LUNARLINE: School of Cyber Security. Dedicated to providing excellence in Cyber Security Training Certifications. ISO 9001: 2008 Certified

Transcription

1 LUNARLINE: School of Cyber Security Dedicated to providing excellence in Cyber Security Training Certifications ISO 9001: 2008 Certified Maturity Level 2 of CMMI Top 2% D&B Rating VA Certified Service Disabled Veteran Owned Small Business SDVOSB DCAA Approved Accounting System Approved Earned Value Management (EVM) System

2 LUNARLINE Overview Lunarline is a leading and award winning provider of Cyber Security Solutions, Specialized IA Services, and Certified Security Training to all US Federal Government (Civilian, DoD, and IC), as well as to customers in selected commercial markets. All Lunarline Cyber Security Solutions, Specialized IA Services, and Certified Security Training are backed by our unwavering commitment to our customer s satisfaction, being a leader in cyber security innovation, while maintaining the highest quality training, products, and services. Lunarline is a VA Certified Service Disabled Veteran Owned Small Business (SDVOSB) that has been appraised at CMMI Level 2, certified in ISO 9001: 2008, has a DCAA approved accounting system, ranks in the top 2% of D&B Rating, and has an approved Earned Value Management (EVM) system. Lunarline offers certificate programs with NSA/CNSS (NSTISSI No. 4011, 4012 and 4015) certified C&A training courseware. Lunarline is a recipient of the DOT Cyber Security Excellence Award, the Cyber Security Forum Initiative 5-Star Training Award, and was named as one of America s Fastest-Growing Private Companies in the Inc It is our passion to provide the highest qualified personnel and solutions to our customers. We believe in continuously improving our customer s ability to monitor and improve the confidentiality, integrity, and availability of their systems and applications. All of our Information Assurance, Information Security, Training and other IT related services and products are ISO 9001:2008 certified. Lunarline Inc. has a successful and award winning track record of providing risk-based/information Security and training services (FISMA, IG, NIST, DIACAP, and CNSS) to our customers. From risk assessments to providing support for an entire Federal Agency s Information Security Program, Lunarline, Inc. has ensured our customers systems and programs exceed Federal, DoD, and IC security requirements. Lunarline is designated as a DIACAP Fully Qualified Navy Certification Agent/Validator. This Corporate Navy designation is not easily obtained, in that many qualifications and certifications must be formally presented to the Navy CA (SPAWAR) and ODAA (NNWC) for approval. This designation provides a valuable benefit to Lunarline s Navy customers as the designation validates Lunarline s qualifications in implementing the DIACAP per Navy requirements and instructions.

3 Table of Contents Training Courses... Training Course Schedule... 2 DIACAP Courses... 3 Risk Management Framework (RMF) for DoD Information Technology (IT)... 4 Applying the FISMA/NIST Risk Management Framework... 5 Applying the CNSS/NIST Risk Management Framework... 6 NSA CNSS 4015 Boot Camp Compliance CompTIA Security+ Certification... 9 Recovery Planning Practitioner Course... 9 ISC 2 Certified Authorization Professional (CAP) Cloud Security and FedRAMP Training Assessing Network Vulnerabilities Ethical Hacking Lunarline Mobile Courses Meet the Instructors Waylon Krush, CISSP, CISA, CAP Keith Mortier, CISSP, CISA Charles A. Russell, Sr., PMP, CISSP, CAP, CTT Rebecca Henry Onuskanich, CISSP, CAP, CTT Robert Cohen, CCM, CBRM, CBCP, Security+ Certified Matt Xenakis, CISSP, CAP Jennifer Hawks, CISSP Daniel Kwiatkowski, CISSP Don Becker, CISSP, MCP Alan Yuriditsky, CAP Training Success Stories Class Rates Our Customers Need more information? Want to reserve your seat in our training? Contact Melissa Dawson Today! (571) Or her at: melissa.dawson@lunarline.com

4 We Offer Training Courses DIACAP Hands-On In- Depth 3 Day November 5-7, 2013 February 4-6, 2014 May 6-8, 2014 September 16-18, 2014 November 12-14, 2014 DIACAP Hands-On Intensity 4 Day November 5-8, 2013 February 4-7, 2014 May 6-9, 2014 September 16-19, 2014 DIACAP Validator Workshop 5 Day January 27-31, 2014 March 10-14, 2014 June 9-13, 2014 October 27-31, 2014 Risk Management Framework (RMF) for DoD Information Technology (IT) Overview 1 Day April 7, 2014 July 14, 2014 December 1, 2014 Risk Management Framework (RMF) for DoD Information Technology (IT) Hands-On In Depth 3 Day January 7-9, 2014 April 8-10, 2014 June 24-26, 2014 July 15-17, 2014 October 7-9, 2014 December 2-4, 2014 Risk Management Framework (RMF) for DoD Information Technology (IT) Hands-On Intensity 4 Day January 7-10, 2014 April 8-11, 2014 June 24-27, 2014 July 15-18, 2014 October 7-10, 2014 December 2-5, 2014 Applying the NIST/FISMA Risk Management Framework (RMF) Overview 1 Day March 24, 2014 May 12, 2014 Applying the NIST/FISMA Risk Management Framework In-Depth 3 Day January 21-23, 2014 March 25-27, 2014 May 13-15, 2014 August 5-7, 2014 October 14-16, 2014 November 18-20, 2014 Applying the NIST/FISMA Risk Management Framework Intensity 4 Day January 21-24, 2014 March 25-28, 2014 May 13-16, 2014 August 5-8, 2014 October 14-17, 2014 November 18-21, 2014 Applying the NIST/FISMA Risk Management Framework / Security Controls Validator 5 Day February 10-14, 2014 May 19-23, 2014 September 22-26, 2014 Applying the NIST/CNSS Risk Management Framework Overview 1 Day March 3, 2014 June 2, 2014 Applying the NIST/CNSS Risk Management Framework In-Depth 3 Day November 19-21, 2013 March 4-6, 2014 June 3-5, 2014 September 9-11, 2014 December 9-11, 2014 Applying the NIST/CNSS Risk Management Framework Intensity 4 Day November 19-22, 2013 March 4-7, 2014 June 3-6, 2014 September 9-12, 2014 December 9-12, 2014 Applying the NIST/CNSS Risk Management Framework / Security Controls Validator 5 Day December 16-20, 2013 April 14-18, 2014 July 7-11, 2014 October 20-24, 2014 NSA CNSS 4015 Boot Camp December 9-13, 2013 July 21-25, Compliance CompTIA Security + 3 Day November 19-21, 2013 January 28-30, 2014 May 20-22, 2014 July 1-3, 2014 September 30 October 2, 2014 Recovery Planning Practitioner 5 Day December 2-6, 2013 August 25-29, 2014 ISC2 Certified Authorization Professional (CAP) 4 Day November 4-7, 2013 February 25-28, 2014 May 27-30, 2014 October 14-17, 2014 Cloud Security and FedRAMP Training 3 Day January 14-16, 2014 April 22-24, 2014 June 17-19, 2014 August 12-14, 2014 November 4-6, 2014 Assessing Network Vulnerabilities 4 Day February 18-21, 2014 April 1-4, 2014 August 19-22, 2014 Ethical Hacking 4 Day November 12-15, 2013 March 18-21, 2014 July 29-31, 2014 September 2-5, 2014 December 16-18, 2014 * All are held at the Lunarline Training Facility in Arlington, VA 2

5 DIACAP DoD Information Assurance Certification and Accreditation Process (DIACAP) DIACAP Overview 1 Day Our Price: $ COURSE DATES COMING 2014 This course is designed for students who want to gain an improved understanding of the DIACAP. The course provides an overview of DIACAP requirements, documentation and associated processes. DIACAP In-Depth 3 Day Our Price: $1, COURSE DATES This course is designed for students who want to gain an improved understanding of the DIACAP. The course provides an overview of NOV 5-7, 2013 DIACAP requirements, documentation, and associated processes. This course provides an in-depth look into the DIACAP processes, and FEB 4-6, 2014 MAY 6-8, 2014 includes a series of hands-on exercises in developing the DIACAP Systems Identification Profile (SIP), DIACAP Implementation Plan (DIP), SEPT 16-18, 2014 NOV 12-14, 2014 and Plan of Actions and Milestones (POA&M). The DIACAP training is introduced from a Department perspective, but can be tailored as required to include any Component/Service or system-specific nuances relative to the implementation of the DIACAP. Instruction modules include the DIACAP Activity Cycle, the Knowledge Service, DIACAP Governance Structure, roles and responsibilities, and much more. DIACAP Intensity 4 Day Our Price: $2, COURSE DATES This course is designed for students who want to gain an improved understanding of the DIACAP. The course provides an overview of NOV 5-8, 2013 DIACAP requirements, documentation, and associated processes. The 4-day intensity course provides an in-depth look into the DIACAP FEB 4-7, 2014 MAY 6-9, 2014 processes, and includes a series of hands-on exercises in developing the DIACAP Systems Identification Profile (SIP), DIACAP Implementation Plan (DIP), and Plan of Actions and Milestones (POA&M). The DIACAP training is introduced from a Department perspective, but SEPT 16-19, 2014 can be tailored as required to include Component/Service and system-specific astructure, roles and responsibilities, and many more. The fourth day of the DIACAP Intensity course provides each student with an introduction to using the DoD approved automated scanning tools, including the DISA SRRs, Gold Disk, and other DoD automated tools. DIACAP Validator Workshop 5 Day Our Price: $2, COURSE DATES This course concentrates on methods used to validate DoD IA Controls as contained in DoDI Discussion areas include an OCT 28 - NOV 1, 2013 overview of the DIACAP, the DoD-defined information system types and the associated security concerns, vulnerability scanning, DoDapproved automated scanning tools, and many more. The course provides an in-depth explanation of each control identified in DoDI JAN 27-31, 2014 MAR 10-14, 2014 JUNE 9-13, 2014 OCT 27-31, to include the appropriate testing method, associated supporting evidence (known as artifacts), and how to more efficiently and effectively test and validate DoD systems and infrastructure. The curriculum will prepare the ACA or Validator to test against the DoD IA controls using manual and automated procedures in accordance with the standards set forth by the Department. These Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011, Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. As well as earning CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 3

6 Risk Management Framework (RMF) for DoD Information Technology (IT) Risk Management Framework DoD Information Technology (RMF for DoD IT) Risk Management Framework (RMF) for DoD Information Technology (IT) Overview 1 Day Our Price: $ COURSE DATES APRIL 7, 2014 JUL 14, 2014 DEC 1, 2014 Lunarline offers the most comprehensive and detailed hands-on training for students who want to gain an understanding of the pending transition from DIACAP to Risk Management Framework (RMF) for DoD Information Technology (IT). DOD is now in the process of establishing the regulatory foundation for their transition to the use of the NIST RMF. This training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible. This course includes the following takeaway items: A printed training manual, a CD with a comprehensive set of NIST and Director of National Intelligence (DNI) - approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Risk Management Framework (RMF) for DoD Information Technology (IT) In-Depth 3 Day Our Price: $1, COURSE DATES Lunarline offers the most comprehensive and detailed hands-on training for students who want to gain an understanding of the pending transition from DIACAP to Risk Management Framework (RMF) for DoD Information Technology (IT). Our training is based upon JAN 7-9, 2014 APRIL 8-10, 2014 JUNE 24-26, 2014 participation of our subject matter experts in transition working groups and direct experience with other Federal, DoD and commercial JUL 15-17, 2014 OCT 7-9, 2014 clients. In compliance with the Federal Information Security Management Act (FISMA), Federal agencies and the Intelligence Community have already transitioned to the use of the NIST Risk Management Framework (RMF) as the foundation for their assessment and DEC 2-4, 2014 authorization (A&A) processes, formerly known as certification and accreditation (C&A). DoD is now in the process of establishing the regulatory foundation for their transition to the use of the NIST RMF. This training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible. Students will engage in a series of hands-on activities that will provide active learning of the new processes, preparation of the documentation, and execution of the required security control assessments. Risk Management Framework (RMF) for DoD Information Technology (IT) Intensity 4 Day Our Price: $2, COURSE DATES Lunarline offers the most comprehensive and detailed hands-on training for students who want to gain an understanding of the pending transition from DIACAP to Risk Management Framework (RMF) for DoD Information Technology (IT). Our training is based upon JAN 7-10, 2014 APRIL 8-11, 2014 JUNE 24-27, 2014 participation of our subject matter experts in transition working groups and direct experience with other Federal, DoD and commercial JUL 15-18, 2014 OCT 7-10, 2014 clients. In compliance with the Federal Information Security Management Act (FISMA), Federal agencies and the Intelligence Community DEC 2-5, 2014 have already transitioned to the use of the NIST Risk Management Framework (RMF) as the foundation for their assessment and authorization (A&A) processes, formerly known as certification and accreditation (C&A). DoD is now in the process of establishing the regulatory foundation for their transition to the use of the NIST RMF. This hands-on training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible. This course is focused on a series of hands-on activities that will provide active learning of the new processes, preparation of the documentation, and execution of the required security control assessments. This class includes extensive hands on training on Federally-approved vulnerability assessment tools, such as Nessus, and other useful security tools. Upon completion, students will be able to immediately apply the concepts and ensure that their organization can experience a smooth transition. These Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011, Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. As well as earning CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 4

7 Applying the FISMA/NIST Risk Management Framework Federal Information Security Management Act (FISMA) Applying the FISMA/NIST Risk Management Framework Overview 1 Day Our Price: $ COURSE DATES Lunarline s Federal Information Security Management Act (FISMA)/NIST Risk Management Framework training provides students a practical high-level overview of the NIST approach to system authorization, an introduction to the requirements for meeting FISMA require- MAR 24, 2014 MAY 12, 2014 ments, as well as an in-depth look of the Federal system authorization process and Risk Management Framework (RMF). This course has been aligned with NIST SP Revision 1 and the new processes introduced under the Federal transformation of assessment and authorization (formerly certification and accreditation). This course includes the following takeaway items: A printed training manual, a CD with a comprehensive set of NIST and Director of National Intelligence (DNI) - approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Applying the FISMA/NIST Risk Management Framework In-Depth 3 Day Our Price: $1, COURSE DATES Lunarline s Federal Information Security Management Act (FISMA) training provides students with a fundamental knowledge of the JAN 21-23, 2014 requirements for meeting FISMA requirements, as well as an in-depth look of the Federal system authorization process and Risk Management Framework (RMF). This training equips the students with an in-depth indoctrination into the RMF and they will learn the MAR 25-27, 2014 AUG 5-7, 2014 OCT 14-16, 2014 requirements for managing risk, and ensuring that the confidentiality, availability and integrity of federal information and information NOV 18-20, 2014 systems is protected at a level commensurate with the security requirements of the information and the information system. Students will participate in a series of scenario-based hands-on exercises to enhance understanding of the processes used for system authorization, including all of the elements of the Risk Management Framework. These exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for Federal Information Systems. This training is a CNSS approved course that deals with the new C&A transformation. Please note this course has been aligned with NIST SP Revision 1 and is the new process under the C&A transformation. The FISMA In-Depth Course covers the requirements and the use of FIPS 199, NIST SP , NIST SP Revision 1, NIST SP , NIST SP , NIST SP , NIST SP and NIST SP800-53A. Applying the FISMA/NIST Risk Management Framework In-Depth Intensity 4 Day Our Price: $2, COURSE DATES Lunarline s Federal Information Security Management Act (FISMA)/NIST training provides students with a fundamental knowledge of JAN 21-24, 2014 the requirements for meeting FISMA requirements, as well as an in-depth look of the Federal system authorization process and Risk MAR 25-28, 2014 MAY 13-16, 2014 Management Framework (RMF). This hands-on training equips the students with an in-depth indoctrination into the RMF and they will AUG 5-8, 2014 learn the requirements for managing risk, and ensuring that the confidentiality, availability and integrity of federal information and information systems is protected at a level commensurate with the security requirements of the information and the information system. OCT 14-17, 2014 NOV 18-21, 2014 Students will participate in a series of scenario-based hands-on exercises to enhance understanding of the processes used for system authorization, including all of the elements of the Risk Management Framework. These exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for Federal Information Systems. The fourth day of the FISMA/NIST RMF Intensity course provides each student with a hands on experience in using automated vulnerability assessment and other tools used to support the Federal authorization process. The FISMA In-Depth Course covers the requirements and the use of FIPS 199, NIST SP , NIST SP , NIST SP , NIST SP , NIST SP , NIST SP , and NIST SP800-53A. These Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011, Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. As well as earning CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 5

8 Applying the NIST/FISMA Risk Management Framework / Security Controls Validator 5 Day Our Price: $2, COURSE DATES This course provides an in-depth look at testing the controls using NIST SP A and ensuring the use of the Risk Management FEB 10-14, 2014 MAY 19-23, 2014 Framework (RMF) for Federal Security Systems.. The focus of the course is an in-depth explanation of each NIST SP controls JUNE 23-27, 2014 to include what method should be used to test and validate each security control in accordance with NIST SP A and NIST SP SEPT 22-26, , what evidence should be gathered, and how to more efficiently and effectively test Federal systems and infrastructure. The curriculum will introduce the independent tester or Validator to test the process for any of the Federal IA controls using manual and automated tests to ensure all controls are tested properly. The FISMA Validator Course will cover NIST SP A, NIST SP , NIST SP , NIST SP and the development of the Security Assessment Report (SAR), and Plan Of Action and Milestones (POA&M). The student will have a hands-on experience using scenario-based hands-on exercises in executing the validation tests with the approved tools. These exercises will include the development of the Security Assessment Report (SAR). Lunarline s courseware has been evaluated and is certified by the NSA/CNSS to meet NSTISSI 4011, CNSSI 4012 and NSTISSI 4015 requirements. All of our instructors have hands-on, real world experience you get more than just classroom instruction, you receive the benefits of actual expertise in executing these processes. Applying the CNSS/NIST Risk Management Framework Committee for National Security Systems (CNSS) Applying the CNSS/NIST Risk Management Framework Overview 1 Day Our Price: $ COURSE DATES MAR 3, 2014 JUNE 2, 2014 This course equips the student with an overview of the system assessment and authorization process and the Risk Management Framework (RMF) for National Security Systems (NSS). The CNSS Course will address the Federal and Intelligence Community requirements, including NIST SP , NIST SP , and CNSS Applying the CNSS/NIST Risk Management Framework In-Depth 3 Day Our Price: $1, COURSE DATES This course equips the student with an overview of the system authorization process and the Risk Management Framework (RMF) for NOV 19-21, 2013 National Security Systems (NSS). In addition to the classroom instruction, the student will also participate in several scenario-based MAR 4-6, 2014 JUNE 3-5, 2014 hands-on exercises in the implementation of the RMF to provide a clear knowledge bridge to the revised system authorization processes for those currently working with C&A for National Security Systems or for those who have limited or no C&A experience. These SEPT 9-11, 2014 DEC 9-11, 2014 exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for a NSS. This course meets the requirements of National Security Directive 42 (NSD-42), which outlines the roles and responsibilities for securing NSSs. The CNSS In-Depth Course will address the Federal and Intelligence Community requirements, including NIST SP , NIST SP , FIPS 199, and CNSS These Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011, Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. As well as earning CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 6

9 Applying the CNSS/NIST Risk Management Framework In-Depth Intensity 4 Day Our Price: $2, COURSE DATES This course equips the student with an overview of the system authorization process (also known as C&A) and the Risk Management NOV 19-21, 2013 MAR 4-7, 2014 Framework (RMF) for National Security Systems (NSS). In addition to the classroom instruction, the student will also JUNE 3-6, 2014 SEPT 9-12, 2014 DEC 9-12, 2014 participate in several scenario-based hands-on exercises in the implementation of the RMF using the CNSS and IC requirements to provide a clear knowledge bridge to the revised system authorization processes for those currently working with C&A for National Security Systems or for those who have limited or no C&A experience. These exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for a NSS. This course meets the requirements of National Security Directive 42 (NSD-42), which outlines the roles and responsibilities for securing NSSs. The CNSS In- Depth Course will address the Federal and Intelligence Community requirements, including NIST SP , NIST SP , and CNSS The fourth day of the CNSS/NIST RMF Intensity course provides each student with a hands on experience in using automated vulnerability assessment and other tools used to support the Federal and CNSS system authorization process. Applying the CNSS/NIST Risk Management Framework / Security Controls Validator 5 Day Our Price: $2, COURSE DATES This course provides an in-depth look at testing the controls using NIST SP A, CNSS 1253A, and ensuring the use of the Risk DEC 16-20, 2013 Management Framework (RMF) for National Security Systems. The focus of the course is an in-depth explanation of each NIST SP APRIL 14-18, 2014 JUL 7-11, 2014 controls and includes unclassified policies and procedures related to NSS to include what method should be used to test and validate OCT 20-24, 2014 each security control in accordance with NIST SP A and NIST SP , what evidence should be gathered, and how to more efficiently and effectively test Federal systems and infrastructure. The curriculum will introduce the independent tester or Validator to test the process for any of the NSS IA controls using manual and automated tests to ensure all controls are tested properly. The CNSS/NIST RMF Validator Course will cover NIST SP A, NIST SP , NIST SP , NIST SP , NIST SP and the development of the Security Assessment Report (SAR), and Plan Of Action and Milestones (POA&M). The student will have a hands-on experience using scenario-based handson exercises in executing the validation tests with the approved tools. These exercises will include the development of the Security Assessment Report (SAR). Lunarline s courseware has been evaluated and is certified by the NSA/CNSS to meet NSTISSI 4011, CNSSI 4012 and NSTISSI 4015 requirements. All of our instructors have hands-on, real world experience you get more than just classroom instruction, you receive the benefits of actual expertise in executing these processes. These Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011, Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. As well as earning CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 7

10 NSA CNSS 4015 Boot Camp Includes the DIACAP Validator and Risk Management Framework for DoD Information Technology (IT) NSA CNSS 4015 Boot Camp 5 Day Our Price: $2, COURSE DATES DEC 9-13, 2013 JUL 21-25, 2014 This class combines the DIACAP Validator and Risk Management Framework for DoD Information Technology (IT) In-Depth class which qualifies you to earn your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4015, 4011 and CNSSI 4012 in 5 days. This course concentrates on methods used to validate DoD IA Controls as contained in DoDI Discussion areas include an overview of the DIACAP, the DoD-defined information system types and the associated security concerns, vulnerability scanning, DoD-approved automated scanning tools, and many more. The course provides an in-depth explanation of each control identified in DoDI to include the appropriate testing method, associated supporting evidence (known as artifacts), and how to more efficiently and effectively test and validate DoD systems and infrastructure. The curriculum will prepare the ACA or Validator to test against the DoD IA controls using manual and automated procedures in accordance with the standards set forth by the Department. Lunarline offers the most comprehensive and detailed hands-on training for students who want to gain an understanding of the pending transition from DIA- CAP to RMF for DoD IT. Our training is based upon participation of our subject matter experts in transition working groups and direct experience with other Federal, DoD and commercial clients. In compliance with the Federal Information Security Management Act (FISMA), Federal agencies and the Intelligence Community have already transitioned to the use of the NIST Risk Management Framework (RMF) as the foundation for their assessment and authorization (A&A) processes, formerly known as certification and accreditation (C&A). DoD is now in the process of establishing the regulatory foundation for their transition to the use of the NIST RMF. This training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible. Students will engage in a series of hands-on activities that will provide active learning of the new processes, preparation of the documentation, and execution of the required security control assessments. This Course Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4015 Information System Certifier, your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011 and Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. You will also receive Lunarline s School of Cyber Security s Certified Expert DIACAP Professional (CEDP) Certificate. And earn CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 8

11 8570 Compliance CompTIA Security+ Certification 8570 Compliance CompTIA Security+ Certification 3 Day Our Price: $3, COURSE DATES NOV 19-21, 2013 JAN 28-30, 2014 MAY 20-22, 2014 JUL 1-3, 2014 SEP 30 - OCT 2, 2014 Lunarline, a CompTIA Authorized Partner, offers an intense 3 Day Security+ course consisting of nine lessons addressing each of the six Security+ domains in depth. All Lunarline training materials and books are CompTIA approved and have the most up to date information required to successfully understand the various security domains. Students receive a CompTIA Security+ Deluxe Study Guide (which includes a CD), as well as CompTIA-approved course material that is composed of independent study assignments designed to help students prepare to successfully complete the Security+ exam. The course was designed for students who are familiar with basic computer functionality, networking concepts and text-based interfaces and is taught exclusively by CTT+ and Security+ Certified Instructors with extensive real hands- on information security experience. The primary objective of this 5 day course is to increase operator knowledge of physical, network and system security and prepare the student for the Security+ examination. Upon course completion, students should have an understanding of the Six security domains addressed by the Security+ certification. These domains include: Systems Security, Network Infrastructure, Access Control, Assessments and Audits, Cryptography, Organizational Security. FEATURES: The Six Domains of Security+: Systems Security Network Infrastructure Access Control Assessments and Audits Cryptography Organizational Security. Every student participating in Lunarline s Security+ 3-Day training will receive a test voucher for your Security+ Certification test. This course will prepare students to meet the certification compliance mandates required by DOD Directive for DOD information assurance technicians and managers. Recovery Planning Practitioner Recovery Planning Practitioner Course 5 Day Our Price: $2, COURSE DATES This course is designed to provide an operational basis for all facets of recovery planning through information delivery and practical exercises. As a result of this course, students will be able to conduct risk analysis, business impact analysis, recovery strategy analysis and DEC 2-6, 2013 AUG 25-29, 2014 develop viable emergency response plans and recovery plans through the information obtained as a result of these assessments. This course will impart an ability to conduct Business Impact Analysis so that executive management will have a prioritized list of all functions per formed, a determination of when the loss of a given function becomes unacceptable to the organization, and the resources necessary to enable the recovery of each function. Students will be provided with insights into conducting Recovery Strategy Analysis, understanding the different strategies that are currently available and their applica bility based on their strengths and weaknesses. This course will expose the students to emergency response techniques from the development of checklists to crafting concise communications releases. Upon completion of the study of recovery planning foundations, this course will give the students a thorough knowledge of how to develop viable, easy-to-use recovery plans that address all hazards and all contingencies. Finally, this course is designed to provide the elements of an ongoing viable recovery capability through training and exercising programs that meet the needs of all audiences for all organizations. This Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your Certificate of successful participation in this course, which will allow you to claim hours of Continuous Professional Experience for your existing certifications. 9

12 ISC 2 Certified Authorization Professional (CAP) Course Lunarline is now authorized by (ISC) ² CAP - Certified Authorization Professional. The course is taught by (ISC) ² authorized instructors who employ effective delivery of the curriculum while focusing on preparing you with the knowledge and skills required with passing the rigorous CAP examination. Framework (RMF) as the foundation for their assessment and authorization (A&A) processes, formerly known as certification and accreditation (C&A). DoD is now in the process of establishing the regulatory foundation for their transition to the use of the NIST RMF. This hands-on training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible. ISC 2 Certified Authorization Professional Course (CAP) 4 Day Our Price: $3, COURSE DATES The Certified Authorization Professional (CAP) credential is an objective measure of the knowledge, skills and abilities required for personnel involved in the process of authorizing and maintaining information systems. Specifically, this credential applies to those responsible NOV 4-7, 2013 FEB 25-28, 2014 MAY 27-30, 2014 for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals. OCT 14-17, 2014 The credential is appropriate for commercial markets, civilian and local governments, and the U.S. Federal government including the State Department and the Department of Defense (DoD). Job functions such as authorization officials, system owners, information owners, information system security officers, and certifiers as well as all senior system managers apply. Understand the Security Authorization of Information Systems - Security authorization includes a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise. The authorization process incorporates the application of a Risk Management Framework (RMF), a review of the organizational structure, and the business process/mission as the foundation for the implementation and assessment of specified security controls. This authorization management process identifies vulnerabilities and countermeasures and determines residual risks. The residual risks are evaluated and deemed either acceptable or unacceptable. More controls must be implemented to reduce unacceptable risk. The system may be deployed only when the residual risks are acceptable to the enterprise. Categorize Information Systems - Categorization of the information system is based on an impact analysis. It is performed to determine the types of information included within the security authorization boundary, the security requirements for the information types, and the potential impact on the organization resulting from a security compromise. The result of the categorization is used as the basis for developing the security plan, selecting security controls, and determining the risk inherent in operating the system. Establish the Security Control Baseline - The security control baseline is established by determining specific controls required to protect the system based on the security categorization of the system. The baseline is tailored and supplemented in accordance with an organizational assessment of risk and local parameters. The security control baseline, as well as the plan for monitoring it, is documented in the security plan. Apply Security Controls - The security controls specified in the security plan are implemented by taking into account the minimum organizational assurance requirements. The security plan describes how the controls are employed within the information system and its operational environment. The security assessment plan documents the methods for testing these controls and the expected results throughout the systems life-cycle. Assess Security Controls - The security control assessment follows the approved plan, including defined procedures, to determine the effectiveness of the controls in meeting security requirements of the information system. The results are documented in the security assessment report. Authorize Information System - The residual risks identified during the security control assessment are evaluated and the decision is made to authorize the system to operate, deny its operation, or remediate the deficiencies. Associated documentation is prepared and/or updated depending on the authorization decision. Monitor Security Controls - After an Authorization to Operate (ATO) is granted, ongoing continuous monitoring is performed on all identified security controls as well as the political, legal, and physical environment in which the system operates. Changes to the system or its operational environment are documented and analyzed. The security state of the system is reported to designated officials. Significant changes will cause the system to reenter the security authorization process. Otherwise, the system will continue to be monitored on an ongoing basis in accordance with the organization s monitoring strategy. 10

13 Cloud Security and FedRAMP Training Are you in the cloud? Are you concerned about security in the cloud? Do you want to have a better understanding of FedRAMP? Are you a 3PAO? Cloud Security and FedRAMP Training 3 Day Our Price: $1, COURSE DATES JAN 14-16, 2014 APRIL 22-24, 2014 JUNE 17-19, 2014 AUG 12-14, 2014 NOV 4-6, 2014 If you answered yes to any of the above questions, then you should register for the Lunarline School of Cyber Security (SCS) class in Cloud Security and FedRAMP. The 3-day Cloud Security and FedRAMP course provides students with an in-depth knowledge of cloud security requirements, cloud security issues, cloud computing architecture and security concepts for the three types of cloud computing: Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS), and explains what cloud service providers and agencies must do to understand the latest guidance provided by NIST and to meet the requirements for the Federal Risk and Authorization Management Program (FedRAMP). What you will learn: Cloud Computing Architecture and Security Concepts, Cloud Security Baselines, Cloud Security Assessment & Authorization, What is FedRAMP? FedRAMP Requirements, Roles and Responsibilities for Key FedRAMP Stakeholders (Providers, Federal Agencies, and 3PAOs), NIST SP Security Controls for Cloud Security Environments, Independent Verification and Validation, and Continuous Monitoring. Lunarline is known as an expert in cloud security and one of the first companies to be awarded 3PAO certification for FedRAMP. Our classes are provided by our Senior Strategists in Cloud Security, all of whom have demonstrated hands-on experience. Course includes an Android tablet with the training material and other reference materials pre-loaded. Every student participating will receive a certificate of successful participation in this course, which will allow you to claim hours of Continuous Professional Experience for your existing certifications. Our Continuing Education Credits are accepted by ISC2, CompTIA and ISACA. Assessing Network Vulnerabilities Assessing Network Vulnerabilities Training 4 Day Our Price: $2, COURSE DATES FEB 18-21, 2014 APRIL 1-4, 2014 AUG 19-22, 2014 Security professionals are overwhelmed by abundant security advisories, intrusion and firewall alerts, and vulnerability reports. Knowledge of actual hacking techniques and scenarios permits a more effective response against the growing threats from Internet access and presence. The 4-day instructor led course exposes students to exploits and and teaches them how to run vulnerability scans to better secure networks, servers and workstations. In the course, students will learn how to: Assess the risk to your systems from vulnerabilities and exploit, Conduct vulnerability scans of your networks, servers and workstations, Integrate advisories and alerts into your security practices and procedures, Respond to evolving risk levels by prioritizing your defensive resources, and Manage an ongoing vulnerability assessment process. This Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material and other reference materials pre-loaded. Certification: You will receiver your Certificate of successful participation in this course, which will allow you to claim hours of Continuous Professional Experience for your existing certifications. Our Continuing Education Credits are accepted by ISC2, CompTIA and ISACA. 11

14 Ethical Hacking & Penetration Testing Ethical Hacking & Penetration Testing Training 4 Day Our Price: $2, COURSE DATES NOV 12-15, 2013 MAR 18-21, 2014 JUL 29-31, 2014 SEPT 2-5, 2014 DEC 16-18, 2014 Vulnerability scanning and security audits alone will not ensure the security of an organization because they only test for currently known vulnerabilities with little to no analysis of how these vulnerabilities may be exploited. To ensure that systems are adequately protected, administrators must probe networks and assess the security posture for vulnerabilities and exposed surfaces while attempting to exploit them. Penetration testing fills a vital organizational need by confirming information security policies are both adequate and sufficiently implemented to protect against novel attacks. The 4-day Ethical Hacking & Penetration Testing course provides students with intermediate level training in hacking and penetration testing techniques. The training immerses each student into a hand-on interactive environment where they will learn how to scan and attack with the purpose of securing networks and information systems. The training course is lead by an experienced instructor and provides students practial exercises in the skills needed to test and protect today s sensitive networks and information systems. The course includes a combination of lecture and demonstrations designed around a virtual lab environment. Labs cover various scenarios that provide for robust and realistic hands-on experiences across a range of topic areas. Students will begin by understanding the five phases of hacking and will then be introduced to various tools and methods for conducting white hat system/network penetration testing. Through exposure to the types of methodologies and tools used by hackers, students obtain the skills needed to provide evidence of weaknesses and real assurance that current controls are working properly. The students will obtain the ability to quantitatively assess and measure threats to information assets and discover where an organization is most vulnerable to hacking. In addition, students will receive in-depth instruction on the ethics of hacking and penetration testing as well as how to develop appropriate rules of engagement. The goal of this course is to help the student master a repeatable, documentable penetration testing methodology that can be used in an ethical penetration testing or white hat hacking situation. This Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material and other reference materials pre-loaded. Certification: You will receiver your Certificate of successful participation in this course, which will allow you to claim hours of Continuous Professional Experience for your existing certifications. Our Continuing Education Credits are accepted by ISC2, CompTIA and ISACA. 12

15 Our Mobile Courses Need your team trained? No time for travel? No Problem... We can come to you! Lunarline is a SDVOSB that is ISO 9001: 2008 certified and appraised at Maturity Level 2 of CMMI. Lunarline, Inc. courseware meets all of the elements of the Committee on National Security Systems (CNSS) National Training Standard for Information Systems Security (INFOSEC) Professionals, NSTISSI No. 4011, 4012 and Our Mobile are one of Lunarline s most popular offerings. With instruction delivered through-out the world, Lunarline provides the flexibility to train virtually anywhere. We understand that our customers support real time, mission critical operations and are not necessarily available to travel no problem, we ll bring the training to you. You will see that having Lunarline come to your location you will save you on costs and be able to train more of your employees at once. You will be able to provide a more customized course for your needs. Our mobile class includes an Instructor/Security Engineer, his travel costs, training material for each student and the instruction of your class. All of our Instructors are security engineers with certifications such as Security+, CAP, CISSP and more. They can offer you real world experience, which you don t always get from other training companies. Our mobile are highly specialized and can be tailored to your environment Service, system and situation specific needs will be considered. In fact, many of our Mobile culminate into a C&A strategy development for your system. We have tailored DIACAP, FISMA, and CNSS for DISA, Army CIO G6, Air Force, Army (CENTCOM, SOCOM, LIA, NETCOM), Navy (SPAWAR), JSF and PM-JAIT, DOL OIG, Aetna Healthcare, Philips Electronics, SRI International, Lockheed Martin, Northrop Grumman, and more. Need to keep your certification current? Lunarline classes can earn you your CPE s to your existing certifications with CompTIA, ISC2 and ISACA. our Customers Need more information? Want to reserve your seat in our training? Contact Melissa Dawson Today! (571) Or her at: melissa.dawson@lunarline.com 13

16 Meet the Instructors Waylon Krush, CISSP, CISA, CAP Co-Founder and CEO, Lunarline, Inc. Waylon Krush is the CEO of Lunarline, Inc. and manages Lunarline s overall business strategy. Mr. Krush has over ten years of experience in Critical Infrastructure Protection (CIP), Information Operations (IO), Signals Intelligence, System and Telecommunication exploitation, and certification and accreditation (C&A). Prior to becoming the CEO of Lunarline, Inc., Waylon was a senior InfoSec engineer in AT&T s Advanced Systems Division, and Chief of the Information Assurance (IA) group for GRC-TSC. Mr. Krush proudly served seven years in the United States Army in various intelligence/security related technical and leadership roles throughout the world. Waylon holds a BS in Computer Information Science from University of Maryland University College, and is a Certified Information Systems Security Professional (CISSP), Certified Information Security Auditor (CISA) and a Certification and Accreditation Professional (CAP). He is also a recipient of the Knowlton Award, United States Marine Corp Scholastic Leadership Award, Air Force Advanced Signals Award, 718th Soldier of the Year, NSA Professional of the Quarter, Voice of America Award, and American Legion Award (2 Years). Mr. Krush is the co-author of The Definitive Guide to the C&A Transformation, published in 2009 with Lunarline s former VP of Cybersecurity, Dr. Julie Mehan. Keith Mortier, CISSP, CISA President and COO, Lunarline, Inc. Keith Mortier is the President and COO of Lunarline, Inc. and is the senior executive and consultant. Mr. Mortier has more than seventeen years of experience in Information Security, Organizational Leadership, and Strategic Planning-serving clients in multiple industries. Keith is an expert at directing IT projects and leading IT transformations to quickly align resources with company strategy to generate immediate returns. Prior to Lunarline, he worked as a part of the Cyber Security Team with AT&T Government Solutions and as the Staff Vice-President for the National Association of Home Builders. Mr. Mortier has also served as Regional Director, ISP Professional Services for Timebridge Technologies (later acquired by Dimension Data). Keith holds a BS in Computer Information Systems, the Certified Information Systems Security Professional (CISSP) and the Certified Information Systems Auditor (CISA) designations and is the author of the CISA Exam Cram 2 exam preparation guide published by Que. Charles A. Russell, Sr., PMP, CISSP, CAP, CTT+ Senior Instructor, Lunarline, Inc. Mr. Russell is a Senior Instructor for Lunarline. He brings more than 20 years of experience in information assurance, including skills derived from supporting Fortune 100 corporations like GTE Directories, Brown & Williamson Tobacco, Texas Instruments, First USA and Unisys Corporation. Charles has served in a variety of roles as both an independent consultant and a member of various technology teams to develop software, secure complex network environments and build organizational structures for the success of the U.S. Air Force, in addition to serving as a Special Agent with the Air Force s Office of Special Investigation. Mr. Russell holds the Project Management Professional (PMP) designation and is a participating member of the Richmond Chapter of PMI. He is a Certified Information Systems Security Professional, (CISSP), a Certification & Accreditation Professional (CAP) and a Certified Technical Trainer (CTT+). Charles holds an MS degree from Frostburg State University, a BA degree from the Virginia Military Institute and is a graduate of the Industrial College of the Armed Forces. He was awarded the Bronze Star medal while serving the Air Force in Southeast Asia. 14