@@KamilSec Please tell me what how far in details and how many minutes should I go with Tell me about yourself question ! After watching so many videos with no clear answer , here I am again seeking for some tips. Thanks again in advance. 🙏
The best teaching. Thanks a lot. Question: What skills or qualities are expect by an Organization from a newly hired SCA who has no prior practical/ field knowledge of the job? For instance, one who just graduated from the college.
New SARs are only created after every Security Control Assessment (SCA). SAR are updated when/if after the SCA and a finding was disputed, and the assessors agree, then they will update the SAR. Hope that makes sense.
Great presentation! Is there any sources or guidance from NIST on artifacts request list? For eg if Access Control Family is being assessed, what are the list of artifacts should be requested? Thanks!
Well depending on the agency, SIEM tools like Splunk, QRadar as well as Vulnerability scanning tools like Nessus, WebInspect, DBProtect, NexPose etc. can be used to assist in the Continuous Monitoring.
1. Clients not providing artifacts/evidence on time 2. Clients deliberately providing wrong artifacts/evidence 3. Clients refusing to accept findings and so on....
I will say Security Assessment can be a subset of Risk Assessment. Because in Risk Assessment, every aspect of the business or the organization such as financial, marketing, competitive advantages etc. of the business will be evaluated and reviewed, where as Security Assessment can be just limited to security operation.
🙏
So thankful. Anytime that I am lost a little bit I come over here and I walked out so satisfied . Thanks again 🙏
You are so welcome
@@KamilSec Please tell me what how far in details and how many minutes should I go with Tell me about yourself question ! After watching so many videos with no clear answer , here I am again seeking for some tips. Thanks again in advance. 🙏
Kamil, you are just a generous genius. Bless your heart in the good work you continue to do and life you touch globally. Thank you champ.
Thank you, I appreciate that!!!
Thank you for the video. So helpful to understand the SCA process.
Glad it was helpful!
Very very helpful. Thank you
Glad it was helpful!
Excellent content and presentation. I'm using this to prepare for an upcoming SCA interview. Thank you so much brother!
Best of luck!
Thank you for such a great presentation. Very informative and helpful. 👍
Glad it was helpful!
A great teachable moment. Thank you Prof.
You are very welcome, Portia.
Gold! Kamil laying out the blueprint to get into security compliance.
Good training and program
Thanks!
Appreciate it learned more here than on my project team, like they're trying to sabatosh me on purpose.
I am glad it was helpful!
amazing content sir, extremely helpful. Thank you
Most welcome Allison!
Thanks sir, very informative as usual 👌🏼
You're welcome Kwame, thanks!
Good job .thanks👍
You're Welcome 👍
Great job as usual Prof👍
Thanks Sir!
Awesome- God bless u
Thank you so much, Anne.
How do I contact you?
Kaamilzak@gmail.com
Thank you for the video.. very helpful.
You're very welcome! Glad it was helpful!
@@KamilSec do you have some form of training? I just got a job as a SCA... I need some more help.
such great information.Thanks Kamilsec. Am a new subscriber
You're very welcome Adedola, and thanks for being a subscriber on the channel!
good info
Thanks
Amazing content
Thanks!
Great presentation on preparation for control assessment. Definitely learned a lot from this.
Awesome, I am glad to hear that Alhaji, Thanks!
Great content, Legend!
Thanks Elvis!
Hi, can u pls share the artifact request list
There is a link to my Patreon page in the video description where you can find all documents I used in my videos.
Share a complete ATO package video.
Kamil, please what sampling tool will you recommend to use during Testing AC-2(d)(1) during assessment . Thank you and hope to hear from you.
Try: randomizer.org/
The best teaching. Thanks a lot. Question: What skills or qualities are expect by an Organization from a newly hired SCA who has no prior practical/ field knowledge of the job? For instance, one who just graduated from the college.
Usually, they prefer to hire candidates with at least few years of experience.
Hello. Do you offer interview prep classes?
Awesome presentation... Thank you.. I have a question, how often should Security Assessment Report be updated?
New SARs are only created after every Security Control Assessment (SCA). SAR are updated when/if after the SCA and a finding was disputed, and the assessors agree, then they will update the SAR. Hope that makes sense.
Great Video.
Do you have a video on how to develop a test plan for assessing security controls./Control Correlation I identifier (CCI)?
Not yet, will do that soon.
This was would be an awesome video. Thanks!
Thanks a lot for this presentation. It a has vicarious feel to it. Can you do on risk assessment?
I am sure I have something on Risk Assessment on the channel as well.
@@KamilSec thanks
Great presentation! Is there any sources or guidance from NIST on artifacts request list? For eg if Access Control Family is being assessed, what are the list of artifacts should be requested? Thanks!
Unfortunately no. This has to be developed by the assessment team members.
I have a question what are some of the monitoring tools afther Accessment is done
Well depending on the agency, SIEM tools like Splunk, QRadar as well as Vulnerability scanning tools like Nessus, WebInspect, DBProtect, NexPose etc. can be used to assist in the Continuous Monitoring.
Awesome video Sir! Can you share the artifact list, please?
Hi Kamilsec. I will like to join your class for training.
When is the next cissp class?
Not conducting training currently.
Is this work a team work or a self work?
Yea, the SCA is a team work
Well done prof! How can I contact you please?
kaamilzak@gmail.com
How can you be reached?
Kaamilzak@gmail.com
What are some common problems you would run into during an assessment ?
1. Clients not providing artifacts/evidence on time
2. Clients deliberately providing wrong artifacts/evidence
3. Clients refusing to accept findings and so on....
@@KamilSec Thankyou! One last question. As an assessor, what are your options or next steps if a client refuses to accept the findings
Quick question
What’s the difference between security assessment and risk assessment?
I will say Security Assessment can be a subset of Risk Assessment. Because in Risk Assessment, every aspect of the business or the organization such as financial, marketing, competitive advantages etc. of the business will be evaluated and reviewed, where as Security Assessment can be just limited to security operation.
Thanks
Great one,Can you be my Mentor sir
kaamilzak@gmail.com
Hi uncle
Hi Zee Zee, How are you? I hope you are reading your books.
I think so