Leona Bonsu, CISM
Security Control Assessor at DANASTAR Professional Services, LLC- Claim this Profile
Click to upgrade to our gold package
for the full feature experience.
-
Twi Limited working proficiency
-
English Professional working proficiency
Topline Score
Bio
0
/5.0 / Based on 0 ratingsFilter reviews by:
Credentials
-
Certified Information Security Manager (CISM)
ISACAOct, 2021- Sep, 2024 -
CompTIA Advanced Security Practitioner (CASP)
CompTIAJul, 2020- Sep, 2024 -
CompTIA Security+
CompTIAJul, 2020- Sep, 2024
Experience
-
DANASTAR Professional Services, LLC
-
United States
-
1 - 100 Employee
-
Security Control Assessor
-
Aug 2020 - Present
● Conduct IT risk assessment to identify AWS system threats, vulnerabilities, and generate reports per the customer responsibility matrix (CRM)● Maintain, review and update information security system documentations and review FedRAMP packages; including System Security Plan (SSP), Plan of Action & Milestone (POA&M), Risk Assessment (RA), Contingency Planning, Incident Response Plan and Table Top Exercises (TTE).● Apply appropriate information security control for Federal Information System based on NIST SP 800-53 Rev4 and FIPS 200● Complete Security Assessment Plan (SAP) to facilitate the assessment of security and privacy controls and develop security assessment report (SAR)● Support A&A activities (Categorize, Selection, Implement, Assessment, Authorize, Monitor) using NIST SP 800-37 Rev 1● Perform comprehensive Security Control Assessment (SCA) of management, operational and technical controls● Privacy controls and prepare Security Assessment Report (SAR) detailing the failed and passed controls● Create, update and review System Security Plan, Contingency Plan, FIPS 199, Incident Response Reports from eSOC team via Splunk tool and other system security documents as part of continuous monitoring● Ensure customers are in compliance with security policies and procedures following NIST, FISMA and OMB standards● Participates in assembling ATO package consisting of the SSP, SAR and POA&M and submit to the ISO● Perform security documentation review of systems to ensure quality control of A&A documents and validation process● Assist in developing Privacy Threshold Analysis (PTA) and Privacy Impact Assessment (PIA) to make sure system PII are well documented● Conduct Security controls assessment using NIST 800-53A as a guide and using examine, interview and testing as assessment motives● Ensure cyber security policies are adhered to and that required controls are implemented.● Review raw scans and create monthly Server Compliance Reports
-
-
Education
-
Liberty University
Master of Science - MS -
University of Maryland
Bachelor of Science - BS -
Frederick Community College
Associate's degree, General Studies