×
FITSI

FITSP Manager Certification Training

Course Overview

The FITSP Manager certification validates the knowledge and skills of Federal employees and contractors against Federal standards and practices when working with unclassified Federal information systems. The management role handles high-level, cost-effective, and risk-based IT security controls within these systems. Candidates learn to apply the auditing skills as they manage and oversee the security and assurance of systems.

This 5-day instructor-led certification training explores the six main domains and eighteen IT security topics in the Federal Body of Knowledge (FBK). The six main domains in the FBK are:

  • NIST Special Publications
  • NIST Federal Information Processing Standards
  • NIST Control Families
  • Government Laws and Regulations
  • NIST Risk Management Framework
  • NIST Interagency Reports

Pricing

$2,495

Schedule

Currently, there are no public classes scheduled. Please contact a Phoenix TS Training Consultant to discuss hosting a private class at 240-667-7757.

[image]

Not seeing a good fit?

Let us know. Our team of instructional designers, curriculum developers, and subject matter experts can create a custom course for you.

Contact Us

Learn more about custom training

Course Outline

Access Control

  • Access
  • Access authority
  • Access control
  • Access control list
  • Account management
  • Access enforcement
  • Authorization
  • Brute force
  • Concurrent session control
  • Discretionary Access Control (DAC
  • Information flow enforcement
  • Least privilege
  • Mandatory Access Control (MAC)
  • Permitted actions
  • Previous login notification
  • Role Based Access Control (RBAC)
  • Security attributes
  • Separation of duties
  • Session lock
  • Session termination
  • System use notification
  • Unsuccessful login attempt

Audit and Accountability

  • Accountability
  • Auditable event
  • Audit
  • Audit analysis
  • Audit data
  • Audit generation
  • Audit policy
  • Audit record retention
  • Audit reduction tool
  • Audit report
  • Audit reduction
  • Audit review
  • Audit trail
  • Audit storage capacity
  • Audit failure response
  • Contents of audit record
  • Monitoring for information disclosure
  • Non-repdiation
  • Protection of audit information
  • Session audit
  • Time stamps

Awareness and Training

  • Awareness (information security)
  • Behavioral outcome
  • Certification
  • Computer-Based Training (CBT)
  • Curriculum
  • Education (information security)
  • End user security training
  • Information sharing
  • Instructional Systems Design (ISD)
  • Instructor-Led Training (ILT)
  • IT security awareness
  • IT security awareness and training program
  • IT security education
  • IT security training program
  • Learning Management System (LMS)
  • Learning objectives
  • Needs assessment (IT security)
  • Role-based training
  • Testing
  • Training (information security)
  • Training assessment
  • Training effectiveness
  • Training effectiveness evaluation
  • Web-Based Training (WBT)

Configuration Management

  • Access restriction for change
  • Baseline configuration
  • Configuration management plan
  • Configuration management policy
  • Configuration setting
  • Federal desktop core configuration
  • Least functionality
  • Security checklist
  • Security impact analysis

Contingency Planning

  • Alternate processing/storage site
  • Backup strategy
  • Business continuity plan
  • Business impact analysis
  • Business recovery plan
  • Call tree
  • Cold site
  • Contingency plan
  • Contingency plan policy
  • Contingency plan training
  • Contingency plan testing
  • Continuity of operations plan
  • Continuity of support plan
  • Crisis communication
  • Cyber incident response
  • Delegation of authority
  • Disaster recovery plan
  • Disruption
  • Essential functions
  • Hot site
  • Information technology
  • Interoperable communications
  • Mission assurance
  • Occupant emergency plan
  • Order of succession
  • Preparedness/readiness
  • Reconstitution
  • Recovery
  • Risk mitigation
  • Standard operating procedures
  • Telecommunications services
  • Threat environment
  • Vital records and databases
  • Warm site

Identification and Authentication

  • Authenticate
  • Authentication
  • Authentication mechanism
  • Authentication mode
  • Authentication protocol
  • Authentication token
  • Authenticator management
  • Authenticity
  • Biometric
  • Biometric system
  • Biometric information
  • Device authentication
  • Device identification
  • Digital certificate
  • Certificate policy
  • Certificate Revocation List (CRL)
  • Certification authority
  • Claimant
  • Credential
  • Cryptographic module authentication
  • Electronic authentication
  • Identification
  • Identifier management
  • Mutual authentication

Incident Response

  • Attack signature
  • Computer forensics
  • Computer security incident
  • Computer security incident response team
  • Computer security
  • Escalation procedures
  • Honey Pot
  • Incident handling
  • Incident monitoring
  • Incident records
  • Incident reporting
  • Incident response assistance
  • Incident response plan
  • Incident response policy
  • Incident response testing
  • Incident response training
  • Intrusion
  • Intrusion prevention system
  • Intrusion detection system
  • Measures
  • Personally Identifiable Information (PII)
  • Reconstitution of System
  • Security alerts
  • Security incident
  • System compromise
  • Threat motivation
  • Unauthorized access
  • Vulnerability

Maintenance

  • Antivirus software
  • Backup
  • Baseline
  • Configuration management
  • Controlled maintenance
  • Insider threat
  • Maintenance tools
  • Maintenance personnel
  • Non-local maintenance
  • Patch management
  • Penetration testing
  • Security data analysis
  • Security measures
  • Security reporting
  • Security hardening
  • System logs
  • System maintenance policy
  • System monitoring
  • Threat analysis
  • Threat monitoring
  • Timely maintenance
  • Vulnerability analysis

Media Protection

  • Degaussing
  • Media access
  • Media destruction
  • Media marking
  • Media protection policy
  • Media storage
  • Media transport
  • Sanitization

Personnel Security

  • Access agreement
  • Background checks
  • Background investigation
  • Confidentiality
  • Digital identity
  • Human resources
  • Insider threat
  • Job rotation
  • Nondisclosure agreement
  • Position categorization
  • Position sensitivity
  • Personnel sanctions
  • Personnel security policy
  • Personnel screening
  • Personnel termination
  • Personnel transfer
  • Security breach
  • Security clearance
  • Separation of duties
  • Social engineering
  • Special Background Investigation (SBI)
  • Suitability determination
  • Third-party personnel security

Physical and Environmental Protection

  • Access cards
  • Access control
  • Access control for output devices
  • Access control for transmission medium
  • Access records
  • Alarm
  • Alternate work site
  • Asset disposal
  • Biometrics
  • Defense-in-Depth
  • Delivery and removal
  • Emergency lighting
  • Emergency power
  • Environmental threat
  • Fire protection
  • Information leakage
  • Inventory
  • Location of information system components
  • Man-made threat
  • Monitoring physical access
  • Natural threat
  • Perimeter defense
  • Physical and environmental policy
  • Physical access authorization
  • Physical access control
  • Power equipment and power cabling
  • Risk management
  • Temperature and humidity control
  • Threat and vulnerability assessment
  • Video surveillance
  • Visitor control
  • Water damage protection

Planning

  • Privacy impact assessment
  • Rules of behavior
  • Security planning policy
  • Security planning procedures
  • Security related activity planning
  • System security plan

Program Management

  • Critical infrastructure plan
  • Enterprise architecture
  • Information security measures of performance
  • Information security program plan
  • Information security resources
  • Information system inventory
  • Mission/business process definition
  • Security authorization process
  • Senior information security officer
  • Plan of action and milestone process
  • Risk management strategy

Risk Assessment

  • Acceptable risk
  • Assessment
  • Asset valuation
  • Business impact analysis
  • Controls
  • Impact
  • Inside threat
  • Likelihood determination
  • National Vulnerability Database
  • Qualitative
  • Quantitative
  • Risk
  • Risk assessment
  • Risk assessment policy
  • Risk avoidance
  • Risk level
  • Risk limitation
  • Risk management
  • Risk matrix
  • Risk mitigation
  • Risk research
  • Risk scale
  • Risk transference
  • Security categorization
  • Security controls
  • Security measures
  • Threat
  • Threat and vulnerability
  • Threat modeling
  • Types of risk
  • Vulnerability
  • Vulnerability scanning

Security Assessments and Authorization

  • Assessment method
  • Assessment procedure
  • Authorization (to operate)
  • Authorization boundary
  • Authorize process
  • Authorizing official
  • Designated representative
  • Dynamic subsystem
  • Common control provider
  • Common control
  • Compensating control
  • Complex information system
  • Continuous monitoring
  • Cost effective
  • Critical control
  • External subsystems
  • Hybrid security control
  • Information owner/steward
  • Information system boundary
  • Information system owner
  • Information system security engineer
  • Information type
  • Interconnection agreement
  • Net-centric architecture
  • Plan of Action and Milestones (POAM)
  • Reciprocity
  • Risk executive
  • Security control assessor
  • Senior information security officer
  • Tailored security control baseline
  • Volatile control

System and Communication Protection

  • Application partitioning
  • Boundary protection
  • Collaborative computing devices
  • Communications security
  • Configuration
  • Covert channel analysis
  • Cryptographic key establishment
  • Cryptographic key management
  • Defense-in-Depth
  • Denial of service protection
  • Emission security
  • Encryption technologies
  • Fail in known state
  • Firewall
  • Heterogeneity
  • Honey pots
  • Hub
  • Information in shared resources
  • Information system partitioning
  • Intrusion detection system
  • Intrusion prevention systems
  • Load balancers
  • Mobile code
  • Network architecture
  • Network disconnect
  • Networking models and protocols
  • Network segmentation
  • Non-modifiable executable programs
  • Penetration testing
  • Port
  • Protection of information at rest
  • Public access protections
  • Public Key Infrastructure Certificates
  • Resource priority
  • Router
  • Secure name resolution
  • Security function isolation
  • Security trust
  • Session authenticity
  • Switch
  • System and communications protection policy
  • Telecommunications technology
  • Thin nodes
  • Transmission confidentiality
  • Transmission of security attributes
  • Transmission integrity
  • Transmission preparation integrity
  • Trusted path
  • Use of cryptography
  • Virtual Private Network (VPN)
  • VOIP
  • Virtualization techniques
  • Vulnerability
  • Web services security
  • Wired and wireless networks

System and Information Integrity

  • Agent
  • Antivirus software
  • Application
  • Application content filtering
  • Blended attack
  • Boot sector virus
  • Buffer overflow
  • Computer virus
  • Error handling
  • Flaw remediation
  • Information input restrictions
  • Information input validation
  • Information output handling and retention
  • Information system monitoring
  • Macro virus
  • Malicious code protection
  • Predictable failure prevention
  • Security alerts, advisories, and directives
  • Security functionality verification
  • Spam protection
  • Software and information integrity
  • System and information integrity policy

System and Services Acquisition

  • Acquisitions
  • Allocation of resources
  • Business impact analysis
  • Contract
  • Cost-benefit analysis
  • Critical information system components
  • Developer configuration management
  • Developer security testing
  • Disposal
  • External information system services
  • Information system documentation
  • Life cycle support
  • Prequalification
  • Regulatory compliance
  • Request for information
  • Request for Proposal (RFP)
  • Risk analysis
  • Risk-based decision
  • Risk mitigation
  • Security engineering principles
  • Security requirements
  • Service Level Agreement (SLA)
  • System and services acquisition policy
  • Software usage restrictions
  • Solicitation
  • Supply chain protection
  • Statement of Objectives (SOO)
  • Statement of Work (SOW)
  • Total Cost of Ownership (TCO)
  • Tustworthiness
  • User installed software

FITSP Manager Exam

Exam Details

  • Number of Questions – 150
  • Duration – 3 hours
  • Format – multiple choice
  • Delivery – computer-based

FITSP Manager Certification FAQs

Who is the FITSP Manager training for?

This course is designed for individuals who manage and evaluate U.S. Federal government information systems. The ideal candidate is a Federal employee or contractor with the role of:
– CISO
– IAM
– ISM
– Authorizing Officials
– Chief Information Officers
– Senior Agency Information Security Officers
– Chief Information Security Officers
– Freedom of Information Act Officials
– Information Resource Managers
– Information Assurance Managers
– Information Security Managers
– Information Security Program Managers
– Information Systems Security Officers
– IT Security Compliance Officers
– Privacy Act Officials (Privacy Officers)
– Program and Functional Managers
– Procurement Officers
– Risk Executives
– Senior/Executive Agency Leaders
– System Owners

Are there requirements to the FITSP Manager Certification training?

It is recommended that candidates have at least 5 years of work experience in general information systems security in the public or private sector.

Does the Manager certification focus on different areas than the other FITSP certifications?

All four FITSP certification exams cover the same 6 main domains as found in the Federal Body of Knowledge (FBK). The exams for each of the four different roles is tested on a different set of themes, publications, and focus areas relevant to their job function.

Subscribe now

Get new class alerts, promotions, and blog posts