Certified Cybercop – Cloud Security & FedRAMP
Training Date
October 21, 2024
November 4, 2024
December 16, 2024
Training Time
9:00 am
9:00 am
9:00 am
Training Location/Time Zone
Virtual Live/Class Room
Program Objectives
CHAPTER 1: Introduction to FedRAMP
-
- What is FedRAMP?
- Why is FedRAMP Needed?
- FedRAMP Goals
- Benefits of FedRAMP
- Organizations involved in FedRAMP
- Key Process of FedRAMP
- Governance
- Governing Body
- Compliance
- JAB Authorization Process
- Agency Authorization Process
- FedRAMP Authorization Act
CHAPTER 2: FedRAMP Requirements
-
- Is FedRAMP mandatory?
- How FedRAMP is different from FISMA
- Cloud Computing More Secure for the Federal Govt
- FedRAMP Relationship to the Risk Management Framework (RMF)
- ATO vs. a Provisional ATO
- ATO vs. P-ATO FedRAMP Authorization
- FedRAMP Security Risk-based Model
- FedRAMP Joint Authorization Board
- National Institute of Standards and Technology
- FedRAMP Security Risk-based Model
- Department of Homeland Security (DHS)
- FedRAMP Program Management Office
- Federal CIO Council
- Federal Agencies
- Third Party Assessment Organizations (3PAO)
- Cloud Service Providers (CSP)
- FedRAMP Requirements
CHAPTER 3: Infrastructure as a Service
-
- What is IaaS?
- IaaS Delivery
- IaaS Advantages
- IaaS Disadvantages
- IaaS Characteristics
- When to use IaaS
- IaaS Limitations and Concerns
- Examples of IaaS
CHAPTER 4: Platform as a Service
-
- What is Platform as a Service
- Characteristics of PaaS
- Cloud Provider vs. Cloud Consumer
- PaaS Description
- PaaS Delivery
- Advantages of PaaS
- Disadvantages of PaaS
- When to use PaaS
- Choosing PaaS as a Business Solution
- Examples of PaaS
CHAPTER 5: Software as a Service
-
- What is a SaaS?
- Key Differences between SaaS and other models
- Common Examples of SaaS
- SaaS Delivery
- SaaS Advantages
- Disadvantages of SaaS
- SaaS Characteristics
- When to use SaaS
- SaaS Limitations and Concerns
CHAPTER 6: Cloud Cybersecurity Service
-
- Why Cybersecurity
- CIA Triad
- NIST Cloud Computing SP800-145
- Cloud Security Alliance
- NIST Cloud Working Group
- Fast Identity Online (FIDO) Alliance
- Cloud Benefits
- Cloud Models
- Components of Cloud:
- Security Application
- Intrusion Detection Systems (IDS)
- Intrusion Prevention Systems (IPS)
- Next Gen Firewalls
- Unified Threat Monitoring (UTM)
- Basic Risk Concepts
- Penetration Testing in the Cloud
- Amazon Web Services Security
- Azure Security
- Google Cloud Platform Security
- Mobile App Security
- Cloud and Biometrics
CHAPTER 7: Application Security
-
- Training and Awareness
- Cloud-Secure Software Development Lifecycle (SDLC)
- ISO/IEC 27034-1 Standards for Secure Application
- Identity and Access Management (IAM)
- Cloud Application Architecture
- Cloud Application Assurance and Validation
CHAPTER 8: FedRAMP Best Practice
-
- FedRAMP process/flowchart
- Preparation/Authorization/Continuous Monitoring
- Selecting a FedRAMP 3PAO
- How to Become a 3PAO/Guidelines
- Security Testing
- Guidelines for CSPs
- After Acceptance into the FedRAMP program
- FIPS 199 Template
- E-Authentication Template
- Privacy Threshold Analysis and Privacy Impact assessment (PTA and PIA)
CHAPTER 9: FedRAMP Security Assessment Plan
-
- What is a Security Assessment Plan?
- Laws, Regulations, Standards, Guidance
- Applicable Standards to FedRAMP
- FedRAMP Risk Management Framework
- FedRAMP Concepts replaced by SAF
- Authorities for SAF
- 3PAO Accreditation Standards
- 3PAO Obligations
- Penetration Testing Plan and Methodology
CHAPTER 10: FedRAMP Continuous Monitoring Strategy
-
- Purpose of ConMon
- NIST RMF
- What is Continuous Monitoring
- ConMon Roles and Responsibilities
- Additional Tips
CHAPTER 11: Penetration testing
-
- Who is this for?
- Scope of Pentest
- Definitions
- Rules of Engagement
- Threat Models
- FedRAMP Security Risk-based Model
- Attack Vectors
- Scoping the Pentest
- Penetration Test Methodology and Requirements
- Elements of a Penetration Test
- Simulated Internal Attack/Discovery
- Exploitation: Social Engineering, Web App/API
CHAPTER 12: FedRAMP SSP Writing Control
-
- FedRAMP Documentation
- Objectives of SSP
- SSP Document Attachments
- Necessary Organization and System Attributes
- Successful Mindset for SSP Development
- SSP Organization and Scope
- Tips for Writing the SSP
- Control Example: Account Management (AC-2)
- Control Definition
- Control Writing Tips
- Instructions for Submitting a Security Package
CHAPTER 13: Kali Linux and Virtualization
-
- What is Linux?
- Windows V/s Linux OS
- Components of Linux OS
- What is a Linux Distro?
- What is Kali Linux?
- Features of Kali Linux
- What is the difference with Kali Linux?
- Downloading Kali Linux
- Verifying Integrity and Authenticity
- Making a Kali Bootable USB Drive
- Kali Linux Live USB Install Procedure on Windows
- Creating a Bootable Kali USB Drive on Linux
- Booting Kali Live on Hard drive
- Installing Kali Linux on VirtualBox
CHAPTER 14: Git and GitHub
-
- What is GitHub?
- What is Git
- How to make a git directory
- GitHub Repo
CHAPTER 15: Data Security and Cloud
-
- Cloud Data Lifecycle
- Cloud Storage Architectures
- Cloud Data Security Foundational Strategies
CHAPTER 16: Software Development Life Cycle (SDLC)
-
- SDLC
- Software Development Security
- Object Oriented Programming
- Databases: Vulnerabilities, Threats, and Protections
- Data Warehousing
- Malicious Code
CHAPTER 17: Cloud Forensics
-
- What are Cloud Forensics?
- Cloud Forensic Process Flow
- Cloud Log Analysis
- Sample Cloud Logs
- Evidence Collection from Cloud Storage
- Challenges in Cloud Forensics
- Tools Used for Cloud Forensics?
CHAPTER 18: Reconnaissance and Information Gathering
-
- What is Reconnaissance?
- What is Information Gathering?
- What Information Is Being Gathered?
- What Is OSINT
- Goals of Reconnaissance
- Tools
CHAPTER 19: API Security
-
- Intro to API Security
- Approaches to APIs
- Remote API
- OWASP API Top 10 2019
- RESTFUL API
- Web Architecture of an API
- Securing an API
- Common Attacks against APIs
- Vulnerabilities
CHAPTER 20: FedRAMP Recent Developments
-
- FedRAMP Goals for the Future
- GSA creating a Secure Cloud Advisory Committee
- What is OSCAL?
- OSCAL Tools
- How Does OSCAL Help Me?
- OSCAL Use Cases
CHAPTER 21: Artificial Intelligence and Machine Learning in Cloud
-
- What is Artificial Intelligence (AI)
- NIST AI Risk Management Framework
- What is Machine Learning
- Tools used in AI/ML
Prerequisites
- This class is intended for individuals with basic knowledge of information systems and the cloud computing environment.
- CompTIA Cloud Essentials or Cloud+ training is highly recommended
- Basic to intermediate level of Linux skills are highly recommended.
- Candidates who are not proficient in Linux should try to learn basic Linux skills in order to get the most out of this course.
Date | Location |
07-OCT-2024 — 11-OCT-2024 | Las Vegas, NV/Virtual Live Instructor-led (PST) |
21-OCT-2024 — 25-OCT-2024 | Mumbai, India/Virtual Live Instructor-led (IST) |
04-NOV-2024 — 08-NOV-2024 | Markham, ON/Virtual Live Instructor-led (EDT) |
16-DEC-2024 — 20-DEC-2024 | Las Vegas, NV/Virtual Live Instructor-led (PST) |
NOTE: All classes run from 9 AM to 4 PM. Start time can be modified according to client requirements.