "Interview, Examine, and Test" methodology.
Developing the SAP: Creating a Security Assessment Plan that is scope-appropriate.
Technical Reviews: Validating configuration settings against STIGs and SRGs.
Managerial Reviews: Assessing policy, procedures, and personnel security.
The SAR: Writing the Security Assessment Report and assigning risk levels.

Who Should Attend?

The Testers (SCAs)

Security Control Assessors, Auditors, and Inspector General (IG) teams who need to develop valid test plans to verify compliance.

ISSOs & Owners

ISSOs who want to "pre-assess" their systems before the official audit to prevent findings.