Back

Cloud Security & FedRAMP

Certified Cybercop – Cloud Security & FedRAMP logo

Training Date

Monday, October 7, 2024

Monday, October 21, 2024

Monday, November 4, 2024

Monday, December 16, 2024

Training Time

9:00 am

9:00 am

9:00 am

9:00 am

Training Location/Time Zone

Class Room/Virtual live

    • What is FedRAMP?
    • Why is FedRAMP Needed?
    • FedRAMP Goals
    •  Benefits of FedRAMP
    • Organizations involved in FedRAMP
    • Key Process of FedRAMP
    • Governance
    • Governing Body
    • Compliance
    • JAB Authorization Process
    • Agency Authorization Process
    • FedRAMP Authorization Act

CHAPTER 2: FedRAMP Requirements

    • Is FedRAMP mandatory?
    • How FedRAMP is different from FISMA
    • Cloud Computing More Secure for the Federal Govt
    • FedRAMP Relationship to the Risk Management Framework (RMF)
    • ATO vs. a Provisional ATO
    • ATO vs. P-ATO FedRAMP Authorization
    • FedRAMP Security Risk-based Model
    • FedRAMP Joint Authorization Board
    • National Institute of Standards and Technology
    • FedRAMP Security Risk-based Model
    • Department of Homeland Security (DHS)
    • FedRAMP Program Management Office
    • Federal CIO Council
    • Federal Agencies
    • Third Party Assessment Organizations (3PAO)
    • Cloud Service Providers (CSP)
    • FedRAMP Requirements

CHAPTER 3: Infrastructure as a Service

    • What is IaaS?
    • IaaS Delivery
    • IaaS Advantages
    • IaaS Disadvantages
    • IaaS Characteristics
    • When to use IaaS
    • IaaS Limitations and Concerns
    • Examples of IaaS

CHAPTER 4: Platform as a Service

    • What is Platform as a Service
    • Characteristics of PaaS
    • Cloud Provider vs. Cloud Consumer
    • PaaS Description
    • PaaS Delivery
    • Advantages of PaaS
    • Disadvantages of PaaS
    • When to use PaaS
    • Choosing PaaS as a Business Solution
    • Examples of PaaS

CHAPTER 5: Software as a Service

    • What is a SaaS?
    • Key Differences between SaaS and other models
    • Common Examples of SaaS
    • SaaS Delivery
    • SaaS Advantages
    • Disadvantages of SaaS
    • SaaS Characteristics
    • When to use SaaS
    • SaaS Limitations and Concerns

CHAPTER 6: Cloud Cybersecurity Service

    • Why Cybersecurity
    • CIA Triad
    • NIST Cloud Computing SP800-145
    • Cloud Security Alliance
    • NIST Cloud Working Group
    • Fast Identity Online (FIDO) Alliance
    • Cloud Benefits
    • Cloud Models
    • Components of Cloud:
    • Security Application
    • Intrusion Detection Systems (IDS)
    • Intrusion Prevention Systems (IPS)
    • Next Gen Firewalls
    • Unified Threat Monitoring (UTM)
    • Basic Risk Concepts
    • Penetration Testing in the Cloud
    • Amazon Web Services Security
    • Azure Security
    • Google Cloud Platform Security
    • Mobile App Security
    • Cloud and Biometrics

CHAPTER 7: Application Security

    • Training and Awareness
    • Cloud-Secure Software Development Lifecycle (SDLC)
    • ISO/IEC 27034-1 Standards for Secure Application
    • Identity and Access Management (IAM)
    • Cloud Application Architecture
    • Cloud Application Assurance and Validation

CHAPTER 8: FedRAMP Best Practice

    • FedRAMP process/flowchart
    • Preparation/Authorization/Continuous Monitoring
    • Selecting a FedRAMP 3PAO
    • How to Become a 3PAO/Guidelines
    • Security Testing
    • Guidelines for CSPs
    • After Acceptance into the FedRAMP program
    • FIPS 199 Template
    • E-Authentication Template
    • Privacy Threshold Analysis and Privacy Impact assessment (PTA and PIA)

CHAPTER 9: FedRAMP Security Assessment Plan

    • What is a Security Assessment Plan?
    • Laws, Regulations, Standards, Guidance
    • Applicable Standards to FedRAMP
    • FedRAMP Risk Management Framework
    • FedRAMP Concepts replaced by SAF
    • Authorities for SAF
    • 3PAO Accreditation Standards
    • 3PAO Obligations
    • Penetration Testing Plan and Methodology

CHAPTER 10: FedRAMP Continuous Monitoring Strategy

    • Purpose of ConMon
    • NIST RMF
    • What is Continuous Monitoring
    • ConMon Roles and Responsibilities
    • Additional Tips

CHAPTER 11: Penetration testing

    • Who is this for?
    • Scope of Pentest
    • Definitions
    • Rules of Engagement
    • Threat Models
    • FedRAMP Security Risk-based Model
    • Attack Vectors
    • Scoping the Pentest
    • Penetration Test Methodology and Requirements
    • Elements of a Penetration Test
    • Simulated Internal Attack/Discovery
    • Exploitation: Social Engineering, Web App/API

CHAPTER 12: FedRAMP SSP Writing Control

    • FedRAMP Documentation
    • Objectives of SSP
    • SSP Document Attachments
    • Necessary Organization and System Attributes
    • Successful Mindset for SSP Development
    • SSP Organization and Scope
    • Tips for Writing the SSP
    • Control Example: Account Management (AC-2)
    • Control Definition
    • Control Writing Tips
    • Instructions for Submitting a Security Package

CHAPTER 13: Kali Linux and Virtualization

    • What is Linux?
    • Windows V/s Linux OS
    • Components of Linux OS
    • What is a Linux Distro?
    • What is Kali Linux?
    • Features of Kali Linux
    • What is the difference with Kali Linux?
    • Downloading Kali Linux
    • Verifying Integrity and Authenticity
    • Making a Kali Bootable USB Drive
    • Kali Linux Live USB Install Procedure on Windows
    • Creating a Bootable Kali USB Drive on Linux
    • Booting Kali Live on Hard drive
    • Installing Kali Linux on VirtualBox

CHAPTER 14: Git and GitHub

    • What is GitHub?
    • What is Git
    • How to make a git directory
    • GitHub Repo

CHAPTER 15: Data Security and Cloud

    • Cloud Data Lifecycle
    • Cloud Storage Architectures
    • Cloud Data Security Foundational Strategies

CHAPTER 16: Software Development Life Cycle (SDLC)

    • SDLC
    • Software Development Security
    • Object Oriented Programming
    • Databases: Vulnerabilities, Threats, and Protections
    • Data Warehousing
    • Malicious Code

CHAPTER 17: Cloud Forensics

    • What are Cloud Forensics?
    • Cloud Forensic Process Flow
    • Cloud Log Analysis
    • Sample Cloud Logs
    • Evidence Collection from Cloud Storage
    • Challenges in Cloud Forensics
    • Tools Used for Cloud Forensics?

CHAPTER 18: Reconnaissance and Information Gathering

    • What is Reconnaissance?
    • What is Information Gathering?
    • What Information Is Being Gathered?
    • What Is OSINT
    • Goals of Reconnaissance
    • Tools

CHAPTER 19: API Security

    • Intro to API Security
    • Approaches to APIs
    • Remote API
    • OWASP API Top 10 2019
    • RESTFUL API
    • Web Architecture of an API
    • Securing an API
    • Common Attacks against APIs
    • Vulnerabilities

CHAPTER 20: FedRAMP Recent Developments

    • FedRAMP Goals for the Future
    • GSA creating a Secure Cloud Advisory Committee
    • What is OSCAL?
    • OSCAL Tools
    • How Does OSCAL Help Me?
    • OSCAL Use Cases

CHAPTER 21: Artificial Intelligence and Machine Learning in Cloud

    • What is Artificial Intelligence (AI)
    • NIST AI Risk Management Framework
    • What is Machine Learning
    • Tools used in AI/ML

Prerequisites

  • This class is intended for individuals with basic knowledge of information systems and the cloud computing environment.
  • CompTIA Cloud Essentials or Cloud+ training is highly recommended
  • Basic to intermediate level of Linux skills are highly recommended.
  • Candidates who are not proficient in Linux should try to learn basic Linux skills in order to get the most out of this course.

 

 

Date Location
12-AUG-2024 — 16-AUG-2024 Chicago/Virtual Live Instructor-led (CST)
09-SEP-2024 — 13-SEP-2024 Reston, VA/Virtual Live Instructor-led (EST)
07-OCT-2024 — 11-OCT-2024 Las Vegas, NV/Virtual Live Instructor-led (PST)
21-OCT-2024 — 25-OCT-2024 Mumbai, India/Virtual Live Instructor-led (IST)
04-NOV-2024 — 08-NOV-2024 Markham, ON/Virtual Live Instructor-led (EDT)
16-DEC-2024 — 20-DEC-2024 Las Vegas, NV/Virtual Live Instructor-led (PST)

 

Interested in Customized Group Training? Group Discount available! click here to know more.

NOTE: All classes run from 9 AM to 4 PM. Start time can be modified according to client requirements.

Register Now:

  • Select Training Date:
Quantity: Total
  • Class Room/Virtual live
Share This Class
ADD TO YOUR CALENDAR