See the video here:

https://www.youtube.com/watch?v=1LkfH1TI3rk

More training:

http://convocourses.com

https://securitycompliance.thinkific.com/courses/rmf-isso-nist-800-53-controls-book-2-nist-800-control-families-in-each-rmf-step

 

 

 Today. I'm actually gonna train on access controls and documentation that goes with it.

 

So we're gonna be talking about something a little bit different. Normally what I do is I go through jobs, break all of those jobs down and then talk about like how to get the jobs. And then I break down what the employer wants to see. But today we're gonna do some actual training.  now, if you're interested in this training, if you want to go deeper, if you want to deep dive, cuz I'm only gonna cover like a few security controls, but if you want a deep dive, if you really want to know this stuff, then I have a couple of courses for you.

I've got a risk management information system, security officer foundations course, if you want to actually know it from a scratch, like you, you're an it person. You, this is not for entry level type person. The risk management framework foundations is gonna assume that you have some level of it background.

And from there I build on what you already know and it walks you through how to get into risk management framework, how to do the actual information system security officer work. So if you want to deep dive into this, go to combo courses.com and go check those courses out. I also have this what you're about to see as one slice of.

Some of the stuff that I'm putting into a new course that I'm developing right now. And if you want to have a full blown, you want to really check it out. I've gotta free. The first port portion of the course is actually free right now. If you go to convo courses.com you sign in and you can actually see the context of what I'm talking about.

And it's a lot of really good stuff, but right now let's get into access controls and some of the documentation. Let me see here. All right. So here are the access controls. These are actually, these are all the security controls and why you're seeing two sets of these is that one is from risk management framework, 37 version one and one.

The bottom one is from version two. That's coming. That's already out right now, but there's a set of N 853 controls that are coming soon. And so that's what you're seeing right now on the screen. So the top one is from version four version. Is it version three or version four?  The top one you're seeing is from the current version of the 800 nest, 853 controls.

The bottom one is the one that's in draft right now, but it should be out. I think this year is when they recently pushed it out to some other date. So anyway, so those are, that's what you're seeing. You're seeing access controls. You're seeing at controls, training controls, MP controls, media protection, physical controls, all these different controls, that I'm gonna cover all of these in the training, I'm gonna be releasing a month over month until we get all the way to the end. And then I also ask questions if you purchase the actual course, but right now we're gonna focus on just. AC controls and just a few of those AC controls, by the way.

If it would take us, it is gonna be many lessons to actually break down all that just AC controls. There's 25 of 'em right now as up the time of this recording. All right. So first of all, what are access controls? So access controls are what an organization uses to control physical. Not it's just not, it's not just logical con controls, not just access to the information, but it also includes access to the system itself.

So some of that is in there, but it also includes things like roles. My cats in here, this is live by the way. , this is gonna conclude things like role based privileges. It's gonna include things like.  Separation of duties. There's a lot of different things, but let's talk about access.

What is access? It's the ability to make use of any s