RSA EDUCATION SERVICES CATALOG

Transcription

1 RSA EDUCATION SERVICES CATALOG Services Catalog Q

2 COURSE DESCRIPTION INDEX Identity and Access Management Authentication Governance, Risk and Compliance Data Loss Prevention Network Monitoring and Security Analytics RSA Access Manager Administration, Installation and Configuration RSA Aveksa Access Certification Manager Foundations Plus RSA Aveksa Access Fulfillment Express RSA Aveksa Access Request Manager RSA Aveksa Business Role Manager RSA Adaptive Authentication On-Premise Administration RSA Adaptive Authentication for ecommerce Back Office Tools RSA Cryptographic and Digital Certificate Concepts RSA Digital Certificate Management Solution v6.61 Installation and Administration RSA Authentication Manager Administration RSA Authentication Manager Installation and Configuration RSA SecurID Help Desk Basics RSA Authentication Manager 6.1 to 8.x Data Migration...32 Migrating RSA Authentication Manager v6.1 to a v8.1 Hardware Appliance...32 RSA Authentication Manager 7.1 to 8.x Data Migration...34 Migrating RSA Authentication Manager v7.1 to a v8.1 Hardware Appliance...34 Getting Started with Enterprise Risk Management Getting Started with Policy and Compliance Management RSA Archer Administration RSA Archer Advanced Administration RSA Archer Custom End-User Training Service RSA Data Loss Prevention Administration RSA Data Loss Prevention Policy and Classification RSA Security Analytics Administration RSA Security Analytics for Analysts RSA ecat Administration RSA Security Operations Management Solution Basics...56 Fraud Prevention RSA Silver Tail Forensics and Mitigator Basics Security Event and Incident Management Advanced Cyber Defense for Security Analysts Security Concepts and Principles General Staff IT Staff Development Staff RSA envision Administration RSA envision Advanced Administration RSA Intelligence-Driven Event Analysis RSA Incident Handling and Response RSA Threat Intelligence RSA Malware Analysis RSA Cyber Defense Workshop RSA Information Security and Privacy Awareness elearning Suite RSA Anti-Phishing elearning Suite RSA Cyber Security and Compliance elearning Suite RSA CyberStrength Assessment Service RSA PhishGuru Phishing Attack Simulation Service RSA IT Security Fundamentals RSA Database Security Fundamentals RSA Cloud Security Fundamentals RSA CISSP Certification Bootcamp RSA Application Security Fundamentals RSA Application Security Fundamentals for Managers RSA Common Security Flaws RSA Secure Architecture and Design RSA Secure Client/Server Development in C/C RSA Language-Neutral Secure Web Development RSA Secure Web Development in.net RSA Secure Web Development in PHP RSA Secure Web Development in Java RSA Security Testing Principles RSA Security Testing Techniques for Web Development RSA Security Testing Techniques for Client/Server Development RSA Secure Client/Server Development in Perl RSA Secure Development for Mobile Devices Learning Assessments RSA Learning Assessments RSA, The Security Division of EMC 2

3 The Value of Professional Education Investing in training and education makes good business sense and can have a profound impact on your team. It enables an organization to: Decrease operating costs and increase productivity Reduce technical infrastructure costs Increase effectiveness of your technology investment Reduce your organization s overall information risk ENABLE YOUR TEAM TODAY FOR TOMORROW S IT SECURITY CHALLENGES RSA Education Services provides practical and relevant courses that support security learning across an enterprise. Properly trained personnel are the lifeblood of any organization. As you implement new technologies, add new functionality to existing systems or orient new staff, education is a key element. Consistent and focused training helps maintain the security of your computing environment, improves the end user experience and increases productivity and job satisfaction among your staff. WHAT S NEW IN THIS CATALOG New/Updated Product Training Courses: - RSA Security Operations Management Solution Basics (pg 56) - RSA Aveksa (three new courses see pages 15-17): - Access Fulfillment Express - Access Request Manager - Business Role Manager Open Curriculum for Security Analysts (see pages 64-72) - RSA Intelligence-Driven Event Analysis - RSA Incident Handling and Response - RSA Threat Intelligence - RSA Malware Analysis - RSA Cyber Defense Workshop FLEXIBLE DELIVERY OPTIONS How to Contact Us Online [email protected] Phone (International) Fax Middlesex Turnpike Bedford, Massachusetts USA Instructor-Led Training (ILT) Instructor-led classes offer comprehensive training in a fully-equipped RSA Learning Center. Public classes give you the opportunity to interact with your peers, further enhancing your learning experience by sharing real-world tips and best practices. Video Instructor Led Training (Video ILT) Video ILT courses combine the best of instructor-delivered lectures and presentations with the convenience and flexibility of an ondemand learning format. Video ILT programs are delivered in streaming format and can be viewed by the student directly on their own computer with an internet connection. Online Instructor-Led Training (Online ILT) Online ILT provides real-time, interactive, virtual training where students participate online to access the instructor-led virtual classroom. Lecture, discussion, questions and answers, and lab exercises makes this a flexible training experience. elearning Self-paced elearning provides you with training that is generally one to three hours in length giving you the convenience of learning at your own pace. RSA, The Security Division of EMC 3

4 RSA PRODUCT TRAINING Our worldwide training services are targeted to serve professionals who are responsible for installing, supporting and administering the entire range of RSA solutions. Developed for security administration and network operations, the product courses offer a variety of teaching methods including traditional instructor-led and virtual instructor-led training, video-based learning, and elearning. Each of these options gives you the flexibility to select a learning mode that best fits your learning style, time constraints and budget. RSA, The Security Division of EMC 4

5 SECURITY CONCEPTS AND PRINCIPLES RSA Education Services offers a number of elearning courses and services to support your organization s information security initiatives. We offer various security awareness courses, an anti-phishing simulation program to better educate your employees against phishing attacks, role-based courses for IT and Development teams, Cloud Security Fundamentals, and a CISSP Certification Bootcamp. ADVANCED CYBER DEFENSE COURSES FOR SECURITY ANALYSTS The threat landscape is becoming more complicated every day. With the advent and enhancement of technical innovations like cloud computing, social media, mobile devices and big data, organizations are finding it very difficult to keep ahead of advanced threats. Security products, while necessary, can only go so far in identifying and mitigating potential breaches. A skilled security analyst is key to the success of any Information Security strategy. The RSA Advanced Cyber Defense courses address these challenges by offering comprehensive training on analytic processes and techniques that are independent of a specific attack technique or security product. These courses focus on analysis skills that are directly relevant to the current security climate. The curriculum also provides a path for security analysts to advance their skills by offering a tiered approach based on roles that are generally consistent with the roles and responsibilities of a SOC. RSA, The Security Division of EMC 5

6 Benefits of Onsite Training Substantial cost Savings Save up to 40% compared to individual public class rates Less student down time Reduce travel concerns and out-of-office time Convenient, Flexible Scheduling Your training can be scheduled at the time and location most convenient for you Benefits of Online Instructor-led Training No travel cost or travel time Live instructor with whom you can interact and ask questions Same content as the classroom version of the course with hands-on labs to reinforce concepts Modest connectivity requirements allow participation from anywhere Publicly-scheduled classes for individual participants or Private sessions for organizations that prefer virtual training for their dispersed teams ONSITE TRAINING With RSA Onsite training, you and your people aren t locked into a pre-existing schedule of public classes at a pre-existing location. RSA Education Services can work with you to schedule your training at the time and location that s most convenient for you. That means training doesn t have to conflict with your other business priorities and it can be timed precisely to support your RSA implementation. RSA Onsite training rates can save an organization up to 40% when compared to individual student rates. Additional cost savings are realized by eliminating the need for student travel. What s more, since your students are not preparing for trips or making their way back from airports after training they are likely to be more productive and accessible in the days surrounding their training experience. ONLINE INSTRUCTOR-LED TRAINING What is Online ILT? Online ILT is real-time virtual training conducted remotely by RSA instructors. It s virtual training that mirrors the classroom experience with: Live web casts. During scheduled web casts, students communicate with their RSA instructor and other students, ask questions, and experience RSA products through live demonstration. Hands-on labs. Students access a remote lab environment that enables them to interact with RSA software and practice what they ve learned. Course materials. Course materials are shipped to participants in advance of the class. Just like in a classroom, students use these materials under the guidance of the instructor. Instructor guidance. During class time, students have the benefit of the instructor s expertise to assist during the live web casts and Hands-on Labs. During lab time, the instructor can shadow students by virtually looking over the shoulder of each student to evaluate their progress and provide assistance. RSA LEARNING ASSESSMENTS As organizations increasingly depend on technology to manage their businesses, the need for employees to be knowledgeable about security is increasingly evident. Whether they are IT security professionals or general office staff, having the appropriate security knowledge and skills to perform their jobs is a critical business driver. To plan and position your security training initiatives cost-effectively, RSA Learning Assessments are tools to measure your team s knowledge of RSA products and other security-related concepts. Based on the learning assessment results, we can work with you to identify a learning program that works for you and your team. RSA Learning Assessments are useful for organizations who recognize a need for training but aren t quite sure what training their team really needs. By leveraging RSA Learning Assessments, you can better understand the learning gaps and make an informed decision about the most effective individual and group training plans for your team. Online RSA Learning Assessments are available to you at no charge. An assessment can be completed within minutes with immediate results provided to the assessment taker. For a team assessment, management reports can be provided that evaluates individual and group results. RSA, The Security Division of EMC 6

7 RSA Training Credit Details: Each Training Credit has a value of $100 US Valid for customers and partners in all regions Can be used to register one or more individuals Can be redeemed for any RSA course and any delivery mode Valid for one year (364 days) from time of issuance. Any unused days are null and void after the expiration date Payment can be made with: purchase order, credit card, or company check RSA TRAINING CREDITS Training is an invaluable means of facilitating growth in your organization and increasing the skills and knowledge of your employees. With RSA Training Credits (TCs) you can invest in RSA courses and use them whenever RSA training is necessary. Training credits are simply RSA Education Services currency. They are deposited into a company s training account and are available for general consumption by your company s employees. Valid for one year from date of purchase, pre-paid TCs provide maximum flexibility to ensure your team s readiness. With RSA TCs you can satisfy your training requirements as they evolve throughout the year. You reduce the paperwork and approvals associated with multiple enrollments by taking care of all your training needs with a single purchase. RSA TRAINING CENTERS Worldwide training center locations Bedford, MA - US Overland Park, KS - US Reston, VA - US Registration and Payment Please complete your registration at Be sure you register with the address of the student attending class, as this is the only unique identifier we have for each student. Complete details regarding payment by purchase order, credit card or check are provided on our web site. Bracknell - UK Dreieich - DE Espoo - FI Solna - SE Berlin - DE Hamburg - DE Bolzano - IT Singapore - SG Vilroorde - BE RSA CERTIFIED SECURITY PROFESSIONAL CERTIFICATION Düsseldorf - DE München - DE Mexico - MX Dubai - UAE For the most current information, go to By becoming an RSA Certified Security Professional, you possess the credentials that demonstrate your knowledge and skills necessary to function as a practical expert in the rapidly growing information security industry. Job-based certifications are available for administrators for the product areas designated below. Our relationship with Pearson VUE, which operates 5,000 testing centers in 165 countries, provides convenient access to certification exams and ensures impartial testing. The RSA Certified Administrator specialization is designed for professionals who administer and maintain enterprise security systems that use RSA SecurID, RSA Archer, or RSA Security Analytics. Certification RSA Archer Certified Administrator RSA SecurID Certified Administrator RSA Security Analytics Certified Administrator Recommended RSA Courses RSA Archer Administration RSA Archer Advanced Administration RSA Authentication Manager Administration RSA Authentication Manager Installation and Configuration RSA Security Analytics Administration RSA, The Security Division of EMC 7

8 EMC 2, EMC, RSA, RSA Security, Archer and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. Copyright 2013 EMC Corporation. All rights reserved. Published in the USA. EDCAT SB 0314 r1 RSA, The Security Division of EMC 8

9 SUMMARY OF OFFERINGS BY DELIVERY MODE Identity and Access Management RSA Access Manager Administration, Installation and Configuration RSA Aveksa Access Certification Manager Foundations Plus RSA Aveksa Access Fulfillment Express RSA Aveksa Access Request Manager RSA Aveksa Business Role Manager Authentication ILT VILT e-learning Online ILT RSA Adaptive Authentication On Premise Administration RSA Adaptive Authentication for ecommerce Back Office Tools RSA Cryptographic & Digital Certificate Concepts RSA Digital Certificate Management Solution Installation and Administration RSA Authentication Manager Administration RSA Authentication Manager Installation and Configuration RSA SecurID Help Desk Basics RSA Authentication Manager 6.1 to 8.x Data Migration Migrating RSA Authentication Manager v6.1 to a v8.1 Hardware Appliance RSA Authentication Manager 7.1 to 8.x Data Migration Migrating RSA Authentication Manager v7.1 to a v8.1 Hardware Appliance Governance, Risk and Compliance Getting Started with Enterprise Risk Management Getting Started with Policy and Compliance Management RSA Archer Administration RSA Archer Advanced Administration RSA Archer Custom End-User Training Service Data Loss Prevention RSA Data Loss Prevention Administration RSA Data Loss Prevention Policy and Classification Network Monitoring and Security Analytics RSA Security Analytics Administration RSA Security Analytics for Analysts RSA ECAT Administration [On-site Only] RSA Security Operations Management Solution Basics Fraud Prevention RSA Silver Tail Forensics and Mitigator Basics [On-site Only] 9

10 SUMMARY OF OFFERINGS BY DELIVERY MODE (CONTINUED) Security Event and Incident Management ILT VILT e-learning Online ILT RSA envision Administration RSA envision Advanced Administration Advanced Cyber Defense for Security Analysts RSA Intelligence-Driven Event Analysis RSA Incident Handling and Response RSA Threat Intelligence RSA Malware Analysis RSA Cyber Defense Workshop Security Concepts and Principles General Staff RSA Information Security and Privacy Awareness elearning Suite RSA Anti-Phishing elearning Suite RSA Cyber Security and Compliance elearning Suite RSA CyberStrength Assessment Service RSA PhishGuru Phishing Attack Simulation Service Security Concepts and Principles IT Staff RSA IT Security Fundamentals RSA Database Security Fundamentals RSA Cloud Security Fundamentals RSA Certified Information Systems Security Professional (CISSP) Boot Camp Security Concepts and Principles Development Staff RSA Application Security Fundamentals RSA Application Security Fundamentals for Managers RSA Common Security Flaws RSA Secure Architecture and Design [On-site Only] RSA Secure Client/Server Development in C/C++ RSA Language-Neutral Secure Web Development [On-site Only] RSA Secure Web Development in.net RSA Secure Web Development in PHP RSA Secure Web Development in Java RSA Security Testing Principles RSA Security Testing Techniques for Web Development [On-site Only] RSA Security Testing Techniques for Client/Server Development [On-site Only] RSA Secure Client/Server Development in Perl 10

11 RSA Access Manager Administration, Installation and Configuration Course Description AT-A-GLANCE This course offers theoretical and hands-on instruction in the administrative functions, operations, and installation and configuration tasks associated with the RSA Access Manager product. Overview RSA Access Manager system architecture, server structure, integration of components into an enterprise infrastructure, user organization, and the importance of various configuration parameters are discussed. Hands-on labs allow the student to work step-bystep through the phases of an RSA Access Manager implementation. Extensive hands-on labs and the use of a realistic case study reinforce the tasks involved in creating a complete Web access management solution. Audience System, security, or help desk personnel who need to install, deploy and/or maintain RSA Access Manager. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED CLRAIN110 Public class ED CLRAIN210 Onsite class ED ACCMGRTRAIN CREDIT Training credits Duration 4 days Prerequisite Knowledge/Skills Familiarity with Web and directory server or database technologies; A functional knowledge of OS and networking fundamentals. Course Objectives Upon successful completion of this course, participants should be able to: Explain the basic architecture and integration of RSA Access Manager in an enterprise environment Describe the processes and methodology for performing a successful installation and implementation of the core servers, data adapter, Administrative Console and representative Agents Describe the management functions used for resource and end user administration Using a case study, perform typical administration functions to populate and configure users, administrators and groups in an RSA Access Manager database Explain the configuration parameters that can be used to tailor the RSA Access Manager components to accomplish specific tasks and functions Establish Entitlements and use RSA Access Manager Smart Rules to manage Web access and protect resources in a classroom Web environment Perform system troubleshooting and analysis through the use of audit logs and user reports Explore how runtime and administrative operations can be extended through the use of the API library 11

12 Course Outline RSA Access Manager Overview High level description of RSA Access Manager and its contribution to access management RSA Access Manager Architecture Description and functions of the Primary Servers; Web and Application Server Agents Data Flow for the Runtime and Administrative operations Description of how RSA Access Manager fits into a distributed security model Installation and Configuration Description of RSA Access Manager system requirements and pre-installation readiness tasks Installation procedure, options, and recommended practices Installation of Access Manager Servers, LDAP Data Adapter, Administrative Console, and Web and Application Server Agents Configuration of Web Server for Single Sign- On Managing Resources Discussion of how resources (Web sites, Applications, etc.) are protected using RSA Access Manager focusing on selectivity and granularity in various situations Registration of Web Servers and definition of Applications Discussion of Virtual Web Server Hosts Configuration of Web Server for virtual hosts Delegated Administration Discussion of the administrative structure that is possible in an RSA Access Manager installation Use of Administrative Groups and ownership hierarchy of administrators, users, and objects Examination of Administrative Roles and responsibilities Managing the Organization Policy control for user authentication and passwords Methodology of structuring users, groups, user attributes, and properties Creation of user properties and addition of users to groups Resource Protection and Authentication Discussion of Authentication Methods used to protect resources; Form-based vs. challenge/response authentication; Chaining and combining forms Discussion of how resources are defined to allow granular protection Use of RSA Access Manager Entitlements and Smart Rules to selectively manage access to resources How to manage conflicts among Smart Rules and between Smart Rules and Entitlements Configuration of Access Manager for external authentication and URL retention Troubleshooting Examination of the log files and use of special configuration parameters to control log detail Configuration of servers for centralized logging Configuration of Network Management Discussion of approaches to user and system troubleshooting Development Tools Discussion of the various Runtime, Administrative, and Web Agent Extension API tools that are available Examination and implementation of JAVA coding examples Single Sign-On Discussion of the function and objectives of creating a single sign-on environment Explanation of the differences and challenges of Intra- vs. Inter- site single sign-on Configuration of Access Manager for SSO and ISSO Distributed Authorization Discussion of achieving redundant functionality and failover Explanation of the differences in Standard Mode vs. Distributed Mode failover Test of centralized logging Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 12

13 RSA Aveksa Access Certification Manager Foundations Plus Course Description AT-A-GLANCE The RSA Aveksa Access Certification Manager Foundations Plus course provides instruction on the administrative responsibilities and configuration options associated with the RSA Aveksa platform, including the Access Certification Manager, Access Request Manager and Business Rule Manager modules. Overview All components of the RSA Aveksa Identity and Access Management platform are discussed, including various product modules, with a focus on the Access Certification Manager module. Topics include configuration options, collectors, rules, reviews, reports, dashboards, access requests, and roles. Extensive hands-on labs reinforce the tasks involved in configuring, maintaining, and utilizing the Access Certification Manager, Access Request Manager, and Business Role Manager modules. The subject matter in this course prepares students with the classroom component recommended for the RSA Aveksa Partner certification. Audience Implementers, administrators, and other technical users who need to configure, administer, or support the RSA Aveksa platform. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts Duration 4 days Prerequisite Knowledge/Skills Familiarity with Active Directory, LDAP, and SQL querying. Course Objectives Upon successful completion of this course, participants should be able to: Understand the components included in the RSA Aveksa platform and be comfortable within the Access Certification Manager interface Understand Access Certification Manager system configuration options Perform configurations required to enable RSA Aveksa modules Perform administrative functions, including configuring identity, account, and entitlement collectors, and unify user data Configure and process business rules Configure, run, and perform user access certification reviews Understand and configure workflows Create and run reports Create and manage dashboards Enable and configure the Access Request Manager module Enable and configure the Business Role Manager module 13

14 Course Outline The RSA Aveksa Identity and Access Management Platform RSA Aveksa Platform Overview Data Access Governance Access Certification Manager Architecture Configuration Collection Model Data Model Custom Attributes The ACM Interface ACM Login Screen AveksaAdmin Account The Header Bar The Menu Bar Tabs The Landing Page Working with Tables The Admin Menu Users and Identities Users and Identities Overview Groups Business Unites User Attributes Resources Identity Data Collectors Unification Process Authentication Providers Planning for Collecting Identities Accounts Accounts Overview Account Attributes Account Data Collectors Orphaned Accounts Entitlements Entitlements Overview Application Roles Entitlement Attributes Entitlement Data Collectors Multi-App Entitlement Collectors Business Descriptions Planning for Collecting Entitlements Rules Rules Overview Rule Definitions Rule Workflows Processing Rules Reviews Reviews Overview Review Actors and States Review Definitions Administering Reviews Performing Reviews Refreshing Reviews Workflows Workflows Overview Workflow Components Configuring Workflows Reports Reports Overview Creating Reports Report Queries and Parameters Formatting, Scheduling, and Distribution Settings Dashboards Dashboards Overview Dashboard Components Access Request Manager Access Request Manager Overview Access Requests Access Request Manager Terminology Request Buttons Request Forms User Views Entitlement Views Workflows Business and Holiday Calendars Business Role Manager Business Role Manager Overview Role Sets Roles Role Membership Rules Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 14

15 RSA Aveksa Access Fulfillment Express Course Description AT-A-GLANCE The RSA Aveksa Access Fulfillment Express course provides instruction on the administrative responsibilities and configuration options associated with the RSA Aveksa Access Fulfillment Express module. Overview All components of the RSA Aveksa Access Fulfillment Express module are discussed. Topics include terminology, deployment, and configuration of the module. Extensive hands-on labs reinforce the tasks involved in configuring, maintaining, and utilizing the Access Request Manager module. Audience Implementers, administrators, and other technical users who need to configure, administer, or support the RSA Aveksa Access Fulfillment Express module. Duration.5 days Prerequisite Knowledge/Skills Completion of the RSA Aveksa Access Certification Manager course. Recommended completion of the Access Request Manager course. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts ED AV AFX 110 Public class Course Objectives Upon successful completion of this course, participants should be able to: Understand the functionality and capabilities of the Access Fulfillment Express module Understand how Access Fulfillment Express is deployed Understand how connector templates are deployed Understand Access Fulfillment Express administration commands Understand Access Fulfillment Express terminology Troubleshoot issues with Access Fulfillment Express Review installed connector templates Build, configure, and test connectors Discover connectors Enable connectors Map and configure connector commands Configure a resource to utilize Access Fulfillment Express Process a change request using Access Fulfillment Express Course Outline Access Fulfillment Express Access Fulfillment Express Overview Access Fulfillment Express Terminology Deploying Access Fulfillment Express Configuring Connectors Copyright 2014 EMC Corporation. All rights reserved. EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 02/

16 RSA Aveksa Access Request Manager Course Description AT-A-GLANCE The RSA Aveksa Access Request Manager course provides instruction on the administrative responsibilities and configuration options associated with the RSA Aveksa Access Request Manager module. Overview All components of the RSA Aveksa Access Request Manager module are discussed. Topics include terminology, configuration, and customization options to tailor the module to a customer s needs. Extensive hands-on labs reinforce the tasks involved in configuring, maintaining, and utilizing the Access Request Manager module. The subject matter in this course prepares students with the Access Request Manager classroom component recommended for the RSA Aveksa Partner accreditation. Audience Implementers, administrators, and other technical users who need to configure, administer, or support the RSA Aveksa Access Request Manager module. Duration.5 days Prerequisite Knowledge/Skills Completion of the RSA Aveksa Access Certification Manager course. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts PART NUMBERS: ED AV ARM 110 Public class Course Objectives Upon successful completion of this course, participants should be able to: Enable the Access Request Manager and Password Management modules Understand the functionality and capabilities of the Access Request Manager and Password Management modules Understand Access Request Manager terminology Process an access request from start to finish Create and configure request buttons Create and configure request forms Create and configure user views Create and configure entitlement views Create and configure business and holiday calendars Assign approval and fulfillment workflows Course Outline Access Request Manager Access Request Manager Overview Access Requests Access Request Manager Terminology Request Buttons Request Forms User Views Entitlement Views Workflows Business and Holiday Calendars Copyright 2014 EMC Corporation. All rights reserved. EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 02/

17 RSA Aveksa Business Role Manager Course Description AT-A-GLANCE The RSA Aveksa Business Role Manager course provides instruction on the administrative responsibilities and configuration options associated with the RSA Aveksa Business Role Manager module. Overview All components of the RSA Aveksa Business Role Manager module are discussed. Topics include terminology, configuration, and role mining options to tailor the module to a customer s needs. Extensive hands-on labs reinforce the tasks involved in configuring, maintaining, and utilizing the Business Role Manager module. The subject matter in this course prepares students with the Business Role Manager classroom component recommended for the RSA Aveksa Partner certification. Audience Implementers, administrators, and other technical users who need to configure, administer, or support the RSA Aveksa Business Role Manager module. Duration.5 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts PART NUMBERS: ED AV BRM 110 Public class Prerequisite Knowledge/Skills Completion of the RSA Aveksa Access Certification Manager course. Course Objectives Upon successful completion of this course, participants should be able to: Enable the Roles and Business Role Manager modules Understand the functionality and capabilities of the Roles and Business Role Manager modules Understand Business Role Manager terminology Understand the differences between business, technical, and global roles Understand how role metrics are produced Create and configure role options Create and configure role sets Create or discover roles Configure and manage roles Define role membership rules Analyze roles Allow others to manage roles Course Outline Business Role Manager Business Role Manager Overview Role Sets Roles Role Membership Rules Copyright 2014 EMC Corporation. All rights reserved. EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 02/

18 RSA Adaptive Authentication On-Premise Administration Course Description AT-A-GLANCE This course offers hands-on training on the installation, integration, configuration, and administration of RSA Adaptive Authentication On- Premise. Overview The working principles behind RSA Adaptive Authentication On-Premise architecture, system components, and administrative tasks are discussed. Extensive hands-on labs reinforce the tasks involved in implementing an RSA Adaptive Authentication On-Premise system. Audience System, security, or help desk administrators who need to install, configure and/or maintain an RSA Adaptive Authentication On-Premise system. Duration 3 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED AAOPADMIN110 Public class Prerequisite Knowledge/Skills Familiarity with user and system administration, networking fundamentals, and general information security concepts. Course Objectives Upon successful completion of this course, participants should be able to: Explain the basic architecture and theory of operation of RSA Adaptive Authentication On-Premise Describe how RSA Adaptive Authentication On-Premise determines risk Describe the recommended workflows Perform the installation tasks involved in installing RSA Adaptive Authentication On- Premise Explain the steps required to integrate RSA Adaptive Authentication On-Premise with a web application Use the Back Office Applications to configure, manage, and administer RSA Adaptive Authentication On-Premise Perform the day to day administrative tasks to keep the RSA Adaptive Authentication On-Premise functioning properly ED AAOPADMIN210 Onsite class ED AACREDIT Training credits 18

19 Course Outline RSA Adaptive Authentication On-Premise Overview Relevant terminology Features and benefits of RSA Adaptive Authentication On-Premise Risk-Based authentication Device profiling Behavioral profiling What is multi-factor authentication? How RSA Adaptive Authentication On-Premise provides for multi-factor? RSA Adaptive Authentication On-Premise Architecture System components overview Network Integration RSA efraudnetwork RSA Risk Engine Policy Management Back Office Applications RSA Central GeoIP Service Scheduler Adaptive Authentication utilities RSA Adaptive Authentication On-Premise Risk Score Calculation How Adaptive Authentication determines risk Risk score calculation stages RSA Adaptive Authentication On-Premise Workflows and Processes Terminology used in workflows RSA Adaptive Authentication On-Premise workflows RSA Adaptive Authentication Configuration The configuration framework Creating default configuration files Customizing configuration files RSA Adaptive Authentication On-Premise Integration Introduction to the Web services API and methods Collecting device information Message format and recommended data elements RSA Adaptive Authentication Back Office Applications Overview of the Back Office Applications Access Management Policy Management Case Management Customer Service Application Report Viewer Operations Administration Console GeoIP Update Schedule tasks Update the efraudnetwork agent Log files RSA Central RSA Adaptive Authentication On-Premise Installation Pre-installation overview Installing RSA Adaptive Authentication On- Premise Post-installation tasks Setting up maintenance and development utilities Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 19

20 RSA Adaptive Authentication for ecommerce Back Office Tools Course Description AT-A-GLANCE This course offers training on the RSA Adaptive Authentication for ecommerce Back Office Tools. Overview The working principles behind RSA Adaptive Authentication technology, architecture, and system components are discussed. Video demonstrations reinforce the tasks involved in using the RSA Adaptive Authentication Back Office Tools. Audience Team Leaders/Fraud Strategists responsible for fraud prevention planning. Customer Service Representatives who provide support for card holders requiring online transaction assistance, and Fraud Investigators/Analysts. Duration Approximately 2 hours The modules and content presented depends on the student s job role. The job role is selected from a menu presented at the beginning of the training. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED AAECOM410 elearning Prerequisite Knowledge/Skills Familiarity with general information security concepts. Course Objectives Upon successful completion of this course, participants should be able to: Define RSA Adaptive Authentication for ecommerce Explain the basic system architecture and components of RSA Adaptive Authentication for ecommerce Provide an overview of the RSA Adaptive Authentication for ecommerce Back Office Tools Use the Back Office Tools including: Back Office Administration Customer Service Case Management Policy Manager Management Information Reports Generate Web Reports Describe Raw Data Reports ED AACREDIT Training credits 20

21 Course Outline RSA Adaptive Authentication for ecommerce Overview History and evolution of Adaptive Authentication for ecommerce Components and processes that make up 3DSecure Transaction Monitoring The RSA Risk Engine and efraudnetwork Describe low, high, and very high risk transaction workflows Back Office Tools Overview Overview of the Back Office tools Back Office Administration Customer Service Case Management Policy Manager Management Information Reports Back Office Administration Describe the hierarchical structure of users Roles and access Manage groups Manage CSRs Case Management Application Describe a case List case management best practices Explain the importance of feedback and working cases Describe repudiation files View and update cases Policy Manager Application View and update rule definitions Add rules Activate a new test rule Edit and delete rules Reporting Describe the different types of reports available Generate web reports Describe Raw Data Reports Describe MIS reports Customer Service Application Validate a cardholder s identity Manage cardholders View activity and transaction logs Use the Personal Account Manager Work with alerts Copyright 2012 EMC Corporation. All rights reserved. 06/2012 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 21

22 RSA Cryptographic and Digital Certificate Concepts Video-ILT Course Description AT-A-GLANCE This course provides an overview of the key concepts of cryptographic applications and digital certificates and how this technology enables e-commerce and enhances security. Overview This course is a prerequisite to the RSA Digital Certificate Solutions course and is helpful for students in other RSA courses involving a base understanding of cryptographic principles. This course is delivered in a self-paced video format with printable Student Guide files that can be used for further study. Audience IT professionals who need to understand the fundamentals of cryptographic functions and digital certificates so they can successfully implement PKI in their organizations. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Duration Approximately 8 hours Prerequisite Knowledge/Skills None Course Objectives Upon successful completion of this course, participants should be able to: Understand cryptographic fundamentals and related applications Understand the role that cryptography plays in e-commerce and enterprise security Understand how a Public Key Infrastructure (PKI) is employed in RSA products Understand Digital Certificate standards and practices Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED PKIFND VILT Video ILT 22

23 Course Outline Cryptographic Basics Terminology Cryptosystems (symmetric, message digest, hybrid systems) Cryptographic Algorithms Public Key Infrastructure Standards PKCS PKIX X.509 Practical Applications of Cryptography and Digital Certificates Certification Authorities (CAs) Trust relationships among CAs Types of CAs CA Structures Legal Issues Relating to Digital Certificates Certificate practices statement Digital signature legislation Subscriber agreements PKI Implementation Methodology for planning and implementing a PKI Copyright 2012 EMC Corporation. All rights reserved. 06/2012 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 23

24 RSA Digital Certificate Management Solution Installation and Administration Video-ILT Course Description AT-A-GLANCE This course provides participants with the knowledge required to plan, install, configure, manage, and maintain the RSA Digital Certificate Solution product which includes the Certificate Manager, Registration Manager, OneStep, Key Recovery Manager and RCM-API components. Overview Participants learn about the functions and capabilities of the RSA Digital Certificate Solution product suite, plan and deploy components according to a case study, and learn the various aspects of managing the Certificate Authority and maintaining certificates. This course is delivered in a self-paced video format with lectures, demonstrations of various operations and includes printable Student Guide and Lab Exercise files that can be used for further study or hands-on work in the student s own environment. Audience Security Professionals who require an in-depth knowledge of installing and/or administering the RSA Digital Certificate Management Solution product. Duration Approx. 16 hours REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED CPKINS VILT Video ILT Prerequisite Knowledge/Skills RSA Cryptography and Digital Certificate Concepts course or equivalent PKI background; Familiarity with web browser applications; Networking and Operating System fundamentals including Mail Server administration functions, DNS, TCP/IP, SSL and LDAP. Course Objectives Upon successful completion of this course, participants should be able to: Identify the components of a PKI (Public Key Infrastructure) Describe the RSA Digital Certificate Solution product suite and its applications, functions, administrator types, and roles Install and Configure Certificate Manager, Registration Manager and OneStep components Manage certificate and CA status Generate Certificate Revocation Lists (CRLs); configure certificate and CRL publishing Manage certificate profiles, renew certificates, and manage server certificates Identify solutions to common issues with RSA Digital Certificate Management Solution product Configure logging information Back up and restore the RSA Certificate Authority database Describe how to install RSA Key Recovery Manager and describe Key Recovery Operator tasks 24

25 Course Outline Overview Overview of the RSA Digital Certificate Solution product suite its components and architecture Overview of the RSA Digital Certificate Solution administration interface Planning and Installing RSA Certificate Manager Planning your certificate needs and product deployment Certificate Manager hardware and software requirements Installing Certificate Manager Configuring RSA Certificate Manager Creating the CA structure Configuring High Availability Installing RSA Registration Manager and RSA OneStep Registration Manager overview Registration Manager hardware and software requirements Installing Registration Manager Installing OneStep Enrolling for certificates using OneStep Vetting Certificates Creating trust relationships Obtaining a Vettor certificate Editing certificate roles and vettor rights Enrolling for end-user certificates Vetting end-user certificate requests Maintaining Certificates Viewing certificates Creating reports based on search criteria Modifying and creating certificate profiles Configuring certificate expiry Creating a certificate renewal policy Renewing certificates Reissuing an internal server certificate Troubleshooting Identifying common issues, causes and solutions Monitoring the system using log files, events and tracing Backing up and restoring the Certificate Authority database Installing and Managing RSA Key Recovery Manager Key Recovery Manager overview Planning considerations for Key Recovery Manager Installing Key Recovery Manager Enabling a Jurisdiction for Key Recovery Obtaining end-user single-use certificates Renewing certificates Obtaining a KRO certificate Recovering encryption keys and certificates Managing Status Changing certificate status Changing CA status Generating Certificate Revocation Lists (CRLs) Generating Authority Revocation Lists (ARLs) Configuring CRLs Configuring a jurisdiction for external publishing Configuring a CA for local publishing Configuring CRL distribution points Copyright 2012 EMC Corporation. All rights reserved. 06/2012 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 25

26 RSA Authentication Manager Administration Course Description AT-A-GLANCE This course provides an overview of the administrative responsibilities associated with an RSA SecurID system. Overview The working principles behind RSA Authentication Manager and RSA SecurID authenticators are discussed, including product architecture, time synchronization, managing external Identity Sources and exploring all aspects of an administrative structure. Extensive hands-on labs reinforce the administrative tasks involved in managing a user population and token assignment. The subject matter in this course prepares students with the classroom component recommended for the RSA Authentication Manager Certified Administrator certification. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED AMADM110 Public class ED AMADM210 Onsite class Audience System, security, or help desk administrators who need to administer and support RSA SecurID products. Duration 2 days Prerequisite Knowledge/Skills Familiarity with Microsoft Windows or UNIX/Linux system administration. Course Objectives Upon successful completion of this course, participants should be able to: Understand the basic architecture and theory of operation of the RSA SecurID product suite Perform configurations required for RSA Authentication Manager system operations Perform user administration functions to populate and manage users Perform reporting and user troubleshooting Understand ongoing maintenance requirements Understand the setup and use of software authenticators Understand the configuration and use of self-service functionality ED SIDTRAIN CREDIT Training credits 26

27 Course Outline Product and Technology Overview High level description of RSA Authentication Manager and its contribution to user authentication Authentication as a foundation of security, trust and confidence in digital identities RSA Authentication Manager system components and communication RSA SecurID Authentication RSA SecurID authentication options Concepts of strong user authentication Token technology time synchronization, authenticator types Risk-Based Authentication Configuration and management of Riskbased authentication Device fingerprinting and behavior data collection and analysis Selecting assurance levels Deployment and Administrative Structure Deployment planning and establishing an administrative structure System Administration Establishing and maintaining organizational and administrative structures: - LDAP Identity Sources - Security Domains - User and User Group structures - Administrative roles and delegation - Authentication Agents Authenticator Management Managing RSA SecurID hardware tokens Software token deployment and installation Managing Risk-Based Authentication Managing On-Demand Authentication Auditing, Reports and Troubleshooting RSA Authentication Manager report functions Report customization Troubleshooting procedures Self-Service Management and Support Configurations for user self-service functions User account and authenticator management and provisioning Policy Management Defining and applying policies to the system and Security Domains - Password and Token policies - Lockout and self-service policies - Risk-based and Offline authentication policies Copyright 2012 EMC Corporation. All rights reserved. 06/2012 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 27

28 RSA Authentication Manager Installation and Configuration Course Description AT-A-GLANCE This course offers hands-on training on the installation and configuration of RSA Authentication Manager, Authentication Agents, Web Tier, and other RSA SecurID system components.. Overview This course assumes that the student has attended the RSA Authentication Manager Administration course or has equivalent operation and administrative experience with RSA Authentication Manager administrative tasks are not covered as part of this course. Audience Technical personnel who install, service and support RSA Authentication Manager and RSA SecurID deployments. Duration 2 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED AMINS110 Public class Prerequisite Knowledge/Skills Microsoft Windows or UNIX/Linux system administration; attendance in RSA Authentication Manager Administration course, or equivalent v7.1 or v8 administration experience; Familiarity with virtual machine deployment on VMware. Course Objectives Upon successful completion of this course, participants should be able to: Plan and perform the pre-installation, installation, and configuration tasks to accomplish an RSA Authentication Manager virtual appliance installation in a VMware environment Configure RSA Authentication Manager system parameters Configure and connect to external LDAP Identity Sources Create redundant/failover RSA Authentication Manager replica servers and understand the role and management of replica server instances Install and configure RSA Authentication Agents for local workstation and web access protection Perform an RSA Authentication Manager Web Tier installation to support user self-service and risk-based authentication ED AMINS210 Onsite class ED SIDTRAIN CREDIT Training credits 28

29 Course Outline RSA Authentication Manager System Architecture Primary and Replica instances Authentication Agents and communication paths Identity Sources Firewall configurations Web Tier component RADIUS communication Deployment Scenarios and Planning Deployment and Installation planning Using the right Authentication Agent Planning administrative support Using CT-KIP for software token deployment RSA Authentication Manager Deployment Pre-Installation requirements and considerations Supported VMware environments and features V8.1 Hardware Appliance deployment Deployment process and steps Post-deployment tasks System Configurations Settings and configurations - System-wide configurations - Instance settings - Console and dashboard personalization Authentication Agent Configurations Functions and features of representative Authentication Agent installations for Microsoft Windows and Linux operating systems Configuring Agent software for local, network and web access protection Handling node secret and sdconf.rec files Replica Instances Strategies for dealing with primary instance failures and replica promotion Creating replica packages Establishing preferred and failover servers in Agent hosts Web Tier Installation Requirements and installation process for the Web Tier component Customizing the end user interface System Utilities Using the Command-line Utility package Installing and configuring the Windows MMC snap-in Managing Realm trusts Credential Manager Configuration Setting up the Credential Manager for provisioning RADIUS Server Configuration RADIUS functions and capabilities Primary and Replica RADIUS servers Managing RADIUS users RSA Authentication Manager Migration Overview Optional overview of the migration process from version 6.1 to version 8 and/or version 7.1 to version 8 This module is delivered if students are planning to perform a migration in their production system and are interested in the general planning and steps involved in a migration Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 29

30 RSA SecurID Help Desk Basics Course Description AT-A-GLANCE This course provides the fundamental information about an RSA SecurID system deployment to assist Help Desk representatives respond to end users. Overview An overview of RSA Authentication Manager and RSA SecurID authenticators and authentication methods are presented, as well as how functions and controls are accessed in the administrative interface. Instructor demonstrations of important operations relating to typical end user cases reinforce the steps that Help Desk representatives can take for troubleshooting and assisting their user population. This course is useful for new representatives supporting RSA SecurID users as well as a refresher course for representatives who infrequently work with RSA SecurID support issues. Audience Help Desk representatives who need to assist and support RSA SecurID users REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Duration 1 day Prerequisite Knowledge/Skills General familiarity with system administration functions Course Objectives Upon successful completion of this course, participants should be able to: Understand the high-level architecture and theory of operation of the RSA SecurID product suite Identify common authentication problem areas Perform common user assistance tasks Understand the use of the user Self-service capabilities 174 Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED AMHELPDESK110 Public class ED SIDTRAIN CREDIT Training credits 30

31 Course Outline The following modules are designed to support the course objectives: RSA SecurID System Overview High level description of RSA SecurID and RSA Authentication Manager system components RSA authentication methods: o Hardware and Software authenticators o On-Demand Authentication o Risk-Based Authentication Authentication process and data flow Monitors and Reports Using the Authentication Monitor Generating reports to track and user activity User Troubleshooting Troubleshooting procedures Security considerations Self-service Console User self-service functions Self-Service provisioning flow Troubleshooting user self-service problems Authentication Problem Areas Identifying and isolating user problems Common user errors Differentiating User vs Agent vs Server problems System Configurations Organizational structures users, groups, Security Domains and Identity Sources Authentication options and policies Authenticator Operations Hardware tokens Software tokens On-demand codes Emergency and temporary codes Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 31

32 RSA Authentication Manager 6.1 to 8.x Migration Course Descriptions AT-A-GLANCE This elearning course guides the participant through the steps to accomplish a standard migration from RSA Authentication Manager version 6.1 to version 8.x. Overview Product functionality that is pertinent to the migration of v6.1 is discussed as well as the process and considerations for migrating to a v8.x environment. Note that this course discusses migration of out-of-box deployments and does not address migration of customized APIs running under v6.1. Audience Technologists who are responsible for an RSA SecurID system and intend on migrating from RSA Authentication Manager v6.1 to v8. Prerequisite Knowledge/Skills Familiarity with RSA SecurID technology and RSA Authentication Manager v6.1. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts RSA Authentication Manager 6.1 to 8.0 Data Migration This course describes the features and functions that are new to RSA Authentication Manager v8.x as well as how database objects and structures map from v6.1 to v8.x. It details several deployment and migration scenarios and the steps required to migrate v6.1 data to a v8.x installation. Duration Approximately 1 hour Migrating RSA Authentication Manager v6.1 to a v8.1 Hardware Appliance This course augments the data migration course (described above) and focuses on the process and considerations for migrating to a version 8.1 hardware appliance from v6.1. Duration Approximately 15 minutes This elearning course is available to customers at no charge. If you are accessing RSA elearning for the first time, please visit to establish an account. If you already have an account through EMC Powerlink, go directly to to access this course. 32

33 RSA Authentication Manager 6.1 to 8.0 Data Migration Migrating RSA Authentication Manager v6.1 to a v8.1 Hardware Appliance Course Objectives Upon successful completion of this course, participants should be able to: Provide an overview of the fundamental differences between RSA Authentication Manager v6.1 and v8.x features and functions Describe the specific database objects that are migrated between product versions and how they are handled by the migration Describe the pre-migration steps to prepare a v6.1 database for migration Describe the post-migration structures that can be created in v8.x to contain and manage migrated objects Course Outline Comparison of v6.1/v8.x Architecture and Administrative Structures Describes the general architecture and compares differences/parallels between product versions Describes the major areas of importance in the v8.x data structures and how they map to a v6.1 environment Describes terminology used in v8.x Overview of the Migration Process High-level description of the methodology for approaching a migration Describes in detail how database objects are mapped from version to version Course Objectives Upon successful completion of this course, participants should be able to: Understand a deployment architecture that includes one or more v8.1 hardware appliances as primary and/or Replica instances Describe the migration process of migrating from a v6.1 software or hardware appliance platform to a v8.1 hardware appliance Course Outline Overview of v8.1 Architecture Describes the architecture and deployments options that include a v8.1 hardware appliance Overview of the Migration Process Describes migration tasks involved with migrating to a hardware appliance that are over and above the tasks involved with data migration alone Using the v6.1 Migration Assessment Tool Migration Steps Describes the initial connections and setup of a v8.1 hardware appliance Describes the steps involved with migration from exporting v6.1 data to importing it into a v8.1 hardware appliance. Pre-Migration Preparation Describes the considerations and best practices involved in preparing a v6.1 environment for migration database cleaning, creating/dismantling structures, etc. and preparing a v8.x environment to receive migrated information what decisions and elements should be made before migration Post-Migration Considerations Description of tasks that can be performed after the completion of the migration process Migration of an RSA SecurID Appliance Describes the general process for migrating data from a v6.1 RSA SecurID Appliance to a v8 environment Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 33

34 RSA Authentication Manager 7.1 to 8.x Migration Course Descriptions AT-A-GLANCE This elearning course guides the participant through the steps to accomplish a standard migration from RSA Authentication Manager version 7.1 to version 8.x. Overview Product functionality that is pertinent to the migration is discussed as well as virtual and hardware appliance deployment, Web Tier, and Risk-Based Authentication options that are new in v8.x. Note that these courses discuss migration of out-of-box deployments and do not address migration of customized environments or APIs running under v7.1. Audience Technologists who are responsible for an RSA SecurID system and intend on migrating from RSA Authentication Manager v7.1 to v8. Prerequisite Knowledge/Skills Familiarity with RSA SecurID technology and RSA Authentication Manager v7.1. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts RSA Authentication Manager 7.1 to 8.0 Data Migration This course describes the features and functions that are new to RSA Authentication Manager v8.x. It details several deployment and migration scenarios and the steps required to migrate v7.1 data to a v8.x installation. Duration Approximately 1 hour Migrating RSA Authentication Manager v7.1 to a v8.1 Hardware Appliance This course augments the data migration course (described above) and focuses on the process and considerations for migrating to a version 8.1 hardware appliance from v7.1. The information in this course is appropriate for v7.1 deployments that currently use hardware appliances as well as for migrations to v8.1 that will begin using a hardware appliance for the first time. Duration Approximately 15 minutes This elearning course is available to customers at no charge. If you are accessing RSA elearning for the first time, please visit to establish an account. If you already have an account through EMC Powerlink, go directly to to access this course. 34

35 RSA Authentication Manager 7.1 to 8.0 Data Migration Migrating RSA Authentication Manager v7.1 to a v8.1 Hardware Appliance Course Objectives Upon successful completion of this course, participants should be able to: Provide an overview of the fundamental differences between RSA Authentication Manager v7.1 and v8 features and functions Describe the migration process Describe the pre-migration steps to prepare for v7.1 data export Describe the post-migration tasks in a v8 environment Course Objectives Upon successful completion of this course, participants should be able to: Understand a deployment architecture that includes one or more hardware appliances as primary and/or Replica instances Describe the migration process of migrating from a software or hardware appliance platform to a v8.1 hardware appliance Understand how to upgrade an existing supported hardware appliance to be v8.x-capable Course Outline Comparison of v7.1/v8 Architecture Describes the general architecture and system components that are similar to v7.1 and those that are new to v8 Overview of the Migration Process High-level description of the options and methodology involved with migration Discusses approaches to minimize downtime during migration Migration Steps Discusses pre-migration preparations Describes the v8 deployment Describes installation of the RSA Authentication Manager Migration Export Utility Describes Basic and Advanced migration options Considerations for RADIUS migration Course Outline Overview of v8.1 Architecture Describes the architecture and deployments options that include a v8.1 hardware appliance Overview of the Migration Process Describes migration tasks involved with migrating to a hardware appliance that are over and above the tasks involved with data migration alone Upgrading and Re-imaging an RSA SecurID Appliance Describes the process to upgrade supported RSA SecurID Appliance 3.0 equipment to enable it to host a v8.x instance Migration Steps Describes the steps involved with migration from exporting v7.1 data to importing it into a v8.1 hardware appliance. Post-Migration Tasks Describes tasks to be performed after the completion of the migration process Discusses rolling back a migration Migration Assistance Describes troubleshooting information and how to obtain further assistance from RSA resources Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 35

36 Getting Started with Enterprise Risk Management Course Description AT-A-GLANCE This course provides an overview of the concepts, processes, and procedures necessary to successfully begin implementation of an Enterprise Risk Management (ERM) system. Overview Students will gain knowledge of the key RSA Archer ERM components through presentations and hands-on exercises. Audience Risk management team members who will be using the RSA Archer Risk Management solution to define, support, and maintain a risk management initiative. This may include managers, team leads, and anyone involved in scoping a risk project. Duration 2 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Prerequisite Knowledge/Skills Familiarity with RSA Archer egrc framework and a general familiarity with organizational Risk concepts. Course Objectives Upon successful completion of this course, participants should be able to: Explain basic Risk Management terminology and methodologies Illustrate the structure of the RSA Archer Risk Management Solution Define business requirements related to Risk Management Begin the implementation process of an Enterprise Risk Management program Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ARCERM110 Public class ED ARCERM210 Onsite class ED ARCTRAIN CREDIT Training credits 36

37 Course Outline Introduction to Risk Management What is Risk? General Enterprise Risk Management Approach Overview Types of Risk Digging Deeper Common Frameworks Overview Developing a Common Risk Taxonomy Elements of Risk Management Phases of Growth: Risk Identification Assessment Decision Treatment Monitoring RSA Archer Risk Management Solution RSA Archer ERM Structure Components ERM Processes and Key Integrations with Other Solutions How RSA Archer Maps to Common Risk Frameworks Top-Down Risk Assessment Discussion: Common Issues for Specific Industries/Business Types Exercise: Risk Identification Exercise: Risk Assessment Exercise: Risk Decision Exercise: Risk Treatment Exercise: Metrics Monitoring Exercise: Loss Monitoring Exercise: Overall Monitoring Bottom-Up Risk Assessment Exercise: Create a new Risk Project Exercise: Complete Risk Assessments Exercise: Create reports based on new data Exercise: Bring in sample model data via Data Import Exercise: Create dashboard that incorporates model data s impact on business Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 37

38 Getting Started with Policy and Compliance Management Course Description AT-A-GLANCE This course provides an overview of the concepts, processes, and procedures necessary to successfully begin implementation of a Policy and Compliance Management system. Overview Students will gain knowledge of the key RSA Archer Policy and Compliance Management components through presentations and hands-on exercises. Audience Policy and Compliance management team members who will be using the RSA Archer Policy and Compliance Management solution to define, implement, and maintain a policy and compliance management initiative. This may include managers, team leads, and anyone involved in consolidating policies and ensuring compliance with authoritative sources. Duration 2 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Prerequisite Knowledge/Skills Familiarity with the RSA Archer egrc framework and a general familiarity with policy and compliance concepts. Course Objectives Upon successful completion of this course, participants should be able to: Explain basic Policy and Compliance Management issues and processes Illustrate the structure of the RSA Archer Policy and Compliance Management Solution Begin the implementation process of a Policy and Compliance Management program Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ARCPCM110 Public class ED ARCPCM210 Onsite class ED ARCTRAIN CREDIT Training credits 38

39 Course Outline Introduction to Policy and Compliance Management Top Policy and Compliance Management Issues Policy and Compliance Processes in a Nutshell Policy and Compliance Key Components RSA Archer Policy Management Solution RSA Archer Interface RSA Archer Policy Structure Components Phased Implementation Approach Post-Implementation Processes Policy Management Exercises Exercise: Analyze Existing Policy Exercise: Define Scope Extraction & Mapping Exercise: Policy Extraction Exercise: Control Standard Extraction & Mapping Exercise: Format/Import Content Exercise: Perform a Gap Analysis Exercise: Import Provided Content Exercise: Approve a Policy Change Exercise: Policy Awareness Campaign RSA Archer Compliance Management Solution Sarbanes-Oxley Act Concerns RSA Archer Compliance Structure Components How Compliance is Rated Exception Requests Workflow Compliance Management Exercises Exercise: Review Control Procedure Mapping Exercise: Assess a Process Control Exercise: Assess a Technical Control Exercise: Address Findings Remediation Plan Exercise: Address Findings Exception Request Compliance Strategies Control-Based Compliance Asset-Based Compliance Compliance Testing Cycle Round Table Discussion Additional Resources Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 39

40 RSA Archer Administration Course Description AT-A-GLANCE This course provides an overview to the concepts, processes, and procedures necessary to successfully design and administer the RSA Archer platform. Overview Students will gain knowledge of the key RSA Archer platform components such as applications, security management, and communication tools through presentations and hands-on exercises. After taking this course, students will be able to plan, configure, and manage the RSA Archer environment. The subject matter in this course prepares students with the classroom component recommended for the RSA Archer Certified Administrator certifications. Audience Archer administrators who are responsible for building and managing the RSA Archer egrc product. Duration 4 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ARCADMIN110 Public class ED ARCADMIN210 Onsite class ED ARCTRAIN CREDIT Training credits Prerequisite Knowledge/Skills Recommended viewing: Introduction to GRC Navigating Archer Getting Started with RSA Archer Course Objectives Upon successful completion of this course, participants should be able to: Describe the components of the RSA Archer Enterprise Management Solution Navigate within the RSA Archer system Configure the look and feel of the RSA Archer Platform interface Centralize and organize data Import data Alert users to data changes Optimize the user experience Manage user access Automate work streams Complete a questionnaire Describe integration options Search and report on data Communicate information to key stakeholders Migrate changes between environments 40

41 Course Outline Introduction to RSA Archer RSA Archer egrc Suite Solution components Introduction to the case study General Navigation Interface components Managing content records Configure the Appearance Managing Themes Managing the Appearance Centralize and Organize Data Data structure Application Builder overview Inside Manage Applications General Application Properties Field Management Page Layout Navigation Menu Import Data Using the Data Import Manager Alert Users to Data Changes Creating Letterheads Managing Subscription Notifications Troubleshooting Tips Optimize the User Experience Data-Driven Events Calculated Fields Troubleshooting Tips Manage User Access Access Control Basics User Accounts Access Roles Groups Record Permissions Private Fields Troubleshooting Tips Automate Work Streams Configure a two-stage workflow Task Management Enabling Task Management Questionnaires Question Library Overview Questionnaire Creation Process Completing a Questionnaire Integration Options Data Feed Manager API Resources Search and Report on Data Quick Search Advanced Search Statistics Search and Chart Options Reporting Communicate Information to Stakeholders iviews Dashboards Workspaces Additional Configuration Options Packaging for Production Creating Packages Installing Packages Advanced Package Mapper Design Best Practices Field Design Tips Application Layout Tips Data-Driven Event Tips Vendor Management Case Study Hands-on exercise in which participants are challenged to build a best-in-class vendor data application with minimal assistance Course Summary Customer Support Options Certification Exam Information Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 41

42 RSA Archer Advanced Administration Course Description AT-A-GLANCE This course provides handson training on the administration, configuration and bestpractice deployment of the RSA Archer Platform. Overview Throughout the course, students will be presented with a diverse collection of realworld governance, risk, and compliance problems and be shown and guided through the recommended steps involved in solving these pain points by using the features available in the RSA Archer egrc Suite. Extensive hands-on labs reinforce the tasks involved in designing and automating GRC processes and extending the value of the RSA Archer egrc Suite throughout the organization. After completing this class, students will be prepared to use the RSA Archer egrc Suite to solve an extensive array of GRC problems and meet the business requirements of various enterprise stakeholders. Audience Governance, risk, and/or compliance professionals, business owners, or IT personnel who need to automate and streamline existing processes, integrate the RSA Archer platform with third-party systems, or deliver assessments across the enterprise. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ARCADVADM110 Public class ED ARCADVADM210 Onsite class ED ARCTRAIN CREDIT Training credits Duration 4 days Prerequisite Knowledge/Skills Previous experience creating applications within the RSA Archer product or successful participation in the standard RSA Archer Administration course. Course Objectives Upon successful completion of this course, participants should be able to: Create a custom, multi-stage workflow process that automates a manual process Import existing information from a legacy system into RSA Archer applications and questionnaires Integrate the RSA Archer product with third-party systems and data sources to consolidate enterprise information Design best-practice assessment campaigns to measure compliance across the organization Construct complex search criteria to locate key information and identify data trends Visually showcase compliance with industry regulations through reports and dashboards Alert organization stakeholders through scheduled report distributions Export RSA Archer data into pre-formatted, professional-looking report templates 42

43 Course Outline Streamlining GRC Processes Day One Replicating a multi-stage workflow to transfer a manual, paper-based process to an automated, online tool Constructing a scalable access control framework for enabling end users to participate in GRC processes Automating and manipulating data through calculations to support enhanced data analytics and reduce data entry time Integrating External Data Day Two Transferring leveled, document-centric policies into a data-centric format in the RSA Archer Platform Using a data feed targeting database sources to quickly transfer legacy data to a centralized system Creating a data feed to access an RSS source and retrieve the information into an RSA Archer application Transferring data between RSA Archer applications to support data trending and reduce manual effort Demonstrating Compliance Day Three Importing compliance questions into RSA Archer s global question library Creating an assessment campaign to demonstrate compliance with internal and external regulations Managing question scoring and findings generation to better understand the risk impact to the organization Referencing existing assessment responses in future assessments Communicating GRC Data Day Four, Part I Generating real-time reports across distant data relationships to provide greater insights into GRC processes Designing a user-friendly dashboard and interface to clearly communicate the posture of various business units Delivering snapshot reports on a set schedule to inform key stakeholders of the current status Exporting RSA Archer data to and Word templates to generate professional-looking, document-based reports for senior management Publishing RSA Archer data to external databases Maintaining the System Day Four, Part II Discussing resources for the most current installation and sizing recommendations Configuring instance settings via the Archer Control Panel Accessing and reading log files Troubleshooting common RSA Archer issues to ensure effective system operations Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 43

44 RSA Archer Custom End-User Training Service Solution Description AT-A-GLANCE It was an absolutely fantastic course due to the instructor s energy, enthusiasm, and excitement about the product and interest in our success. The coaching and support throughout the process had a huge impact on our team. VP Educational Services Major Financial Institution REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Executive Overview RSA Archer brings value to corporations by driving sustainability, consistency, efficiency, accountability and transparency into GRC processes during turbulent economic times. But no matter how good a solution is, your organization will never be able to optimize ROI without users understanding its concepts and capabilities, and how to implement best practices and procedures. RSA Education Services offers the RSA Archer Custom End-User Training Service to help ensure your organization s success in achieving: Compliance Trained End Users provide better assurance that business policies and processes are in compliance. Managing IT Risks Trained End Users minimize risk to business operations. Threat Readiness and Response Trained End Users are better equipped to prioritize and respond to threats. An RSA Education Services Consultant will work with you and/or Professional Services as configuration of your RSA Archer system approaches completion. A needs analysis will be performed to define the training s scope and deliverables to meet your requirements. Concepts and Principles Tailored to your Archer use case and unique requirements, training objectives may include but are not limited to the following: Log in to the system Navigate the system Work with records Perform a search Complete other processes as defined per project Fax: Middlesex Turnpike Bedford, Massachusetts

45 Deliverables Based on a single use case, this education service provides: A scripted PowerPoint slide deck that includes content customized to your environment: o o o Content branded with the organization s logo and standard.ppt template Unlimited use by the organization for its end users Access to an editable version of the content One of three delivery options: o Live, Virtual TTT- One half-day of instructor-led Train-the-Trainer delivered virtually to your training team. Participants can interact via a web session with instructors. Also includes: 10 days of custom development. Part Number: ED ARC EUTTT 110 o E-Learning Self-paced, SCORM-compliant e- learning module (with audio) that provides unlimited distribution through your own training site and the convenience of learning at your own pace. Also includes: 15 days custom development. Part Number: ED ARC EUELN 110 o Instructor-Led 3 days of instructor led training delivered onsite at your location. Also includes: 10 days of customer development. Part Number: ED ARC EUILT 110 ABOUT RSA RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading egrc capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit and or RSA Global Services Sales. Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 45

46 RSA Data Loss Prevention Administration Course Description AT-A-GLANCE This course provides comprehensive instruction in the administration and configuration of the RSA Data Loss Prevention (DLP) Suite. Overview Theory and product basics such as the RSA DLP Suite architecture, integration of RSA DLP components, and the importance of various configuration parameters are discussed. Students participate in hands-on exercises that build on the basic concepts and allow practical experience in building an RSA DLP system. Audience System, security, or help desk personnel who need to install, deploy and/or maintain an RSA Data Loss Prevention system. Duration 4 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED DLPADM110 Public class ED DLPADM210 Onsite class ED DLPADM VILT Video ILT Prerequisite Knowledge/Skills Familiarity with user and system administration, networking fundamentals, and general information security concepts. Familiarity with Web, Application and directory server (LDAP) and/or Relational Database (RDBMS) technologies as well as basic programming and scripting concepts is also beneficial. Course Objectives Upon successful completion of this course, participants should be able to: List the features and benefits of the RSA Data Loss Prevention Suite of products including DLP Network, DLP Datacenter, and DLP Endpoint Administer the RSA Data Loss Prevention Enterprise Manager Create and manage RSA Data Loss Prevention policies Create and manage RSA Data Loss Prevention content blades Deploy RSA Data Loss Prevention agents and grid scan groups Review what remediation actions are available and what the benefit of each is Generate RSA Data Loss Prevention incident and event reports Perform basic operational tasks including upgrading software, importing and exporting configuration files, reviewing high availability and load balancing, applying patches, and viewing alerts ED DLPTRAIN CREDIT Training credits 46

47 Course Outline Introduction to Data Loss Prevention List the key features of the RSA DLP Suite Identify the key components of the RSA DLP Suite Describe the role of RSA DLP Enterprise Manager Explain the differences between RSA DLP Network, Datacenter, and Endpoint Define how policy violations are handled by RSA DLP Endpoint Enforce Enterprise Manager Administration Login to the Enterprise Manager for the first time List the key features of Enterprise Manager Access and license the Enterprise Manager List new dashboard features Review the Enterprise Manager tabs Enter LDAP configuration settings Perform user and group administration Configure an server and notifications Delete incidents and events Display device status Network Appliance Configuration Identify the main components of RSA DLP Network Re-install an RSA DLP Network appliance Login to an RSA DLP Network appliance Perform an initial configuration of an appliance Perform basic configuration for a RSA DLP Network Interceptor Describe the Self Release feature Evaluate sensor capacity needs Diagram the ICAP server event flow Perform a basic configuration of an ICAP server Introduction to Policies Explain the function of the RSA DLP Content Classification and Analysis system Describe the use and purpose of policies in the DLP Suite Explain how content blades are used in policies to detect sensitive information Create policies using a supplied template Configure DLP Network policies in a virtual network environment DLP Datacenter List key features and components of DLP Datacenter Install the Enterprise Coordinator Configure the Enterprise Coordinator Describe the scan types available in DLP Datacenter Install and configure a site coordinator Create a grid scan group View scan status and history Creating Content Blades Compare fingerprinting and describing content List the detection accuracy methods available Discuss the importance of weight, score and count Discuss the importance of accuracy and precision Explain how a risk score determines severity Manage and create content blades Working with Fingerprinted Content Describe fingerprinting and hashes Define fingerprinting terminology Configure a file crawler Configure a database crawler Agent and Repository Scans Analyze agent scan status Configure an agent scan group Schedule an agent scan Analyze agent scan history Configure a repository database scan DLP Endpoint Explain how DLP Endpoint Enforce works List the components that comprise DLP Endpoint Configure policy settings relevant to DLP Endpoint Install DLP Endpoint Enforce agents Create a DLP Endpoint Enforce group Manually deploy a DLP Endpoint Enforce agent Workflow and Remediation Describe incident and event workflow within RSA DLP Compare DLP remediation actions Describe how manual remediation functions View policy, incident, and transmission details View incident history and notifications Reports Describe the main DLP reporting features Navigate the Enterprise Manager dashboard View and edit reports Customize a report Export report data Create DLP Asset Heat Map reports Basic Operations Export and import DLP configuration files Review backup options for DLP Discuss high availability options for DLP components Describe how to configure Enterprise Manager failover Review Patching and upgrade operations for DLP List the benefits of integrating DLP and RMS Select and associate an RMS template for use with DLP Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 47

48 RSA Data Loss Prevention Policy and Classification Course Description AT-A-GLANCE This course provides a comprehensive training program in policy and classification for data loss prevention. Overview This training course centers around the RSA Data Loss Prevention Suite of products and on building the knowledge and skills to use the tools needed to detect sensitive content in the most accurate and efficient manner possible. This course also provides compliance officers and technical professionals with the knowledge and skills necessary to successfully safeguard enterprise content. Audience Technical professionals and security compliance officers who need to use the RSA Data Loss Prevention Suite of products to protect sensitive enterprise content. Duration 3 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: Prerequisite Knowledge/Skills A functional knowledge of the RSA Data Loss Prevention Suite, Windows, and/or Linux system administration; familiarity with web, application and directory server (LDAP) and/or relational database (RDBMS) technologies; familiarity with basic programming and scripting concepts. Course Objectives Upon successful completion of this course, participants should be able to: Identify the terms, patterns, and contextual evidence within content that identify it as sensitive Create queries and rules for detecting sensitive content with industry-leading levels of precision and recall Distinguish between high-sensitivity content and low sensitivity content, and create differential policies for both Apply these skills to all types of content, including personally identifiable information, payment card industry data, and corporate financials and intellectual property ED DLPPLCY210 Onsite class ED DLPTRAIN CREDIT Training credits 48

49 Course Outline Search and Categorization Overview Review search methodologies Define how to measure accuracy Define precision and recall Compare ranks and weights Review search features related to words, phrases, patterns, and entities Define how proximity is used Build an effective rule set Regular Expression Basics Define what regular expressions are and how they are used List tools available to create and test regular expressions Review detailed syntax for creating regular expressions Analyze sample regular expressions Create regular expressions to detect sensitive content Building Content Blades Identify the types of content blades Review detection rules Compare describing and fingerprinting content Build described content blades Compare and analyze file and database fingerprinting in detail Review fingerprinting frequently asked questions Build fingerprinted content blades Content Blade Best Practices Review described content blade best practices Review fingerprinted content blade best practices Building Policies Define what policies are and how they are used Review common policy features Explain the relationship between policies and content blades Use policies to identify sensitive content Review DLP Network policy features Review DLP Endpoint policy features Review DLP Datacenter policy features Configure policy-level remediation Create and tune policies to increase recall and precision Navigate the policy template library Regulatory Compliance Review existing regulatory compliance policies available in RSA DLP Analyze FERC-related policies Analyze HIPAA-related policies Incidents and Events Define what incidents and events are View incident lists Customize searches for incidents and events Review available incident actions Analyze incident and event details Methodologies Review best practices for building content blades Research corporate policies Gather test documents Identify linguistic evidence Build for recall Tune for precision Test for accuracy Document detection rules Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 49

50 RSA Security Analytics Administration Course Description AT-A-GLANCE This course focuses on administration of the RSA Security Analytics product. Overview The course provides an overview of RSA Security Analytics, hands-on configuration of components, managing users, and creating filters and rules. Additionally, the course covers integration with envision and monitoring capabilities. Audience RSA Security Analytics Administrators Duration 3 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED SA ADMIN 110 Public class ED SA ADMIN Onsite class ED NW TRAIN CREDIT Training credits Prerequisite Knowledge/Skills Familiarity with networking fundamentals and general information security concepts. Familiarity with Linux. Course Objectives Upon successful completion of this course, participants should be able to: Describe the Security Analytics architecture Describe the Security Analytics data sources, including the Warehouse Describe the licensing process Describe the Security Analytics User Interface Customize the interface Configure devices Create device groups Add users and groups Set roles and permissions for users and groups Configure external authentication Configure data capture including log collection Configure Live Manager Deploy feeds to the Decoder Configure the Reporting Engine Create reports, rules and alerts Configure Malware Analysis Use the REST API for basic tasks Monitor the environment Troubleshoot log collection Describe the envision migration process Configure the IPDB 50

51 Course Outline RSA Security Analytics Overview Packets, sessions, logs and content RSA Security Analytics architecture RSA Security Analytics components Licensing Data flow Data sources Deployment scenarios Deployment considerations The Virtual Environment Security Analytics interface Customizing the interface Configuring RSA Security Analytics Adding devices Device groups Concentrator settings Decoder settings Configure Live Manager Custom feeds Configuration files Configure the Reporting Engine Configure Custom Actions Configure the Warehouse Configuring CEP Configuring Malware Analysis Setting Up Data Collection Setting up capture for packets and log data Configuring log collection Setting up collection for: File Reader Windows ODBC Check Point VMware SDEE SNMP Syslog Testing data capture Managing Users User administration overview Managing Device users Users, groups, roles and permissions Managing Security Analytics users Configuring external authentication Creating Rules, Reports and Alerts Rules overview Rules data flow Filter data using rules Navigating data Creating Reports Creating Charts Creating Alerts Role Based Access Control Monitoring the environment Viewing statistics Monitoring devices Monitoring query performance Monitoring Concentrator aggregations Tuning the Index Resetting the databases Viewing logs REST API Troubleshooting log collection Crash Reporter Migrating from envision to Security Analytics Migration overview The Z-Connector Configuring the IPDB Extractor Service Migrating envision data Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 51

52 RSA Security Analytics for Analysts Course Description AT-A-GLANCE This course provides a methodical view of the tasks involved in performing event and incident analysis, including communication and automation using the RSA Security Analytics platform. Overview This course provides a roadmap for using RSA Security Analytics for intelligence-driven analysis. The course guides the analyst through the process, providing hands-on practice with analysis techniques, such as deploying external sources, creating custom feeds, creating rules to filter data, and reporting and alerting. Malware analysis and parsers are also covered as well as methodologies and best practices for optimal results. The course provides practice with packets and logs. Audience Security analysts with less than 6 months of industry experience, who are new to RSA Security Analytics and are responsible for incident identification and response. Security analysts who need a basic understanding of the methodologies associated with malware investigations and are utilizing RSA Security Analytics to support them in executing their role. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED SA AN 110 Public class ED SA AN Onsite class ED SA TRAIN CREDIT Training credits Duration 5 days Prerequisite Knowledge/Skills Students should be familiar with basic computer architecture, data networking fundamentals and general information security concepts. A background in Enterprise data networking and communications is required. Programming language experience is helpful. Basic knowledge of the TCP/IP protocol stack is useful. Course Objectives Upon successful completion of this course, participants should be able to: Describe the Security Analytics architecture Describe the Security Analytics User Interface Articulate the intelligence-driven process Describe the features and functions of the Investigation Module Access source data through the Live Module Create and deploy custom feeds Filter data for investigation using rules and custom drills Communicate results using reports Automate investigations using alerts Identify and obtain sources for malware analysis Create flex parsers for malware analysis Create a parser Analyze malware using the Investigation module Investigate potential security issues based on specific use cases 52

53 Course Outline RSA Security Analytics Overview Enterprise security evolution Intelligence-Driven roadmap Security Analytics Architecture RSA Security Analytics components Packets, logs, sessions, and contents RSA Security Analytics data flow Data sources Security Analytics interface Customizing the interface Investigation Basics Best practices for data analysis Common Use Cases Investigation techniques Using the Investigation module for analysis Building Sources Enriching the Data Defining and refining sources Accessing and deploying source data using the Live Module Creating custom feeds Configuration index files Creating new metadata Creating tasks Communicating Results and Introducing Automation Using reports for communication, validation and investigation Creating reports for Compliance Creating reports to monitor the environment Creating alerts for automated analysis Generating new intelligence Writing Parsers for Analysis Introduction to parsers Creating content using parsers Parser structure and syntax Converting to flex Log parsers Analyzing Malware Stages of the network forensics process Malware analysis techniques What is network forensics? Tuning malware filters Automating malware detection Malware analysis tools and tips Malware analysis use cases Filtering and Analyzing the Data Filtering methodology Security Analytics filtering tools Performing analysis using filtering tools and techniques Filtering best practices and tips Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 53

54 RSA ecat Administration Course Description AT-A-GLANCE This course provides comprehensive instruction in the installation, administration and configuration of the RSA ECAT product. Overview It includes an overview of ECAT as well as examples of how a security analyst can use ECAT to assess the security of a network both before and after an intrusion. Students will be presented with both lecture and a hands-on lab environment for applying the knowledge learned in class. Audience Customers who need to install, administer and configure the RSA ECAT product as well those who will use RSA ECAT to perform security analysis. Duration 2 days, split between lecture (50%) and labs (50%) REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Prerequisite Knowledge/Skills Students should be comfortable using command-line tools in Microsoft Windows, able to read hexadecimal file formats, understand Microsoft Windows executable file formats, and have a deep understanding of the potential vulnerabilities of Microsoft Windows operating systems. Course Objectives Upon successful completion of this course, participants should be able to: Identify how ECAT uses signature-less malware detection to identify threats Follow a five-step workflow to protect systems using ECAT Configure an ECAT server Configure and deploy ECAT agents Produce and review ECAT reports to quickly detect what systems may have been compromised Maintain the ECAT system 174 Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ECATADM 210 Onsite class 54

55 Course Outline What is RSA ECAT Introduction to RSA ECAT RSA ECAT components RSA ECAT architecture overview Lab: Introduction to the Environment RSA ECAT Setup RSA ECAT server operating systems Installing and configuring the SQL server Attaching additional databases Installing OPSWAT Metascan Lab: Demonstration of the installation process Configuring the RSA ECAT Server Software considerations Licensing RSA ECAT Running the console server Installing the console user interface Lab: Configuring the ECAT Server Configuring the RSA ECAT Client Generating the client executable Deploying a client Upgrading a client Lab: Configuring and deploying RSA ECAT clients Scanning the Environment Performing a manual scan Scheduling a scan Viewing scan logs Scanning client devices Lab: Scanning client devices Assessing Results Viewing client scan results White-listing Black-listing Gray-listing Generating reports Lab: Analyzing results and generating reports Managing Clients Adding, deleting, and modifying client agents Managing module capabilities Downloading modules Lab: Client operations Basic Operations Reviewing scan categories Mixing mode categories Gathering computer information Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 55

56 RSA Security Operations Management Solution Basics Course Description AT-A-GLANCE This course provides an overview of the concepts, processes, and procedures to effectively use RSA Security Operations Management Solution in a Security Operations Center. Overview Students will gain knowledge of the structure and operations of the RSA Security Operations Management Solution through presentations and hands-on exercises. This course addresses the tasks and responsibilities of several typical roles and personas that are part of an organization s Security Operations Center. Audience Customers who perform the following jobs can benefit from this course: Security Operations Center (SOC) manager Breach coordinator Incident coordinator Incident handler IT Helpdesk analyst REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: TBD Public class TBD Onsite class ED ARCTRAIN CREDIT Training credits Duration 2 days Prerequisite Knowledge/Skills To receive the most benefit from this training, we recommend that students have: Basic understanding of the use and management of RSA Archer and RSA Archer Enterprise Management Solution Basic understanding of the use and management of RSA Security Analytics Familiarity with basic security event reporting and analysis Familiarity with basic Security Operations Center functions and tasks Course Objectives Upon successful completion of this course, participants should be able to: Understand the industry standards such as VERIS, NIST, and SANS with respect to reporting and managing a security incident response process; and how RSA Security Operations Management Solution is so aligned Understand the high-level solution architecture of the RSA Security Operations Management Solution Explain the security operations management workflow supported by the RSA Security Operations Management Solution Explain and navigate the built-in dashboards of the RSA Security Operations Management Solution Identify and understand the differences between the six personas (roles) supported by the RSA Security Operations Management Solution Understand the workflows in the solution for the respective SOC personas Identify the phases and workflow relating to incident management Understand the contribution of RSA Security Operations Management Solution to SOC operations 56

57 Course Outline Security Operations Management Overview Function and purpose of a Security Operations Center (SOC) Security incident response industry standards [VERIS, NIST, and SANS] Capabilities of RSA Security Operations Management Solution Solution architecture Key personas in Security Operations Management Security Operations workflow RSA Archer Enterprise Management Solution Overview Introduction to RSA Security Operations Management Solution RSA Security Operations Management Solution dashboards and navigation RSA Security Operations Management Solution implementation lifecycle Managing SOC Readiness Managing the SOC staff and Contacts Managing SOC policies and procedures Incident Response Incident response workflow Alerts and incidents; aggregating alerts Incident types Incident Declaration, Creation, Assignment, Review, and Closure Incident response tasks Incident escalation Incident investigation, forensic and impact analysis Handling shift handovers Data Breach Response Data Breach response workflow Breach risk assessment Declaring a breach Creating and assigning breach tasks Executing a call tree Remediation Issue remediation workflow Findings process Resolving and reviewing findings Exception process Remediation plan Copyright 2014 EMC Corporation. All rights reserved. 03/2014 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 57

58 RSA Silver Tail Forensics and Mitigator Basics Course Description AT-A-GLANCE This course provides customers with the basic knowledge and skills they need to use the RSA Silver Tail solutions. Overview On Day One, users navigate the RSA Forensics interface in their own environment and learn how to evaluate and diagnose web session trends and threats via the RSA Forensics dashboard. On Day Two, users learn to write rules that result in alerts and actions that provide critical information for further analysis and reporting. All training is delivered on-site at the customer s location. Audience Security analysts and/or administrators who will be using RSA Forensics and RSA Mitigator. Duration 2 days Prerequisite Knowledge/Skills Day One attendees will need: An understanding of web logic abuse and forensic investigation A general understanding of HTTP, and how web sites work REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Day Two attendees will need the Day One knowledge, plus: A general understanding of rules syntax, regular expressions, or similar technologies Course Objectives Upon successful completion of this course, participants should be able to: Navigate the RSA Forensics interface Perform searches based on specific data elements and timeframes Identify user threats based on high risk behaviors Create Rules and Alerts Implement best practices for rules management Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED STS BAS 210: - Onsite class 58

59 Course Outline Day One: Day Two: Introduction to RSA Forensics Introduction to Rules RSA Forensics User Interface Dashboard Pages User Threats IP Threats Search Functionality Rules Engine and Alerts Search Search Overview Step-by-Step Process Search Examples RSA Forensics User/IP Lookup RSA Mitigator User/IP Lookup Rules Overview Rules Typologies Rules Data Rule Format Rule Syntax Rule Functions Use Cases Rules Interface Structure of a Rule Forensics and Mitigation Rules Language Data Functions Threat Scores Advanced Techniques Registers External Data Sets Rules Management Alerts and Events Best Practices Appendix Example Rules Glossary Copyright 2014 EMC Corporation. All rights reserved. 03/2014 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 59

60 RSA envision Administration Course Description AT-A-GLANCE This course provides an overview of the RSA envision product including functions and data flows. Overview Students learn the essentials of data collection, event management, alerting, and reporting. The course provides practice creating views, queries, correlated alerts, and reports as well as watchlists and event traces. Additionally, exercises explore how to create and deploy event-source support files for unknown devices using the Event Source Integrator (ESI) tool, thereby extending the compliance and security capabilities provided by envision. Audience System, security, or help desk personnel who need to administer the RSA envision product. Duration 5 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ENVADESI110 Public class ED ENVADESI210 Onsite class Prerequisite Knowledge/Skills A functional knowledge of computer operations and networking fundamentals. Course Objectives Upon successful completion of this course, participants should be able to: Explain the basic RSA envision data flows Describe how to collect data from event sources and configure envision Create users View data in real time and from an historical perspective Create queries and various types of reports Create and manage dashboard reports Create alerts and correlated rules Describe how to set up an Enterprise Dashboard Create a watchlist Manage vulnerabilities and assets Describe how to back up data and obtain content updates Create and manage incidents Investigate incidents using Event Traces Describe the event-source-integration process Identify collection methods for different types of logs Extract events from an unknown event source Describe the EventSource integrator (ESI) tool ED ENVSNADMINDVD Video ILT ED ENVTRAIN CREDIT Training credits 60

61 Course Outline RSA envision Overview Description and functions of the RSA envision product and its primary components Description of the operational data flows Discussion of services envision Configuration and Data Collection Brief description and tour of the user interface for management functions Management of monitored devices and assets Creation of users Use of the Watchlist function to filter events for alerting and reporting purposes Monitoring Event Data Use of the Event Viewer to view real-time data Use of the Query function to define and refine data-retrieval parameters Reporting Discussion of the use of RSA envision to monitor and retrieve historical data for use in compliance and policy reporting Report creation and scheduling Report customization Dashboard reports Alerting Discussion of correlating certain events to trigger an alert Creation of basic and correlated Alerts Enterprise Dashboard Introduction of the Enterprise Dashboard function and how to manage the Dashboard layout Vulnerability and Asset Management Description of the Vulnerability and Asset Management functionality to leverage information about enterprise assets and known vulnerabilities in conjunction with IDS systems RSA envision Maintenance Description of backup and restore methodologies and recommendations Description of event-source updates Incident Handling Introduction of the envision Event Explorer feature to retrieve and analyze data Use of Incident Management functionality to create, view, and refine incidents Use of Event Traces for incident investigation Principles of Logging Differentiate between events and log messages Describe how log messages are organized Describe how the syslog protocol is used in envision Identify the structure of support files Log Collection Methods and Formats List envision s alternative log-collection methods Identify when to use a particular collection service Outline the process to set up an alternative collection service Extract log files Creating Support Files Describe the EventSource Integrator (ESI) Identify how headers and payloads are defined in ESI Create support files for an unknown event source Create and deploy the event source package Test the event source integration Advanced ESI Topics Functions Conditional variables How Event Source Update works Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 61

62 RSA envision Advanced Administration Course Description AT-A-GLANCE This course provides indepth coverage of specific envision topics in the areas of data collection, reports, alerts, and Event Explorer. Overview Students learn how to configure envision to collect data from non-syslog collection methodologies. The course provides best practices for reports and alerts and practice using advanced reporting and alerting functions as well as creating advanced charts and tables in Event Explorer. Audience Customers and Partners who need to administer the RSA envision product. Duration 5 days Prerequisite Knowledge/Skills The RSA envision Administration course and three-to-six months experience using envision. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts Course Objectives Upon successful completion of this course, participants should be able to: Describe the envision collection process, including troubleshooting techniques Describe various collection methodologies Configure envision to collect data from non-syslog event sources Describe how to troubleshoot collection issues Describe best practices for reports and alerts Identify how to set up a security policy for reporting Create reports that support the security policy Identify how to plan a strategy for alerting Create alerts using multithreading, cache variables, thresholds, and severity levels Extract data in Event Explorer using charts and tables Identify best practices for charts and tables Describe Event Trace data stores Create charts using SQL in Event Explorer COURSE PART NUMBERS: ED ENVADVADM110 Public class ED ENVADVADM210 Onsite class ED ENVTRAIN CREDIT Training credits 62

63 Course Outline Configuring Data Collection envision Collection process Tips and techniques for troubleshooting the Collection process Windows Collection Service configuration and troubleshooting File Reader Collection Service configuration and troubleshooting ODBC Collection Service configuration and troubleshooting LEA Collection Service configuration and troubleshooting SDEE Collection Service configuration and troubleshooting VMware Collector SNMP Collection Service configuration and troubleshooting Advanced Reporting Best practices for reports Security-management reporting strategy Report performance enhancements Troubleshooting queries and reports Advanced Alerting Correlated alerts Alert strategy planning Best practices for alerts Rule-creation process Advanced alerting techniques Debugging correlation rules Extracting Data Using Event Explorer Exploring taxonomy in Event Explorer Best practices for charts and tables Event trace storage Advanced charting using SQL Data extraction using drill down and data points Extracting data using advanced tables Chart dashboard Escalation to an External Ticketing System Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 63

64 RSA Intelligence-Driven Event Analysis Course Description AT-A-GLANCE The RSA Intelligence-Driven Event Analysis course discusses an intelligencedriven approach to event and incident management for a Tier 1 Security Analyst in a forward-thinking Security Operations Center (SOC). Overview Participants learn about intelligence-driven SOC processes, standard operating procedures (SOPs), and monitoring tools. They learn to recognize the formats associated with the various sources of information available in a network environment. The course follows the end-to-end workflow of a Tier 1 Security Analyst, including all appropriate steps that are needed to handle each type of identified security incident. Audience IT professionals with 2 to 3 years of experience in a troubleshooting role, such as a systems/network engineer, a system administrator, network operations analyst, or a newly-hired security analyst. Knowledge of security fundamentals is required. Duration 2 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ACD IDEA 110 Public class ED ACD IDEA Onsite class Prerequisite Knowledge/Skills Proven capabilities with networking fundamentals, operating systems, and security concepts such as confidentiality, integrity, availability, authentication, and identity. Course Objectives Upon successful completion of this course, participants should be able to: Identify the roles and responsibilities in a SOC. Interpret sources of information in a SOC. Describe how Security Analysts interact with information and data in the SOC environment. Monitor incoming event queues for potential security events and/or incidents using various security tools per operational procedures. Perform initial investigation and triage of potential incidents. Investigate/analyze an incident. Escalate an incident for further analysis aligned to SOPs. Document and communicate investigative results aligned to escalation and/or handoff SOPs. Walk through an incident from alert to escalation to closure. Apply concepts that are learned in the classroom setting to their specific working environment. Industry tools used in this course include: PsTools Sysinternals Suite Nmap/ZenMap RSA Archer Wireshark RSA Security Analytics Process Explorer 64

65 Course Outline Roles and Responsibilities in a Security Operations Center Describe the purpose of a Security Operations Center (SOC) and its basic structure. Define an event and an incident and describe the difference between the two terms. Identify the roles and responsibilities in a SOC. Name some of the tools that are commonly used to monitor events in the SOC. Outline some of the key components in the incident processing workflow Interpreting Sources of Information Diagram the components and tools of technical environment you are working in Categorize sources of information available to a security analyst Recognize information formats Establish the context of the observed information/data Assimilate external threat data and threat intelligence Apply internal and external sources of intelligence to an incident Interacting with Information (Identifying Events) Become the eyes on glass Analyze logs from distributed system and network security devices Monitor all alerting systems Inspect network packet data View information using a console Correlating Events Define event correlation Use several correlation engines Assist in the identification of potential computer and communications security issues Correlate events and incidents with knowledge base of historical events and incidents Triaging Events Follow the triage process Prioritize incidents Apply standard operating procedures Analyzing incidents using sources of information Explain the incident is your system infected? Demonstrate fundamental understanding of all standard information sources Determine whether an incident occurred and handle appropriately Escalation and Handoff Escalate an event for further analysis to the incident handler Follow the SLA to resolution or escalation Standard operating procedures and analysis Documenting and Communicating Issues Update the internal knowledge base and wiki Perform maintenance activities on security related databases Assimilate external threat data and threat intelligence Learning Path Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 65

66 RSA Incident Handling and Response Course Description AT-A-GLANCE The RSA Incident Handling and Response course prepares a security analyst to take on Tier 2 responsibilities in a forward-thinking Security Operations Center (SOC). Overview The course provides a thorough overview of tasks, processes, procedures, escalation workflows and tools used by a Tier 2 Security Analyst. Through use cases, examples, and hands-on exercises, participants investigate a variety of critical incident response scenarios. The instructional material emphasizes decision-making and prioritization with the goal of teaching the students how to make an assessment in a short amount of time using security monitoring instrumentation, contextual analysis and correlation to indicators of network exploitation. Students develop a broader understanding of the role the SOC fulfills in the larger organization, including exposing them to the legal and regulatory compliance issues associated with incident response and assessing organizational risk. Audience Security Analysts with 6-12 months of experience working in a Security Operations Center, Network Operation Center (NOC), Critical Incident Response Team (CIRT) or similar function and are preparing for Tier 2 responsibilities. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ACD IHR 110 Public class ED ACD IHR Onsite class Duration 3 days Prerequisite Knowledge/Skills Students who have taken the RSA Intelligence-Driven Event Analysis training course and have 6-12 months of experience as a security analyst. Course Objectives Upon successful completion of this course, participants should be able to: Outline sustainable and repeatable tasks, process, procedures, escalation points and workflows of the Tier 2 Security Analyst. Ingest daily intelligence reports and previous shift logs. Recognize the legal, corporate investigative responsibilities and compliance issues associated with incident response. Participate in risk analysis for central and distributed networks to include the impact of cloud based infrastructures as part of the SOC. Review, triage, investigate, and analyze escalated events and incidents from Tier 1 during shift. Monitor security events using all SOC data sources. Investigate all incidents aligned to proper process, procedure and escalation points. Prioritize incident response relative to threat severity, business context and activity volume. Recommend, develop, and implement remediation procedures. Create an incident report with appropriate handoffs and closure. Coordinate, de-conflict and align event and incident communication. Support root cause analysis. Prepare communication for executives and enterprise stakeholders. 66

67 Course Outline The Tools and Tasks of a Tier Two Analyst List the tasks, processes, procedures and escalation points of a level two security analyst. Identify the tools used by the level two security analyst. Provide examples of the types of incidents handled by the Level Two security analyst. Ingest daily intelligence reports and previous shift logs for efficient operations handoffs, escalations and transitions. Participating in Regulatory Compliance Define security compliance. Describe the types of compliance standards. Outline the steps to become compliant with a standard. Distinguish a security program from a compliance program. Outline what happens during a compliance audit. Identify the responsibilities of a security analyst for a security audit. Contributing to Risk Assessment and Mitigation Monitor security controls to mitigate risk. Participate in risk analysis for central and distributed networks List organizational assets protected by the SOC Assess vulnerabilities of assets Investigating an Incident Investigate all escalated incidents. Summarize the steps to create a malware analysis environment Explore the tools included in the course s malware analysis environment Responding to an Incident Escalate incident as required Prioritize incident response Recommending Remediation Recommend remediation to operations Make recommendations to appropriate department for each incident Addressing After-Action Items Create an incident report Derive and incorporate threat intelligence from incident. Root cause analysis. Preparing Executive-level Communications Prepare a brief to senior management Summarize incident to Operations Industry tools used in this course include: RSA Security Analytics RSA Archer RSA ecat Learning Path Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 67

68 RSA Threat Intelligence Course Description AT-A-GLANCE The RSA Threat Intelligence course provides Tier 2 Security Analysts with comprehensive instruction on the global threat ecosystem and strategies that organizations can take to protect their assets. Overview In the context of the current threat environment, students learn ways to detect and correlate data for better threat analysis; reduce breach exposure time and break the cyber kill chain; and manage current and future threats. As participants progress through the course, their perceptions of threats will evolve, and they will receive instruction on the role of threat intelligence in security systems that are evolving along with the threat environment. Students participate in hands-on and table-top exercises to practice strategies for analyzing attacks and mitigating their effects, and for applying intelligence-driven security practices in their own organizations. Audience Tier Two security analysts (who investigate, analyze, and resolve or escalate incidents and issues; monitor external security information sources; feed actionable intelligence back into systems); SOC managers who want to implement a Threat Intelligence capability; Tier One analysts who meet prerequisites and want to advance. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ACD TI 110 Public class ED ACD TI Onsite class Duration 2 days Prerequisite Knowledge/Skills Students who have taken the RSA intelligence-drive Event Analysis course. Familiarity with computer architecture principles; networking concepts, and information security theory. Course Objectives Upon successful completion of this course, participants should be able to: Describe the current global threat ecosystem Illustrate the logical components of an advanced security program List best practices for planning advanced defenses Describe the cyber kill chain Provide examples of cyber kill chain intervention Compare traditional threats and Advanced Persistent Threats Find and use sources of threat intelligence Perform threat modeling of high-value assets and high-value adversaries Gather and analyze threat intelligence Manage the threat lifecycle 68

69 Course Outline Threat Overview Current Threat Ecosystem Ecosystem Overview Communities of Attackers Targets Vulnerabilities Avenues of Attack Tactics, Techniques, and Procedures Advanced Persistent Threats Threat Intelligence in an Advanced Security Program Shortcomings of Traditional Security Measures Advanced Approaches to Information Security Advanced Security Operations Center Model Planning Advanced Defenses Guiding Principles for Defending the Enterprise Defining a Cyber Footprint Quantifying Risk Applying Security Best Practices Promoting User Education Types of Threats Crimeware Advanced Persistent Threats (APTs) Cyber Kill Chain Attack Progression Anatomy of an Attack Cyber Kill Chain Model Kill Chain Interventions Detecting Attacks Indicators of Compromise Network-based Indicators Host-based Indicators Intelligence Sources Government Industry Associations & Networks Commercial Sources Open Source Extended Enterprise Internal Organization Sources Threat Modeling Threat Modeling Perspective Profiling Targets APT Targets Reconnoitering Targets, Web Presence, Industries, Social Media, High-Value Assets Threat Actor Attribution Actor Identification Target Identification Actor Behaviors Communication Strategy Threat Modeling Resources Developing Threat Intelligence Command and Control Protocol Decoding Passive DNS Monitoring Operations Threat Infrastructure Enumeration Command and Control Domain Correlation Intrusion Set Attribution Public-Facing Web Infrastructure Threat Management Detecting Threats Threat Mitigation Strategy Predicting Threats Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 69

70 RSA Malware Analysis Course Description AT-A-GLANCE The RSA Malware Analysis course provides new, Tier 3 analysts with tools and techniques for analyzing malware and extracting indicators of compromise. Overview The RSA Malware Analysis course provides students with the knowledge and skills to identify and act on actionable intelligence gathered through the process of malware analysis. Students are introduced to the threat landscape and common malware vectors. They learn to select and apply the tools and techniques required to reverse, monitor, and detect a malware threat. Students develop a workflow to gather intelligence and apply it to their security environment. Audience Security analysts, computer forensic investigators, incident responders who have basic knowledge of malware analysis and want to know more about the tools and techniques associated with gathering and responding to actionable intelligence. Duration 4 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ACD MA 110 Public class ED ACD MA Onsite class Prerequisite Knowledge/Skills Students who have taken the Intelligence-Driven Event Analysis, Incident Handling & Response, and Threat Intelligence courses or have commensurate experience. Familiarity with computer architecture principles, operating system theory, networking principles (including protocols and communication channels), and fundamental principles of computer security. Experience with programming and scripting concepts is also required. (Python is used during the course.) Course Objectives Upon successful completion of this course, participants should be able to: Describe the RSA Advanced Cyber Defense recommended workflow for reverse engineering current malware threats. Assess the presence of malware on system. Examine behavior of malware and its interaction with its environment using dynamic analysis tools and techniques. Analyze command and control (C2) communication methods to establish the intention and functionality of the malware. Deduce the program instructions of a malware executable through the use static analysis tools. Combine static and dynamic analysis methods to investigate more complex features of malware using disassembly and debugging tools. Collect and report actionable intelligence gained from reverse engineering malware. Recommend changes to a security program based upon actionable intelligence. Industry tools used in this course include: Process Monitor Process Explorer Process Hacker Regshot Wireshark HBGary Flypaper CFF Explorer IDA PRO (free version) Immunity Debugger Volatility Yara Malzilla JSBeautifier JD-GUI Peepdf 70

71 Course Outline Introduction to Malware Analysis Define the components of malware and how they work together to compromise a system Identify common malware vectors Describe the phases of the intrusion kill chain Outline the tasks involved in malware analysis Create a safe environment for investigating malware code and behavior. Assessing the Existence and Persistence of Malware Establish Indicators of Compromise Identify host-based artifacts. Identify network-based artifacts. Locate indicators of compromise. Determine malware s method of persistence. Outline the procedure for assessing the presence of malware on a system. Dynamic Analysis of Malware Outline process of dynamic analysis Apply dynamic analysis techniques in order to investigate malware s behavior in a virtual environment. Examine malware execution using a debugger. Identify anti-analysis techniques. Defend against anti-analysis techniques. Analyze commonly exploited file formats. Investigating Command and Control Communications Define command and control communication as used by malware. List the types of activities an attacker engages in using C2. Describe C2 techniques. Outline the procedure to capture and analyze C2 traffic. Describe how to set up an environment to investigate C2. Identify the tools critical to C2 investigation. Intercept SSL. Address the issue of C2 Not Responding. Static Analysis of Malware Explain the process of static analysis. List the outcomes of the static analysis process. Classify sources of data viable for analysis. Identify packing and obfuscation methods used by malware. Describe how compressed files are able to avoid detection. Disassemble malware executable code using IDAPro. Organize information and data gained from static analysis Advanced Malware Techniques Multiple layers of obfuscation Botnets Backdoors Debugging using Ollydbg Analyze memory for the presence of rootkits using Volatility Making Recommendations Based upon Actionable Intelligence Collecting Actionable Intelligence Gained from Malware Analysis Identify trends and problems to solve Communicate Actionable Intelligence Formulate recommendations Develop Yara rules to classify malware Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 71

72 RSA Cyber Defense Workshop Course Description AT-A-GLANCE The RSA Cyber Defense Workshop is designed to give participants practical experience as Security Operations Center (SOC) or Critical Incident Response Center (CIRC) Analysts. Overview In this advanced workshop, participants will assume the different roles within a working CIRC environment and manage the security events that take place over the course of a 3-day scenario. Day-to-day security incidents will occur alongside potentially catastrophic activity related to the advanced tactics of determined and persistent adversaries. Each member of the CIRC Team will have to utilize skills and tools in order to detect, contain and eradicate the threat as well as document the incident for executive review. This is the perfect opportunity for members of security teams to sharpen their skills related to the newest attacks in a controlled environment assisted by experts. This is also a great workshop to attend in order to determine the specific skillsets and tools that an organization needs in order to mitigate these most advanced types of attacks against corporate assets. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED ACD CDW 110 Public class ED ACD CDW Onsite class Audience Tier 3 security analysts, computer forensic investigators, incident responders who have experience with malware analysis and want to know more about the tools and techniques associated with gathering and responding to actionable intelligence. Duration 3 days Prerequisite Knowledge/Skills Participation in the RSA Malware Analysis and RSA Threat Intelligence courses or commensurate experience. Participants should have some security operations experience. Experience of RSA s Experts RSA and EMC have a 30-year legacy of working with clients worldwide to deliver security solutions. RSA has leveraged its relationships with industry leaders to give you deep insight into the most current threats and the techniques and tools to mitigate the risk of disclosure of information. This course will empower attendees with that knowledge and give them the opportunity to prove their current skill set and add to it in a meaningful way. Industry tools used in this course include: RSA Security Analytics RSA Archer RSA ecat 72 72

73 Topics covered in the Workshop Scenario Because this workshop will be completely scenario based, a formal course outline is not applicable. Throughout this workshop, participants will engage in: Malware Analysis Network Analysis Network Forensics Threat Intelligence Incident Triage Executive Presentation Security Operations Team Management Legal, Regulations, & Investigations Open Source and Commercial Tools Learning Path 73 Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 73

74 RSA Information Security & Privacy Awareness elearning Suite Course Description Overview This series of modules is designed for general staff in roles such as human resources, legal, marketing, finance, sales, operations and customer service. These highly interactive scenario-based modules equip employees to recognize the value of different types of information; to understand the scope, nature and origin of the diverse risks to such information; and to behave proactively to protect this information in their everyday work. Each module combines instruction with a suite of complementary communications materials, designed to enhance the learning process. The 9 modules can be combined in any way to design a program to fit diverse customer needs. And, for an even more comprehensive training solution, you can combine this offering with our other role-based elearning for IT and Engineering teams. Additional Capabilities Interactive Challenge Each course combines learning theory and subject matter expertise to deliver a course that is informative and compelling. This content is paired with an interactive exercise that is challenging and engaging. Eye-Catching Infographics FOR INFORMATION: Visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts Putting a graphical and artistic spin on the learning objectives, these high-impact posters are attention-grabbing and excellent for visual learners, data junkies and the casual observer. Customizable Articles Short, informative pieces that engage the learner with information related to the module s theme and content. These can be customized and broken out in a variety of ways. Printable Tip Sheets Tied to that month s training module, the tip sheet is a tangible tool that breaks down a larger concept into short, easy steps. These are meant to be printed and distributed at a weekly team meeting (or by individuals) and put on display at each workstation. Language localization Voiceover and on-screen translation in English, Latin Spanish, French Canadian, and Arabic is available. 74

75 Course Modules Malware Awareness: In this module, learners will understand the goals of malware, identify the many types of malware, and recognize how to prevent malware infection both at work and at home. Social Engineering: In this module, learners will identify the many forms of social engineering and its potential impacts, identify techniques used by social engineers and understand how to establish validity of requests in order to perform daily business functions in light of the threat of social engineers. Password Security: Learners will recognize the risks surrounding password security, identify safeguards used to protect passwords, and summarize techniques used by attackers to obtain passwords. In an interactive exercise, users will learn how to create and remember strong passwords, eliminating the need to turn to insecure practices. Security: Learners will be taught to recognize malicious before it can become a threat, how to properly handle , and best practices around how and when to use to send specific types of information. Physical Security: This module teaches students accepted practices for minimizing breaches and gives them the ability to identify different types of data that may be exposed via hardware theft. Students will be introduced to the risks associated with transporting sensitive data and the importance of maintaining personal security while traveling. Mobile Device Security: In this module, students will learn about mobile devices, the ways in which data can be leaked or lost, and the challenges that arise when the line of what is corporate and what is personal is blurred. This course will look at mobile device security from a number of platforms. PCI Compliance: In this module, students will follow the PCI Security Standards in order to understand how to identify different types of sensitive data and handle it properly. Phishing Awareness: Through this module, learners will recognize malicious before it can become a threat, understand the various ways in which attackers try to trick and entice users to trigger malicious events through , and best practices to properly handle and avoid phishing attacks. Travel Security: With the amount of data we are able to carry around in devices as small as a pack of gum, travel security is more important than ever. This module introduces students to the risks associated with transporting sensitive data, offers guidance around how to travel safely with sensitive information and when to leave it at home, and examines the importance of maintaining personal security while traveling. Technical Specifications: All courses are SCORM 1.2-compliant. Courses can be integrated into a client s Learning Management System or delivered as an on-demand service. Minimum Requirements: Computer: Screen Resolution: 1280x720 Standard Operating System: Mac OSX 10.x or above Windows XP or above Web Browser: Microsoft Internet Explorer 7.0 and 8.0 Mozilla Firefox 9.0 or above Google Chrome 16.0 or above Flash Player: Adobe Flash Player v10.1 or above Audio: Highly recommended [If sound is unavailable, user can follow on-screen transcript.] Windows XP with Safari 4.0 Mac: 105 with Safari Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 75

76 RSA Anti-Phishing elearning Suite Solution Description AT-A-GLANCE The total number of phishing attacks launched in 2012 was 59% higher than It appears that phishing has been able to set yet another record year in attack volumes with global losses from phishing estimated at $1.5 billion in The Year in Phishing, January 2013 Overview Every day, from countless locations, employees access large quantities of both work and personal s. At the same time, the sophistication and effectiveness of phishing s is a constant concern. At RSA, we understand that security officers are forever worried about employees falling victim to phishing attacks and placing their organization at risk. Our Continuous Security Awareness training methodology of Assess, Train, and Measure enables your employees to become human anti-phishing filters. Assess PhishGuru is a tool that assesses and trains employees with simulated phishing s. The moment an employee falls for a phishing attack creates a unique teachable moment. A just-in-time training message explains what employees did wrong and how to avoid it the next time. The teachable moment motivates the employee to take additional in-depth training. PhishGuru is the only simulated phishing attack solution that can auto-enroll simulated attack victims into in-depth anti-phishing training, thus streamlining the assessment and training program. Train RSA provides brief, interactive, software-based training modules that use learning-science principles to increase retention of learned concepts. The interactive training ensures trainees practice as they learn and provides instant feedback on correct and incorrect decisions. Security Training and Anti-Phishing Phyllis Our security training module and Anti-Phishing Phyllis training game both teach employees to recognize and avoid traps within s. In just 10 minutes, sing the context of a traditional system, you can teach employees to recognize traps in malicious s. The games come in two different styles. Security looks like an client and Anti-Phishing Phyllis features a fish character in a story-based game. TO REGISTER: Visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts URL Training and Anti-Phishing Phil We offer an interactive and fun training game that teaches users about malicious URLs and how to spot them. Employees will learn about the parts of a URL and where to watch for numbers, hyphens, and words like verify and update. The malicious URLs get more difficult to identify as each of the four lessons is completed. The games come in two different styles. URL Training has an interface that looks like a tablet PC and Anti-Phishing Phil features a fish character in a story-based game. Measure The intelligence gathered from the simulated attacks such as which attacks your organization is most susceptible to, which people are vulnerable, what devices they were using, and how people have changed their behavior after just one mock attack is available instantly. Additionally, every decision employees make during their training sessions is captured. This intelligence can be used to understand your organization s security posture and assign targeted training to the people who need it most. This creates a continuous anti-phishing training process that turns your employees into human anti-phishing filters. Customers have experienced a greater than 80% reduction in employee susceptibility to attack when using our Anti-Phishing Training Suite. 76

77 Delivery Options RSA PhishGuru is a software-as-a-service product. It is priced based on the number of employees being assessed. Organizations have unlimited use for this number of employees for the entire license period. Contact RSA Education Services for more information and pricing. Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 77

78 RSA Cyber Security and Compliance elearning Suite Solution Description AT-A-GLANCE Employees are a critical first line of defense against attackers who want to steal an organization s assets and information. David Martin, Chief Security Officer, EMC Overview Whether you re battling a phishing problem, burdened with BYOD, combating inappropriate social networking posts, or just need general cyber security training, the RSA Cyber Security and Compliance elearning solution is what you are looking for. This set of offerings is the only cyber security learning system on the market today specifically designed for security officers who are responsible for implementing security awareness training solutions for their employees. The Security Awareness Training Platform The Security Awareness Training Platform provides an integrated approach for assessing employees and providing in-depth training to strengthen a company s security posture. The Platform integrates software-based interactive training, mock cyber-attacks, reporting, and administrative capabilities into one easy-touse system. Instead of classroom, video, or slide-based training, this proven training approach improves cyber security knowledge and changes behavior. The interactive software lessons are developed using Learning Science Principles to engage the user, enabling them to learn and retain the information longer than traditional training methods. TO REGISTER: Visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts Platform Capabilities With the Training Platform you can easily manage your security awareness training and employee assessment program from one cloud-based enterprisewide system: Deploy mock cyber attacks which create teachable moments and help employees become receptive to more in-depth training Auto-enroll employees who fall for mock attacks into anti-phishing training Create training assignments for everyone at once, or for groups of employees you define Select from a comprehensive set of training modules that teach practical advice to avoid numerous threats Monitor employee completion of assignments and deliver automatic reminders about training deadlines Identify the groups who have the best or worst understanding of critical risk areas Show measurable knowledge improvement over time with easy-to-read reports for executive management Train employees globally with the Platform and training modules available in many languages 78

79 Reporting Capabilities All user data can be characterized, filtered, and reported using eight administrator-defined fields such as job function, geographical location, department, hire date, etc. Assignment Status Report Shows assignments in progress, complete, or untouched Most Missed Report Displays the areas of greatest weakness by module, user, assignment, group, and date Module Performance Report Shows scores for each group or user by training module Report Cards Shows a user s overall performance including number of correct answers Training Module Overview RSA s effective and engaging library of interactive and game-based software training modules are developed utilizing research performed at Carnegie Mellon University. Better than boring classroom, video, or slide-based training, these modules improve cyber security knowledge and measurably change behavior. Users can t sit idly by or check out during this training. In each 10-minute training module, the user learns through engaging teaching methods, realistic examples, and interactive practice. When employees make a mistake, or answer correctly, they learn why immediately thereby reinforcing the learning and lengthening retention. As users are practicing tactics, data is collected so that security officers can understand and measure user knowledge strengths and weaknesses. Our training modules are uniquely effective because they use learning-science principles to ensure users learn by doing and retain information longer than with traditional training methods. This interactive training approach should be an integral part of every security officer s Continuous Security Training program. Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 79

80 Library of Training Modules Anti-Phishing Phil Recognize and avoid malicious URLS This fun, character-oriented game-based training module teaches users to identify the parts of a URL and determine malicious from legitimate links. Security and Anti-Phishing Phyllis Spot and avoid phishing and spear phishing attacks Offered in two different versions, an interactive training module and training game. Both present different s and ask users to identify potential traps. Smartphone Security Secure your conversations and information Teach users how to secure their smartphones from theft, create PINs, keep communications private, and avoid dangerous apps. Safer Web Browsing Stay safe on the Internet by avoiding risky behavior and common traps Users will learn the difference between browser content and website content, to avoid malicious virus pop-ups, to log out of web sites and auto-complete risks, and spot other common website scams. Safe Social Networks Identify and avoid social network security attacks Educate your users about types of imposters that can be found online, how to spot scam messages on social networks, and that everything posted on social networks is public. Security Beyond the Office Keep business information secure at home and on the road Educate employees about using free Wi-Fi safely, the risks of using public computers, and how to safeguard company equipment and information at home and on the road. Password Security Create strong passwords and actually remember them Teach people to create stronger passwords, use a password family to aid in password recall, and how to safely store passwords. Social Engineering Recognize and avoid social engineering scams Employees will learn to recognize common social engineering tactics and practical tactics to avoid attacks and get insight into how social engineers think. Personally Identifiable Information (PII) Training Protect confidential information about yourself, your employer, and your customers Educate employees about the different types of PII, guidelines for identifying, collecting, and handling PII, actions to take in the event of a PII breach, and tips and techniques for improving overall PII security. Payment Card Information Data Security Standard (PCI DSS) Training Recognize warning signs and improve security of credit card data Users will learn to understand PCI-DSS requirements, identify PCI-DSS compliance, manage records and accounts, as well as recognize and act upon security breaches. Data Protection and Destruction (DPD) Training Use portable storage safely and properly discard sensitive data Teach everyone about the different types of portable electronic devices and removable storage media, the pros and cons associated with each, and best practices for securing and securely disposing of data. Delivery Options The Security Awareness Training Platform is cloud-based so that both security administrators and end users can access it from anywhere. It is priced based on the number of employees being trained and the training modules you choose to purchase. Organizations have unlimited use for this number of employees for the entire license period. Contact RSA Education Services for information and pricing. Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 80

81 RSA CyberStrength Assessment Service Solution Description AT-A-GLANCE 36% of the worst security breaches in the last year were caused by human error. PWC 2013 Information Security Breaches Survey Overview CyberStrength is the first and only cloud-based assessment solution that enables you to create, administer, and analyze the results of a custom knowledge assessment across several cyber topics to evaluate the strength of your users cyber security knowledge. An integral part of RSA s Security Training Platform, CyberStrength helps security officers measure user knowledge, understand organizational vulnerability to attack, and determine where to target security education. What can you do with CyberStrength? Build a broad assessment across several cyber security topics areas to understand employee knowledge. Create focused assessments on specific topics such as phishing, mobility, Internet browsing, social networking, passwords, smartphones, and many more. Supplement simulated attacks with a customizable assessment to ensure you evaluate employees on all topic areas. Add your own custom questions that are specific to your policies, areas of weakness, or unique culture. Make this a part of your Continuous Security Training Program so that you can measure and reduce your organization s vulnerability to attack. TO REGISTER: Visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: What can CyberStrength do for you? Enable you to assess users in areas that simulated attacks do not. Simplify the assessment process. We write all of the questions for you. Just select from our library of over 100 questions and determine who will receive it and when. Benchmark, track and trend user knowledge via detailed reports. Identify your organization s vulnerabilities and target with specific training to reduce overall training time and mitigate risk. Administer assessments and training all in one easy to use platform purposebuilt for security officers Middlesex Turnpike Bedford, Massachusetts

82 How does it work? Evaluating your Organization s CyberStrength The most important part of a CyberStrength assessment is the analysis of the results. CyberStrength provides high level and detailed reports that show you scores across the organization. Every report can be exported to Excel or Word so that you can you include the results in presentations to executive management. The reports are: CyberStrength Assessment, CyberStrength Risk, Scores by Category, Scores by Group, Groups by Subject Area, Most Missed Questions, Lowest Overall Scores by Group, Lowest Scores by Person. Reporting Capabilities CyberStrength Assessment Report This report shows the overall score of the assessment across the users who have completed it, the status of the assignment completion, scores by category and scores by group. CyberStrength Risk Report This report provides an overview of areas of risk. It shows assessment results such as scores by group, lowest overall score by group, most missed questions, and lowest scores by person. Each section of the Risk Report also gives security officers the ability to drill down and get more detailed information. Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 82

83 RSA PhishGuru Phishing Attack Simulation Service Solution Description AT-A-GLANCE The total number of phishing attacks launched in 2012 was 59% higher than It appears that phishing has been able to set yet another record year in attack volumes with global losses from phishing estimated. The Year in Phishing, January 2013 RSA Fraud Report Overview Every day, new phishing s are reaching your employees inboxes and, as a security officer, you are constantly wondering when someone will click, or reply, and expose the company s network and intellectual property. What if you could send your employees phishing s to train them, and what if every person who falls for the mock phishing is immediately trained on what not to do the next time? RSA PhishGuru, a software-as-a-service product, is an easy-to-use tool that assesses and trains employees with simulated phishing s. This creates a unique teachable moment when employees fall for the simulated attack and are open to learning. Just-in-time training messages explain what they did wrong and how to avoid it the next time. RSA PhishGuru is not a penetration test it s much more. It s a way to assess and change employee behavior. Product Capabilities REGISTER: Visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: RSA PhishGuru has a library of almost 100 different phishing templates for administrators to edit or use as is. A sampling of topics is: financially related, social networking, work-related, personal, seasonal, logistics, and recent attacks seen in the wild. You can assess your employees ability to recognize three different types of traps: malicious URLs, attachments, and data-entry forms. There are four different teachable moment options from which to select: Multi-panel illustrated (with the actual phishing received by the employee embedded in the training) Single-panel cartoon Fully customizable landing page Web redirect to internal training 174 Middlesex Turnpike Bedford, Massachusetts

84 You can reduce the chance of employees falling for an attack by 60% with just one mock phishing attack. With RSA PhishGuru, administrators and security officers collect powerful information to assess in what areas their organizations are most vulnerable. With this information, they can determine the training their organization needs most and target those areas (or people) specifically Reporting Capabilities RSA PhishGuru includes extensive analytics and reporting, enabling information security professionals to analyze employee responses to various attack scenarios. The latest version of RSA PhishGuru also reveals whether an employee fell for an attack through a mobile phone, a tablet, or their computer, and specifically what type of device or browser they were using. Our reports provide the data you need to understand where your employees are most vulnerable. Campaign Report shows opens and clicks for each campaign delivered. Contact Group Report shows opens and clicks for a single campaign by contact group. Device Type Report shows which devices, operating system, and browser the phishing was accessed from. Repeat Offender Report shows which employees responded most often. Location Report shows employee response to phishing geographically. Delivery Options RSA PhishGuru is a software-as-a-service product. It is priced based on the number of employees being assessed. Organizations have unlimited use for this number of employees for the entire license period. Contact RSA Education Services for more information and pricing. Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 84

85 RSA Security Training for IT Staff Description of Course Offerings IT Security Fundamentals This course introduces IT staff to the fundamentals of securing networks and systems within an organization. With a detailed exploration of controls, monitoring access, operational procedure, and formal auditing and logging, this course is designed to present a holistic approach to network and system security. Audience: IT Staff TO REGISTER: Visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Delivery: elearning Duration: Two hours Prerequisites: None Course Overview Topics include: Operating system access control Monitoring system access and use Network access control Operating procedures and responsibilities Application access control Audit controls and tools Bedford, Massachusetts Database Security Fundamentals This interactive course provides a solid foundation for database administrators to build a secure database environment. Audience: Database Administrators Delivery: Instructor-Led Duration: 1 day Prerequisites: This introductory course requires basic understanding of modern relational database systems Application security fundamentals course is an ideal pre-requisite Course Overview Topics include: Database Misconceptions Database encryption Advanced SQL injection Database auditing and exception handling Data access security Database server security Managing privacy and secrets in the database 85

86 TECHNICAL SPECIFICATIONS (IT Security Fundamentals elearning Course): All courses are SCORM 1.2-compliant. Courses can be integrated into a client s Learning Management System or delivered as an on-demand service. Minimum Requirements: Computer: Screen Resolution: Web Browser: Microsoft Internet Explorer Flash Player: Adobe Flash Player v10.1 or Audio: Highly recommended 1280x720 Standard Operating System: Mac OSX 10.x or above 7.0 and 8.0 Mozilla Firefox 9.0 or above Google Chrome 16.0 or above above [If sound is unavailable, user can follow on-screen transcript.] Windows XP or above Mac: 105 with Safari Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 86

87 RSA Cloud Security Fundamentals Course Description AT-A-GLANCE The RSA Cloud Security Fundamentals course provides an overview of the concepts, processes, and best practices needed to successfully secure information within Cloud infrastructures. Overview Students will learn the basic Cloud types and delivery models and develop an understanding of the risk and compliance responsibilities and challenges for each Cloud type and service delivery model. The student will also learn how to apply RSA s trustbased security model to real-world security problems. The course concludes with a module on guidance for building private Clouds and a lab exercise where the student will implement a private cloud using a 3 rd party provider s interface. Some materials in this course have been developed in conjunction with the Cloud Security Alliance. A Certificate of Cloud Computing Security Knowledge (CCSK) is available through the Cloud Security Alliance. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED CLDSECFN 110 Public class ED CLDSECFN Onsite class ED CLDSECFN VILT Video ILT Audience This course is intended for RSA/EMC customers who have virtualized a portion of their environment and wish to acquire Cloud services either externally via a public Cloud or to implement Cloud technologies internally (private Cloud). This course will be valuable for those who work in security or virtualization administration, compliance, architecture, and audit roles within their organization. Duration 4 days Prerequisite Knowledge/Skills Basic familiarity with IT concepts, including storage, computation and networking Working knowledge of TCP/IP networking technologies (equivalent to CompTIA Network+ certification) Working knowledge of Information Security concepts (equivalent to CompTIA s Security+ certification) Conversant with virtualization concepts Comfortable using a command-line interface Course Objectives Upon successful completion of this course, participants should be able to: Identify security aspects of each cloud model Develop a risk-management strategy for moving to the Cloud Implement a public cloud instance using a public cloud service provider Apply RSA s trust-based security model to different layers in the infrastructure stack Distinguish between cloud providers and 3rd party managed service providers 87

88 Course Outline Introduction to Cloud Computing Cloud Overview Cloud Service Models Cloud Deployment Models Managing Cloud Security and Risk Impact of Cloud Tiers on Security and Risk Standards Organization RSA s Cloud Trust model Things to Look for in a Cloud Provider Infrastructure Layer Trust Infrastructure Trust Layer Definition Disaster Recovery Virtualization Segmentation and Isolation Log Management Secure Communications Multi-Tenancy Application Layer Trust Application Layer Trust: definition Web Application Security Fundamentals Application Security Phases and Lifecycle SDLC PaaS Security Concerns Management Management Layer Trust: Definition Identity and Access Management Contract SLAs Roles and Responsibilities Provider Viability Compliance Monitoring Business Continuance Provider Supply Chain Third-party Risk Assessment Software Licensing Risk Securing Private Clouds Enterprise IT Evolution Private Cloud Security Primer Final Lab Exercise Hands-on exercise in which participants are challenged to build a best-in-class vendor data application with minimal assistance Information Layer Trust Information Layer Trust: Definition Data Retention / Destruction Data Leakage Data Privacy Data Encryption and Key Management Data Geolocation E-Discovery Data Portability Data Classification Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 88

89 RSA Certified Information Systems Security Professional (CISSP) Certification Boot Camp Course Description AT-A-GLANCE RSA Education Services provides training worldwide on RSA products and advanced security topics. Our mission is to enable the next generation of security professionals to address the latest threats to information and infrastructure security. RSA s CISSP Boot Camp has been developed and reviewed by security practitioners, thought leaders, and contributing authors to provide the most widely recognized CISSP materials available. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: CONTACT US: [email protected] Phone: Int l: GET PREPPED FOR THE CISSP EXAM BY RSA S SECURITY EXPERTS RSA has developed an effective program to prepare candidates to become security practitioners and successfully pass the (ISC) 2 CISSP certification exam. This Certification Boot Camp involves intensive lectures, demonstrations, and review questions delivered by a security professional with years of experience as a practitioner. Not only will participants become prepared to take the exam but the anecdotes and real world examples from this course are invaluable insight into real world security challenges and approaches to solve them. The modules of this course follow the 10 Domains of the (ISC) 2 Common Body of Knowledge. Each module presents the concepts and vocabulary from a technical and management aspect, bridging the gap that is often present in organizations today, a holistic approach to the technical, physical and administrative controls that make up a security program. Each module is also followed by review questions, detailed explanations and exam tips related to the material and how it may be presented on the exam. RSA s CISSP Boot Camp has been updated to reflect the 2012 Domain Name and content changes. Participants will come away empowered for the exam and beyond Common Body of Knowledge Domains Access Control Telecommunications and Network Security Information Security Governance & Risk Management Software Development Security Cryptography Security Architecture and Design Security Operations Business Continuity and Disaster Recovery Legal, Regulations, Investigations and Compliance Physical (Environmental) Security Added Bonus Module: Security Insights from Senior Executives RSA has a 30-year legacy of working with clients worldwide to deliver security solutions. In this module, we explore the security issues that senior executives from global organizations face as they enable their businesses and implement their security programs. This content is unique to RSA s CISSP Curriculum and not available elsewhere. Fax: Middlesex Turnpike Bedford, Massachusetts COURSE PART NUMBERS: ED CISSP 110 Public class ED CISSP Onsite class RSA Education Services is not affiliated with ISC2 or its subsidiaries. Participation in this course does not guarantee the successful completion of the ISC2 CISSP Exam. RSA Education Services has developed the course content from direct experience in the areas of the Common Body of Knowledge and has used the ISC2 CISSP Candidate Information Bulletin as a reference as to technical depth and topics on the exam. Course costs do not include exam fees or facilitate exam registration. Exam schedules are available on ISC2.org. 89

90 RSA Security Training for Development Staff Description of Course Offerings TO REGISTER: Visit the RSA Training and Certification web site: CONTACT US: Phone: Int l: Fax: Middlesex Turnpike Bedford, Massachusetts Application Security Fundamentals Introduction to Application Security for Managers Common Security Flaws Secure Architecture & Design Secure Development in C/C++ Language-Neutral Secure Web Development Secure Development in.net Secure Development in PHP Secure Development in Java Security Testing Security Testing Techniques for Web Development Security Testing Techniques for Client/Server Development Secure Client/Server Development in Perl Secure Development for Mobile Devices On-Demand Delivery SCORM1.2-Compliant: Courses can be integrated into a client s Learning Management System or delivered as an on-demand service through a hosted portal. Instructor-Led Delivery Some courses are available as On-site instructor-led training only. Technical Specifications: (elearning Courses only) All courses are SCORM 1.2-compliant. Courses can be integrated into a client s Learning Management System or delivered as an on-demand service. Minimum Requirements: Computer: Web Browser: Flash Player: Audio: Screen Resolution: 1280x720 Standard Operating Microsoft Internet Explorer 7.0 and 8.0 Mozilla Firefox 9.0 or above Adobe Flash Player v10.1 or above Highly recommended [If sound is unavailable, user can follow on-screen System: Mac OSX 10.x or above Windows XP or above Google Chrome 16.0 or above Mac: 10.5 with Safari transcript.] Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 90

91 Application Security Fundamentals Audience: Development Staff Delivery: elearning & Instructor-led Duration: elearning: Each course module is approximately minutes in duration Instructor-led: 1 day These courses are designed to introduce those who are involved in software development to the basics of application security. The course introduces the learner to essential goals and controls needed to create secure software and manage risk in the software development lifecycle. Courses and Topics include: Introduction to Cryptography Patterns and Practices for Development Prerequisites: Understanding of information security basics Knowledge of the software-development lifecycle (SDLC) Introduction to Application Security for Managers Audience: Engineering Management Delivery: elearning & Instructor-led Duration: elearning: Each course module is approximately 5-10 minutes in duration Instructor-led: 1 day This series of courses is designed to introduce managers to the basics of application security. The curriculum introduces the essential goals and controls needed to create secure software and properly manage risk in the software development lifecycle. Courses and Topics include: Introduction to Application Security Application Security Goals & Controls Application Security Principles Managing Security in the Software Development Lifecycle (SDLC) Prerequisites: None Copyright 2014 EMC Corporation. All rights reserved. 04/2014 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 91

92 Common Security Flaws Audience: Development Staff Delivery: elearning Duration: Approximately 28 minutes in duration Common Security Flaws introduces users to the most critical application security risks as defined in the OWASP Top Ten. It takes users through each threat; teaching them to identify the risk and actively implement defenses to mitigate these issues. Course Topics include: OWASP Top 10 Prerequisites: Understanding of information security basics Knowledge of the software development lifecycle (SDLC) Secure Architecture & Design Audience: Architect or senior developer Delivery: Instructor-led Duration: 1 day This course is designed to give an architect or senior developer a comprehensive understanding of the risk of building today s information systems, using the students own architectures as examples, so results are directly applicable after the class. The class includes a live review of these actual architectures to demonstrate how to conduct a full-fledged architecture review. Course Topics include: Security Fundamentals Feasibility/Risk Ranking Network Security Real-World Architecture Reviews Host Security Application Security Prerequisites: Application Security Fundamentals Copyright 2014 EMC Corporation. All rights reserved. 04/2014 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 92

93 Secure Development in C/C++ Audience: Development Staff Delivery: elearning & Instructor-led Duration: elearning: Each course module is approximately 5-10 minutes in duration Instructor-led: 1 day This highly interactive, scenario-based series of courses equips developers to understand the causes of memory corruption issues and program defensively to avoid them. Learners will also recognize how integers work in memory in order to avoid the more common issues seen in C and C++ applications. In addition, learners will be taught how to implement a strong input validation scheme as a crucial line of defense for all applications. Courses and Topics include: Introduction to Secure Development in C and C++ Memory Corruption Issues in C and C++ Integer Issues in C and C++ Prerequisites: Knowledge of the C/C++ language and familiarity with creating applications in C/C++ Language-Neutral Secure Web Development Audience: Development Staff Delivery: Instructor-Led Duration: 1-2 days This course provides a comprehensive introduction to building secure web applications. This course is designed to give development teams an intermediate-level understanding of application security, secure coding, what they are up against, and how to defend against the most common attacks against web-based software. It covers the most common web vulnerabilities and explains how to address them. Course Topics include: Building secure web applications Logging and exception handling XML and Web Services An introduction to cryptography Privacy and secrets Data access security Input validation and output sanitization Security testing approaches Prerequisites: This introductory course requires a basic knowledge of the software development lifecycle (SDLC) Application Security Fundamentals is a required prerequisite Some hands-on coding experience is strongly recommended for Day 2 Copyright 2014 EMC Corporation. All rights reserved. 04/2014 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 93

94 Secure Development in.net Audience: Development Staff Delivery: elearning & Instructor-led Duration: elearning:2 hours Instructor-led: 1-2 days This course is designed to teach learners the importance of security for web applications written in the.net framework, illustrating authentication and authorization methods, identifying how to properly handle exceptions, and understanding basic session management. Learners will also be introduced to many common application-testing approaches. The instructor-led version of this course includes a second day of hands-on lab exercises. Course Topics include: Authentication in.net Applications Authorization in.net Applications Auditing and Logging Exception Handling in.net Application Prerequisites: Knowledge of the.net framework and familiarity with creating applications in.net Secure Development in PHP Audience: Development Staff Delivery: elearning & Instructor-led Duration: elearning: Each course module is approximately minutes in duration Instructor-led: 1-2 days This series of courses is designed teach learners the importance of security for web applications written in the PHP language, illustrating why web applications are vulnerable, identifying what vulnerabilities look like, and understanding how to mitigate these threats. Learners will also be able to understand how to securely interact with supporting systems in order to holistically address security concerns. The instructor-led version of this course includes a second day of hands-on lab exercises. Courses and Topics include: Authentication and Authorization in PHP Data Security in PHP Exception Handling & Logging in PHP Handling Input & Output Securely in PHP Secure System Access in PHP Session Management in PHP Prerequisites: Students should have an understanding of information security basics before taking this curriculum as well as knowledge of the PHP language and familiarity with creating applications in PHP Application Security fundamentals is an ideal prerequisite Copyright 2014 EMC Corporation. All rights reserved. 04/2014 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 94

95 Secure Development in Java Audience: Development Staff Delivery: elearning & Instructor-led Duration: elearning: Each course module is approximately 5-15 minutes in duration Instructor-led: 1-2 days This series of courses is designed to teach learners the importance of security for web applications written in the Java language. Learners will be shown how data is secured from unauthorized access or modification, how access can be granted to an application, and how roles can be assigned within the application. Lastly, this curriculum provides techniques to ensure proper session management and securing sensitive data in transit and storage. The instructor-led version of this course includes a second day of hands-on lab exercises. Courses and Topics include: Authentication & Authorization in Java Data Security in Java Handling Input & Output Securely in Java Secure Database Access in Java Session Management in Java Prerequisites: This intermediate curriculum requires knowledge of the Java language and familiarity with creating applications in Java Security Testing Principles Audience: QA Staff Delivery: elearning Duration: Each course module is approximately minutes in duration This series of courses is designed to introduce those who are involved in software testing to the basics of application security testing. Using the methodology of cyber criminals and incorporating real-world examples, the course introduces the learner to types of testing methods that will uncover software issues before attackers do. The curriculum also covers the skills necessary to properly report discovered issues within the organization. Courses and Topics include: Introduction to Security Testing Performing Discovery Attacks on Web Applications Simulating Attacks Against Web Applications Reporting Security Testing Results Prerequisites: Students should have an understanding of basic software testing before taking this curriculum Application Security Fundamentals is an ideal prerequisite Copyright 2014 EMC Corporation. All rights reserved. 04/2014 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 95

96 Security Testing Techniques for Web Development Audience: QA Staff Delivery: Instructor-Led Duration: 2 days This course is designed to provide quality assurance (QA) professionals with a comprehensive introduction to how security flaws manifest in their web-based systems, and a solid introduction on how to identify them. This lab-based course allows students to discover real-world issues in a sample application and learn how to take these lessons back to their own applications. Courses Topics include:: Embracing the attack mindset Authorization Flaws: Security Testing Tools & Techniques Verifying & Attack Access Controls Mapping the Application Error Handling/Information Leakage Bypassing Client-Side Controls SQL Injection, Cross-Site Scripting Authentication Flaws Cross-Site Request Forgery Buffer Overflow Attacks Prerequisites: This introductory course requires basic knowledge of the software development lifecycle (SDLC) Application Security Fundamentals is a mandatory pre-requisite Security Testing Techniques for Client/Server Development Audience: Development Staff Delivery: Instructor-Led Duration: 1 day This course is designed to provide quality assurance (QA) professionals with a comprehensive introduction to how security flaws manifest in their client/server-based systems, and a solid introduction on how to identify them. This lab-based course allows students to discover real-world issues in a sample application and learn how to take these lessons back to their own applications. Courses Topics include: Security testing tools and techniques Client-side tampering Mapping the application Server-side injection flaws Error handling, information leakage Local privilege escalation issues and protocol analysis DLL hijacking Common authentication flaws Client-side secrets and reversing obfuscation Prerequisites: This introductory course requires basic knowledge of the software development lifecycle (SDLC) Application Security Fundamentals is a mandatory pre-requisite Copyright 2014 EMC Corporation. All rights reserved. 04/2014 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 96

97 Secure Client/Server Development in Perl Audience: Development Staff Delivery: elearning Duration: 80 minutes This course proves a comprehensive introduction to building secure Perl applications. This course is designed to give development teams an intermediate-level understanding of application security, secure coding, what they are up against, and how to defend against the most common attacks against client/server-based software. Objectives: Application Security Fundamentals Security Throughout the SDLC Implementing Access Controls Defensive Programming in Perl An Introduction to Cryptography Prerequisites: Application Security Fundamentals course Competence in Perl programming language, version 5.6 or greater (not including Perl 6) Familiarity with CPAN Understanding of TMTOWTDI for core Perl syntax and included modules/pragmas Understanding of basic matching and substitution syntax for regular expressions Coding experience in Perl Secure Development for Mobile Devices Audience: Development Staff Delivery: elearning Duration: Each course module is approximately minutes in duration In this series of courses, students will learn how to assess the risks of their mobile development efforts and effectively address those risks using a best business practice and reasonable approach. Separate courses will be developed for Andriod and ios. Courses and Topics include: Introduction to Secure Mobile Development (ios/android) Accessing Network Resources Securely from mobile Apps (ios/android) Securing Inter-process Communications on Mobile Devices (ios/android) Prerequisites: Application Security Fundamentals Copyright 2014 EMC Corporation. All rights reserved. 04/2014 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 97

98 RSA Learning Assessments Enable faster technology adoption and increase productivity AT-A-GLANCE Free to individuals and organizations Easy online access Measures knowledge of RSA products and other security-related concepts. Group assessments can be administered to identify gaps across a team Customization of assessments & reports WHERE TO GO Individuals can take an online RSA Learning Assessment at: OVERVIEW As organizations increasingly depend on technology to manage their businesses, the need for employees to be knowledgeable about security is increasingly evident. Whether they are IT security professionals or general office staff, having the appropriate security knowledge and skills to perform their jobs is a critical business driver. To plan and position your security training initiatives cost-effectively, RSA Learning Assessments are tools to measure your team s knowledge of RSA products and other security-related concepts. Based on the learning assessment results, we can work with you to identify a learning program that works for you and your team. We provide learning assessments free of charge on the following RSA products and topics: RSA Adaptive Authentication RSA Archer Cloud Security Fundamentals RSA Data Loss Prevention RSA envision RSA Security Analytics RSA SecurID Security Awareness KEY BENEFITS For group assessments, contact us at: [email protected] RSA Education Services Phone: International: Middlesex Turnpike Bedford, Massachusetts RSA Learning Assessments are useful for organizations who recognize a need for training but aren t quite sure what training their team really needs. By leveraging RSA Learning Assessments, you can better understand the learning gaps and make an informed decision about the most effective individual and group training plans for your team. And, online RSA Learning Assessments are available to you at no charge. An assessment can be completed within minutes with immediate results provided to the assessment taker. For a team assessment, management reports can be provided that evaluates individual and group results. You ll have greater confidence that both the time and financial investment in training will more quickly enable your technology adoption and increase productivity

99 SAMPLE REPORTS ABOUT RSA RSA is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading egrc capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit 99 Copyright 2013 EMC Corporation. All rights reserved. 08/2013 H12172 EMC 2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 99