Certified Cybercop – Cloud Security & FedRAMP

Training Date

October 21, 2024

November 4, 2024

December 16, 2024

Training Time

9:00 am

9:00 am

9:00 am

Training Location/Time Zone

Virtual Live/Class Room

    • What is FedRAMP?
    • Why is FedRAMP Needed?
    • FedRAMP Goals
    •  Benefits of FedRAMP
    • Organizations involved in FedRAMP
    • Key Process of FedRAMP
    • Governance
    • Governing Body
    • Compliance
    • JAB Authorization Process
    • Agency Authorization Process
    • FedRAMP Authorization Act
CHAPTER 2: FedRAMP Requirements
    • Is FedRAMP mandatory?
    • How FedRAMP is different from FISMA
    • Cloud Computing More Secure for the Federal Govt
    • FedRAMP Relationship to the Risk Management Framework (RMF)
    • ATO vs. a Provisional ATO
    • ATO vs. P-ATO FedRAMP Authorization
    • FedRAMP Security Risk-based Model
    • FedRAMP Joint Authorization Board
    • National Institute of Standards and Technology
    • FedRAMP Security Risk-based Model
    • Department of Homeland Security (DHS)
    • FedRAMP Program Management Office
    • Federal CIO Council
    • Federal Agencies
    • Third Party Assessment Organizations (3PAO)
    • Cloud Service Providers (CSP)
    • FedRAMP Requirements
CHAPTER 3: Infrastructure as a Service
    • What is IaaS?
    • IaaS Delivery
    • IaaS Advantages
    • IaaS Disadvantages
    • IaaS Characteristics
    • When to use IaaS
    • IaaS Limitations and Concerns
    • Examples of IaaS
CHAPTER 4: Platform as a Service
    • What is Platform as a Service
    • Characteristics of PaaS
    • Cloud Provider vs. Cloud Consumer
    • PaaS Description
    • PaaS Delivery
    • Advantages of PaaS
    • Disadvantages of PaaS
    • When to use PaaS
    • Choosing PaaS as a Business Solution
    • Examples of PaaS
CHAPTER 5: Software as a Service
    • What is a SaaS?
    • Key Differences between SaaS and other models
    • Common Examples of SaaS
    • SaaS Delivery
    • SaaS Advantages
    • Disadvantages of SaaS
    • SaaS Characteristics
    • When to use SaaS
    • SaaS Limitations and Concerns
CHAPTER 6: Cloud Cybersecurity Service
    • Why Cybersecurity
    • CIA Triad
    • NIST Cloud Computing SP800-145
    • Cloud Security Alliance
    • NIST Cloud Working Group
    • Fast Identity Online (FIDO) Alliance
    • Cloud Benefits
    • Cloud Models
    • Components of Cloud:
    • Security Application
    • Intrusion Detection Systems (IDS)
    • Intrusion Prevention Systems (IPS)
    • Next Gen Firewalls
    • Unified Threat Monitoring (UTM)
    • Basic Risk Concepts
    • Penetration Testing in the Cloud
    • Amazon Web Services Security
    • Azure Security
    • Google Cloud Platform Security
    • Mobile App Security
    • Cloud and Biometrics
CHAPTER 7: Application Security
    • Training and Awareness
    • Cloud-Secure Software Development Lifecycle (SDLC)
    • ISO/IEC 27034-1 Standards for Secure Application
    • Identity and Access Management (IAM)
    • Cloud Application Architecture
    • Cloud Application Assurance and Validation
CHAPTER 8: FedRAMP Best Practice
    • FedRAMP process/flowchart
    • Preparation/Authorization/Continuous Monitoring
    • Selecting a FedRAMP 3PAO
    • How to Become a 3PAO/Guidelines
    • Security Testing
    • Guidelines for CSPs
    • After Acceptance into the FedRAMP program
    • FIPS 199 Template
    • E-Authentication Template
    • Privacy Threshold Analysis and Privacy Impact assessment (PTA and PIA)
CHAPTER 9: FedRAMP Security Assessment Plan
    • What is a Security Assessment Plan?
    • Laws, Regulations, Standards, Guidance
    • Applicable Standards to FedRAMP
    • FedRAMP Risk Management Framework
    • FedRAMP Concepts replaced by SAF
    • Authorities for SAF
    • 3PAO Accreditation Standards
    • 3PAO Obligations
    • Penetration Testing Plan and Methodology
CHAPTER 10: FedRAMP Continuous Monitoring Strategy
    • Purpose of ConMon
    • NIST RMF
    • What is Continuous Monitoring
    • ConMon Roles and Responsibilities
    • Additional Tips
CHAPTER 11: Penetration testing
    • Who is this for?
    • Scope of Pentest
    • Definitions
    • Rules of Engagement
    • Threat Models
    • FedRAMP Security Risk-based Model
    • Attack Vectors
    • Scoping the Pentest
    • Penetration Test Methodology and Requirements
    • Elements of a Penetration Test
    • Simulated Internal Attack/Discovery
    • Exploitation: Social Engineering, Web App/API
CHAPTER 12: FedRAMP SSP Writing Control
    • FedRAMP Documentation
    • Objectives of SSP
    • SSP Document Attachments
    • Necessary Organization and System Attributes
    • Successful Mindset for SSP Development
    • SSP Organization and Scope
    • Tips for Writing the SSP
    • Control Example: Account Management (AC-2)
    • Control Definition
    • Control Writing Tips
    • Instructions for Submitting a Security Package
CHAPTER 13: Kali Linux and Virtualization
    • What is Linux?
    • Windows V/s Linux OS
    • Components of Linux OS
    • What is a Linux Distro?
    • What is Kali Linux?
    • Features of Kali Linux
    • What is the difference with Kali Linux?
    • Downloading Kali Linux
    • Verifying Integrity and Authenticity
    • Making a Kali Bootable USB Drive
    • Kali Linux Live USB Install Procedure on Windows
    • Creating a Bootable Kali USB Drive on Linux
    • Booting Kali Live on Hard drive
    • Installing Kali Linux on VirtualBox
CHAPTER 14: Git and GitHub
    • What is GitHub?
    • What is Git
    • How to make a git directory
    • GitHub Repo
CHAPTER 15: Data Security and Cloud
    • Cloud Data Lifecycle
    • Cloud Storage Architectures
    • Cloud Data Security Foundational Strategies
CHAPTER 16: Software Development Life Cycle (SDLC)
    • SDLC
    • Software Development Security
    • Object Oriented Programming
    • Databases: Vulnerabilities, Threats, and Protections
    • Data Warehousing
    • Malicious Code

CHAPTER 17: Cloud Forensics

    • What are Cloud Forensics?
    • Cloud Forensic Process Flow
    • Cloud Log Analysis
    • Sample Cloud Logs
    • Evidence Collection from Cloud Storage
    • Challenges in Cloud Forensics
    • Tools Used for Cloud Forensics?
CHAPTER 18: Reconnaissance and Information Gathering
    • What is Reconnaissance?
    • What is Information Gathering?
    • What Information Is Being Gathered?
    • What Is OSINT
    • Goals of Reconnaissance
    • Tools
CHAPTER 19: API Security
    • Intro to API Security
    • Approaches to APIs
    • Remote API
    • OWASP API Top 10 2019
    • RESTFUL API
    • Web Architecture of an API
    • Securing an API
    • Common Attacks against APIs
    • Vulnerabilities
CHAPTER 20: FedRAMP Recent Developments
    • FedRAMP Goals for the Future
    • GSA creating a Secure Cloud Advisory Committee
    • What is OSCAL?
    • OSCAL Tools
    • How Does OSCAL Help Me?
    • OSCAL Use Cases
CHAPTER 21: Artificial Intelligence and Machine Learning in Cloud
    • What is Artificial Intelligence (AI)
    • NIST AI Risk Management Framework
    • What is Machine Learning
    • Tools used in AI/ML
Prerequisites
  • This class is intended for individuals with basic knowledge of information systems and the cloud computing environment.
  • CompTIA Cloud Essentials or Cloud+ training is highly recommended
  • Basic to intermediate level of Linux skills are highly recommended.
  • Candidates who are not proficient in Linux should try to learn basic Linux skills in order to get the most out of this course.

 

 

Date Location
07-OCT-2024 — 11-OCT-2024 Las Vegas, NV/Virtual Live Instructor-led (PST)
21-OCT-2024 — 25-OCT-2024 Mumbai, India/Virtual Live Instructor-led (IST)
04-NOV-2024 — 08-NOV-2024 Markham, ON/Virtual Live Instructor-led (EDT)
16-DEC-2024 — 20-DEC-2024 Las Vegas, NV/Virtual Live Instructor-led (PST)

 

NOTE: All classes run from 9 AM to 4 PM. Start time can be modified according to client requirements.

Register Now:

  • Select Event Date:
Quantity: Total
  • Virtual Live/Class Room
Share This Training
ADD TO YOUR CALENDAR