LUNARLINE: School of Cyber Security. Dedicated to providing excellence in Cyber Security Training Certifications. ISO 9001: 2008 Certified
|
|
- Stephanie Parrish
- 8 years ago
- Views:
Transcription
1 LUNARLINE: School of Cyber Security Dedicated to providing excellence in Cyber Security Training Certifications ISO 9001: 2008 Certified Maturity Level 2 of CMMI Top 2% D&B Rating VA Certified Service Disabled Veteran Owned Small Business SDVOSB DCAA Approved Accounting System Approved Earned Value Management (EVM) System
2 LUNARLINE Overview Lunarline is a leading and award winning provider of Cyber Security Solutions, Specialized IA Services, and Certified Security Training to all US Federal Government (Civilian, DoD, and IC), as well as to customers in selected commercial markets. All Lunarline Cyber Security Solutions, Specialized IA Services, and Certified Security Training are backed by our unwavering commitment to our customer s satisfaction, being a leader in cyber security innovation, while maintaining the highest quality training, products, and services. Lunarline is a VA Certified Service Disabled Veteran Owned Small Business (SDVOSB) that has been appraised at CMMI Level 2, certified in ISO 9001: 2008, has a DCAA approved accounting system, ranks in the top 2% of D&B Rating, and has an approved Earned Value Management (EVM) system. Lunarline offers certificate programs with NSA/CNSS (NSTISSI No. 4011, 4012 and 4015) certified C&A training courseware. Lunarline is a recipient of the DOT Cyber Security Excellence Award, the Cyber Security Forum Initiative 5-Star Training Award, and was named as one of America s Fastest-Growing Private Companies in the Inc It is our passion to provide the highest qualified personnel and solutions to our customers. We believe in continuously improving our customer s ability to monitor and improve the confidentiality, integrity, and availability of their systems and applications. All of our Information Assurance, Information Security, Training and other IT related services and products are ISO 9001:2008 certified. Lunarline Inc. has a successful and award winning track record of providing risk-based/information Security and training services (FISMA, IG, NIST, DIACAP, and CNSS) to our customers. From risk assessments to providing support for an entire Federal Agency s Information Security Program, Lunarline, Inc. has ensured our customers systems and programs exceed Federal, DoD, and IC security requirements. Lunarline is designated as a DIACAP Fully Qualified Navy Certification Agent/Validator. This Corporate Navy designation is not easily obtained, in that many qualifications and certifications must be formally presented to the Navy CA (SPAWAR) and ODAA (NNWC) for approval. This designation provides a valuable benefit to Lunarline s Navy customers as the designation validates Lunarline s qualifications in implementing the DIACAP per Navy requirements and instructions.
3 Table of Contents Training Courses... Training Course Schedule... 2 DIACAP Courses... 3 Risk Management Framework (RMF) for DoD Information Technology (IT)... 4 Applying the FISMA/NIST Risk Management Framework... 5 Applying the CNSS/NIST Risk Management Framework... 6 NSA CNSS 4015 Boot Camp Compliance CompTIA Security+ Certification... 9 Recovery Planning Practitioner Course... 9 ISC 2 Certified Authorization Professional (CAP) Cloud Security and FedRAMP Training Assessing Network Vulnerabilities Ethical Hacking Lunarline Mobile Courses Meet the Instructors Waylon Krush, CISSP, CISA, CAP Keith Mortier, CISSP, CISA Charles A. Russell, Sr., PMP, CISSP, CAP, CTT Rebecca Henry Onuskanich, CISSP, CAP, CTT Robert Cohen, CCM, CBRM, CBCP, Security+ Certified Matt Xenakis, CISSP, CAP Jennifer Hawks, CISSP Daniel Kwiatkowski, CISSP Don Becker, CISSP, MCP Alan Yuriditsky, CAP Training Success Stories Class Rates Our Customers Need more information? Want to reserve your seat in our training? Contact Melissa Dawson Today! (571) Or her at: melissa.dawson@lunarline.com
4 We Offer Training Courses DIACAP Hands-On In- Depth 3 Day September 24-26, 2013 November 5-7, 2013 February 4-6, 2014 May 6-8, 2014 September 16-18, 2014 DIACAP Hands-On Intensity 4 Day September 24-27, 2013 November 5-8, 2013 February 4-7, 2014 May 6-9, 2014 September 16-19, 2014 DIACAP Validator Workshop 5 Day October 28-November 1, 2013 March 10-14, 2014 June 9-13, 2014 October 27-31, 2014 Risk Management Framework (RMF) for DoD Information Technology (IT) Overview 1 Day April 7, 2014 July 14, 2014 December 1, 2014 Risk Management Framework (RMF) for DoD Information Technology (IT) Hands-On In Depth 3 Day August 6-8, 2013 October 22-24, 2013 January 7-9, 2014 April 8-10, 2014 July 15-17, 2014 October 7-9, 2014 December 2-4, 2014 Risk Management Framework (RMF) for DoD Information Technology (IT) Hands-On Intensity 4 Day August 6-9, 2013 October 22-25, 2013 January 7-10, 2014 April 8-11, 2014 July 15-18, 2014 October 7-10, 2014 December 2-5, 2014 Applying the NIST/FISMA Risk Management Framework (RMF) Overview 1 Day March 24, 2014 May 12, 2014 Applying the NIST/FISMA Risk Management Framework In-Depth 3 Day October 8-10, 2013 January 21-23, 2014 March 25-27, 2014 May 13-15, 2014 August 5-7, 2014 November 18-20, 2014 Applying the NIST/FISMA Risk Management Framework Intensity 4 Day October 8-11, 2013 January 21-24, 2014 March 25-28, 2014 May 13-16, 2014 August 5-8, 2014 November 18-21, 2014 Applying the NIST/FISMA Risk Management Framework / Security Controls Validator 5 Day October 14-18, 2013 February 10-14, 2014 June 23-27, 2014 September 22-26, 2014 Applying the NIST/CNSS Risk Management Framework Overview 1 Day March 3, 2014 June 2, 2014 Applying the NIST/CNSS Risk Management Framework In-Depth 3 Day November 19-21, 2013 March 4-6, 2014 June 3-5, 2014 September 9-11, 2014 December 9-11, 2014 Applying the NIST/CNSS Risk Management Framework Intensity 4 Day November 19-22, 2013 March 4-7, 2014 June 3-6, 2014 September 9-12, 2014 December 9-12, 2014 Applying the NIST/CNSS Risk Management Framework / Security Controls Validator 5 Day December 16-20, 2013 April 14-18, 2014 July 7-11, 2014 October 20-24, 2014 NSA CNSS 4015 Boot Camp September 9-13, 2013 December 9-13, 2013 July 21-25, Compliance CompTIA Security + 3 Day August 13-15, 2013 November 19-21, 2013 January 28-30, 2014 May 20-22, 2014 September 30 October 2, 2014 Recovery Planning Practitioner 5 Day August 26-30, 2013 December 2-6, 2013 August 25-29, 2014 ISC2 Certified Authorization Professional (CAP) 4 Day November 4-7, 2013 February 25-28, 2014 May 27-30, 2014 October 14-17, 2014 Cloud Security and FedRAMP Training 5 Day July 29- August 2, 2013 September 16-20, 2013 January 13-17, 2014 April 21-25, 2014 August 11-15, 2014 November 3-7, 2014 Assessing Network Vulnerabilities 4 Day September 3-6, 2013 April 1-4, 2014 August 19-22, 2014 Ethical Hacking 4 Day August 20-23, 2013 November 12-15, 2013 March 18-21, 2014 July 29-31, 2014 December 16-18, 2014 * All courses are held at the Lunarline Training Facility in Arlington, VA 2
5 DIACAP DoD Information Assurance Certification and Accreditation Process (DIACAP) courses DIACAP Overview 1 Day Our Price: $ COURSE DATES COMING 2014 This course is designed for students who want to gain an improved understanding of the DIACAP. The course provides an overview of DIACAP requirements, documentation and associated processes. DIACAP In-Depth 3 Day Our Price: $1, COURSE DATES This course is designed for students who want to gain an improved understanding of the DIACAP. The course provides an overview of SEPT 24-26, 2013 DIACAP requirements, documentation, and associated processes. This course provides an in-depth look into the DIACAP processes, and NOV 5-7, 2013 FEB 4-6, 2014 includes a series of hands-on exercises in developing the DIACAP Systems Identification Profile (SIP), DIACAP Implementation Plan (DIP), MAY 6-8, 2014 SEPT 16-18, 2014 and Plan of Actions and Milestones (POA&M). The DIACAP training is introduced from a Department perspective, but can be tailored as required to include any Component/Service or system-specific nuances relative to the implementation of the DIACAP. Instruction modules include the DIACAP Activity Cycle, the Knowledge Service, DIACAP Governance Structure, roles and responsibilities, and much more. DIACAP Intensity 4 Day Our Price: $2, COURSE DATES This course is designed for students who want to gain an improved understanding of the DIACAP. The course provides an overview of SEPT 24-27, 2013 DIACAP requirements, documentation, and associated processes. The 4-day intensity course provides an in-depth look into the DIACAP NOV 5-8, 2013 FEB 4-7, 2014 processes, and includes a series of hands-on exercises in developing the DIACAP Systems Identification Profile (SIP), DIACAP Implementation Plan (DIP), and Plan of Actions and Milestones (POA&M). The DIACAP training is introduced from a Department perspective, but MAY 6-9, 2014 SEPT 16-19, 2014 can be tailored as required to include Component/Service and system-specific astructure, roles and responsibilities, and many more. The fourth day of the DIACAP Intensity course provides each student with an introduction to using the DoD approved automated scanning tools, including the DISA SRRs, Gold Disk, and other DoD automated tools. DIACAP Validator Workshop 5 Day Our Price: $2, COURSE DATES This course concentrates on methods used to validate DoD IA Controls as contained in DoDI Discussion areas include an JUL 8-12, 2013 overview of the DIACAP, the DoD-defined information system types and the associated security concerns, vulnerability scanning, DoDapproved automated scanning tools, and many more. The course provides an in-depth explanation of each control identified in DoDI OCT 28 - NOV 1, 2013 MAR 10-14,, 2014 JUNE 9-13, 2014 OCT 27-31, to include the appropriate testing method, associated supporting evidence (known as artifacts), and how to more efficiently and effectively test and validate DoD systems and infrastructure. The curriculum will prepare the ACA or Validator to test against the DoD IA controls using manual and automated procedures in accordance with the standards set forth by the Department. These Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011, Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. As well as earning CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 3
6 Risk Management Framework (RMF) for DoD Information Technology (IT) Risk Management Framework DoD Information Technology (RMF for DoD IT) courses Risk Management Framework (RMF) for DoD Information Technology (IT) Overview 1 Day Our Price: $ COURSE DATES APRIL 7, 2014 JUL 14, 2014 DEC 1, 2014 Lunarline offers the most comprehensive and detailed hands-on training for students who want to gain an understanding of the pending transition from DIACAP to Risk Management Framework (RMF) for DoD Information Technology (IT). DOD is now in the process of establishing the regulatory foundation for their transition to the use of the NIST RMF. This training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible. This course includes the following takeaway items: A printed training manual, a CD with a comprehensive set of NIST and Director of National Intelligence (DNI) - approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Risk Management Framework (RMF) for DoD Information Technology (IT) In-Depth 3 Day Our Price: $1, COURSE DATES Lunarline offers the most comprehensive and detailed hands-on training for students who want to gain an understanding of the pending transition from DIACAP to Risk Management Framework (RMF) for DoD Information Technology (IT). Our training is based upon AUG 6-8, 2013 OCT 22-24, 2013 JAN 7-9, 2014 participation of our subject matter experts in transition working groups and direct experience with other Federal, DoD and commercial APRIL 8-10, 2014 JUL 15-17, 2014 clients. In compliance with the Federal Information Security Management Act (FISMA), Federal agencies and the Intelligence Community have already transitioned to the use of the NIST Risk Management Framework (RMF) as the foundation for their assessment and OCT 7-9, 2014 DEC 2-4, 2014 authorization (A&A) processes, formerly known as certification and accreditation (C&A). DoD is now in the process of establishing the regulatory foundation for their transition to the use of the NIST RMF. This training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible. Students will engage in a series of hands-on activities that will provide active learning of the new processes, preparation of the documentation, and execution of the required security control assessments. Risk Management Framework (RMF) for DoD Information Technology (IT) Intensity 4 Day Our Price: $2, COURSE DATES Lunarline offers the most comprehensive and detailed hands-on training for students who want to gain an understanding of the pending transition from DIACAP to Risk Management Framework (RMF) for DoD Information Technology (IT). Our training is based upon AUG 6-9, 2013 OCT 22-25, 2013 JAN 7-10, 2014 participation of our subject matter experts in transition working groups and direct experience with other Federal, DoD and commercial APRIL 8-11, 2014 JUL 15-18, 2014 clients. In compliance with the Federal Information Security Management Act (FISMA), Federal agencies and the Intelligence Community OCT 7-10, 2014 have already transitioned to the use of the NIST Risk Management Framework (RMF) as the foundation for their assessment and authorization (A&A) processes, formerly known as certification and accreditation (C&A). DoD is now in the process of establishing the regulatory DEC 2-5, 2014 foundation for their transition to the use of the NIST RMF. This hands-on training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible. This course is focused on a series of hands-on activities that will provide active learning of the new processes, preparation of the documentation, and execution of the required security control assessments. This class includes extensive hands on training on Federally-approved vulnerability assessment tools, such as Nessus, and other useful security tools. Upon completion, students will be able to immediately apply the concepts and ensure that their organization can experience a smooth transition. These Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011, Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. As well as earning CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 4
7 Applying the FISMA/NIST Risk Management Framework Federal Information Security Management Act (FISMA) courses Applying the FISMA/NIST Risk Management Framework Overview 1 Day Our Price: $ COURSE DATES Lunarline s Federal Information Security Management Act (FISMA)/NIST Risk Management Framework training provides students a practical high-level overview of the NIST approach to system authorization, an introduction to the requirements for meeting FISMA require- MAR 24, 2014 MAY 12, 2014 ments, as well as an in-depth look of the Federal system authorization process and Risk Management Framework (RMF). This course has been aligned with NIST SP Revision 1 and the new processes introduced under the Federal transformation of assessment and authorization (formerly certification and accreditation). This course includes the following takeaway items: A printed training manual, a CD with a comprehensive set of NIST and Director of National Intelligence (DNI) - approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Applying the FISMA/NIST Risk Management Framework In-Depth 3 Day Our Price: $1, COURSE DATES Lunarline s Federal Information Security Management Act (FISMA) training provides students with a fundamental knowledge of the JUNE 25-27, 2013 requirements for meeting FISMA requirements, as well as an in-depth look of the Federal system authorization process and Risk Management Framework (RMF). This training equips the students with an in-depth indoctrination into the RMF and they will learn the OCT 8-10, 2013 JAN 21-23, 2014 MAR 25-27, 2014 requirements for managing risk, and ensuring that the confidentiality, availability and integrity of federal information and information AUG 5-7, 2014 NOV 18-20, 2014 systems is protected at a level commensurate with the security requirements of the information and the information system. Students will participate in a series of scenario-based hands-on exercises to enhance understanding of the processes used for system authorization, including all of the elements of the Risk Management Framework. These exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for Federal Information Systems. This training is a CNSS approved course that deals with the new C&A transformation. Please note this course has been aligned with NIST SP Revision 1 and is the new process under the C&A transformation. The FISMA In-Depth Course covers the requirements and the use of FIPS 199, NIST SP , NIST SP Revision 1, NIST SP , NIST SP , NIST SP , NIST SP and NIST SP800-53A. Applying the FISMA/NIST Risk Management Framework In-Depth Intensity 4 Day Our Price: $2, COURSE DATES Lunarline s Federal Information Security Management Act (FISMA)/NIST training provides students with a fundamental knowledge of JUNE 25-28, 2013 the requirements for meeting FISMA requirements, as well as an in-depth look of the Federal system authorization process and Risk OCT 8-11, 2013 JAN 21-24, 2014 Management Framework (RMF). This hands-on training equips the students with an in-depth indoctrination into the RMF and they will MAR 25-28, 2014 learn the requirements for managing risk, and ensuring that the confidentiality, availability and integrity of federal information and information systems is protected at a level commensurate with the security requirements of the information and the information system. MAY 13-16, 2014 AUG 5-8, 2014 NOV 18-21, 2014 Students will participate in a series of scenario-based hands-on exercises to enhance understanding of the processes used for system authorization, including all of the elements of the Risk Management Framework. These exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for Federal Information Systems. The fourth day of the FISMA/NIST RMF Intensity course provides each student with a hands on experience in using automated vulnerability assessment and other tools used to support the Federal authorization process. The FISMA In-Depth Course covers the requirements and the use of FIPS 199, NIST SP , NIST SP , NIST SP , NIST SP , NIST SP , NIST SP , and NIST SP800-53A. These Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011, Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. As well as earning CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 5
8 Applying the NIST/FISMA Risk Management Framework / Security Controls Validator 5 Day Our Price: $2, COURSE DATES This course provides an in-depth look at testing the controls using NIST SP A and ensuring the use of the Risk Management OCT 14-18, 2013 FEB 10-14, 2014 Framework (RMF) for Federal Security Systems.. The focus of the course is an in-depth explanation of each NIST SP controls JUNE 23-27, 2014 to include what method should be used to test and validate each security control in accordance with NIST SP A and NIST SP SEPT 22-26, , what evidence should be gathered, and how to more efficiently and effectively test Federal systems and infrastructure. The curriculum will introduce the independent tester or Validator to test the process for any of the Federal IA controls using manual and automated tests to ensure all controls are tested properly. The FISMA Validator Course will cover NIST SP A, NIST SP , NIST SP , NIST SP and the development of the Security Assessment Report (SAR), and Plan Of Action and Milestones (POA&M). The student will have a hands-on experience using scenario-based hands-on exercises in executing the validation tests with the approved tools. These exercises will include the development of the Security Assessment Report (SAR). Lunarline s courseware has been evaluated and is certified by the NSA/CNSS to meet NSTISSI 4011, CNSSI 4012 and NSTISSI 4015 requirements. All of our instructors have hands-on, real world experience you get more than just classroom instruction, you receive the benefits of actual expertise in executing these processes. Applying the CNSS/NIST Risk Management Framework Committee for National Security Systems (CNSS) courses Applying the CNSS/NIST Risk Management Framework Overview 1 Day Our Price: $ COURSE DATES MAR 3, 2014 JUNE 2, 2014 This course equips the student with an overview of the system assessment and authorization process and the Risk Management Framework (RMF) for National Security Systems (NSS). The CNSS Course will address the Federal and Intelligence Community requirements, including NIST SP , NIST SP , and CNSS Applying the CNSS/NIST Risk Management Framework In-Depth 3 Day Our Price: $1, COURSE DATES This course equips the student with an overview of the system authorization process and the Risk Management Framework (RMF) for JUL 16-18, 2013 National Security Systems (NSS). In addition to the classroom instruction, the student will also participate in several scenario-based NOV 19-21, 2013 MAR 4-6, 2014 hands-on exercises in the implementation of the RMF to provide a clear knowledge bridge to the revised system authorization processes for those currently working with C&A for National Security Systems or for those who have limited or no C&A experience. These JUNE 3-5, 2014 SEPT 9-11, 2014 DEC 9-11, 2014 exercises will include the development of Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for a NSS. This course meets the requirements of National Security Directive 42 (NSD-42), which outlines the roles and responsibilities for securing NSSs. The CNSS In-Depth Course will address the Federal and Intelligence Community requirements, including NIST SP , NIST SP , FIPS 199, and CNSS These Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011, Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. As well as earning CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 6
9 Applying the CNSS/NIST Risk Management Framework In-Depth Intensity 4 Day Our Price: $2, COURSE DATES This course equips the student with an overview of the system authorization process (also known as C&A) and the Risk Management Framework (RMF) for National Security Systems (NSS). In addition to the classroom instruction, the student will also partici- JUL 16-18, 2013 NOV 19-21, 2013 MAR 4-7, 2014 pate in several scenario-based hands-on exercises in the implementation of the RMF using the CNSS and IC requirements to JUNE 3-6, 2014 SEPT 9-12, 2014 provide a clear knowledge bridge to the revised system authorization processes for those currently working with C&A for National Security Systems or for those who have limited or no C&A experience. These exercises will include the development of DEC 9-12, 2014 Systems Security Plans (SSPs), Security Assessment Reports (SARs), and Plans Of Action and Milestones (POA&Ms) for a NSS. This course meets the requirements of National Security Directive 42 (NSD-42), which outlines the roles and responsibilities for securing NSSs. The CNSS In-Depth Course will address the Federal and Intelligence Community requirements, including NIST SP , NIST SP , and CNSS The fourth day of the CNSS/NIST RMF Intensity course provides each student with a hands on experience in using automated vulnerability assessment and other tools used to support the Federal and CNSS system authorization process. Applying the CNSS/NIST Risk Management Framework / Security Controls Validator 5 Day Our Price: $2, COURSE DATES This course provides an in-depth look at testing the controls using NIST SP A, CNSS 1253A, and ensuring the use of the Risk JUL 22-26, 2013 Management Framework (RMF) for National Security Systems. The focus of the course is an in-depth explanation of each NIST SP DEC 16-20, 2013 APRIL 14-18, 2014 controls and includes unclassified policies and procedures related to NSS to include what method should be used to test and validate JUL 7-11, 2014 OCT 20-24, 2014 each security control in accordance with NIST SP A and NIST SP , what evidence should be gathered, and how to more efficiently and effectively test Federal systems and infrastructure. The curriculum will introduce the independent tester or Validator to test the process for any of the NSS IA controls using manual and automated tests to ensure all controls are tested properly. The CNSS/NIST RMF Validator Course will cover NIST SP A, NIST SP , NIST SP , NIST SP , NIST SP and the development of the Security Assessment Report (SAR), and Plan Of Action and Milestones (POA&M). The student will have a hands-on experience using scenario-based handson exercises in executing the validation tests with the approved tools. These exercises will include the development of the Security Assessment Report (SAR). Lunarline s courseware has been evaluated and is certified by the NSA/CNSS to meet NSTISSI 4011, CNSSI 4012 and NSTISSI 4015 requirements. All of our instructors have hands-on, real world experience you get more than just classroom instruction, you receive the benefits of actual expertise in executing these processes. These Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011, Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. As well as earning CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 7
10 NSA CNSS 4015 Boot Camp Includes the DIACAP Validator and Risk Management Framework for DoD Information Technology (IT) courses NSA CNSS 4015 Boot Camp 5 Day Our Price: $2, COURSE DATES SEPT 9-13, 2013 DEC 9-13, 2013 JUL 21-25, 2014 This class combines the DIACAP Validator and Risk Management Framework for DoD Information Technology (IT) In-Depth class which qualifies you to earn your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4015, 4011 and CNSSI 4012 in 5 days. This course concentrates on methods used to validate DoD IA Controls as contained in DoDI Discussion areas include an overview of the DIACAP, the DoD-defined information system types and the associated security concerns, vulnerability scanning, DoD-approved automated scanning tools, and many more. The course provides an in-depth explanation of each control identified in DoDI to include the appropriate testing method, associated supporting evidence (known as artifacts), and how to more efficiently and effectively test and validate DoD systems and infrastructure. The curriculum will prepare the ACA or Validator to test against the DoD IA controls using manual and automated procedures in accordance with the standards set forth by the Department. Lunarline offers the most comprehensive and detailed hands-on training for students who want to gain an understanding of the pending transition from DIA- CAP to RMF for DoD IT. Our training is based upon participation of our subject matter experts in transition working groups and direct experience with other Federal, DoD and commercial clients. In compliance with the Federal Information Security Management Act (FISMA), Federal agencies and the Intelligence Community have already transitioned to the use of the NIST Risk Management Framework (RMF) as the foundation for their assessment and authorization (A&A) processes, formerly known as certification and accreditation (C&A). DoD is now in the process of establishing the regulatory foundation for their transition to the use of the NIST RMF. This training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible. Students will engage in a series of hands-on activities that will provide active learning of the new processes, preparation of the documentation, and execution of the required security control assessments. This Course Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4015 Information System Certifier, your National Security Agency (NSA) and Committee on National Security Systems (CNSS) NSTISSI 4011 and Information System Security Professional and CNSSI 4012, Senior IA System Manager Certificate. You will also receive Lunarline s School of Cyber Security s Certified Expert DIACAP Professional (CEDP) Certificate. And earn CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 8
11 8570 Compliance CompTIA Security+ Certification courses 8570 Compliance CompTIA Security+ Certification 3 Day Our Price: $3, COURSE DATES AUG 13-15, 2013 NOV 19-21, 2013 JAN 28-30, 2014 MAY 20-22, 2014 SEP 30 - OCT 2, 2014 Lunarline, a CompTIA Authorized Partner, offers an intense 3 Day Security+ course consisting of nine lessons addressing each of the six Security+ domains in depth. All Lunarline training materials and books are CompTIA approved and have the most up to date information required to successfully understand the various security domains. Students receive a CompTIA Security+ Deluxe Study Guide (which includes a CD), as well as CompTIA-approved course material that is composed of independent study assignments designed to help students prepare to successfully complete the Security+ exam. The course was designed for students who are familiar with basic computer functionality, networking concepts and text-based interfaces and is taught exclusively by CTT+ and Security+ Certified Instructors with extensive real hands- on information security experience. The primary objective of this 5 day course is to increase operator knowledge of physical, network and system security and prepare the student for the Security+ examination. Upon course completion, students should have an understanding of the Six security domains addressed by the Security+ certification. These domains include: Systems Security, Network Infrastructure, Access Control, Assessments and Audits, Cryptography, Organizational Security. FEATURES: The Six Domains of Security+: Systems Security Network Infrastructure Access Control Assessments and Audits Cryptography Organizational Security. Every student participating in Lunarline s Security+ 3-Day training will receive a test voucher for your Security+ Certification test. This course will prepare students to meet the certification compliance mandates required by DOD Directive for DOD information assurance technicians and managers. Recovery Planning Practitioner courses Recovery Planning Practitioner Course 5 Day Our Price: $2, COURSE DATES This course is designed to provide an operational basis for all facets of recovery planning through information delivery and practical AUG 26-30, 2013 exercises. As a result of this course, students will be able to conduct risk analysis, business impact analysis, recovery strategy analysis DEC 2-6, 2013 AUG 25-29, 2014 and develop viable emergency response plans and recovery plans through the information obtained as a result of these assessments. This course will impart an ability to conduct Business Impact Analysis so that executive management will have a prioritized list of all functions per formed, a determination of when the loss of a given function becomes unacceptable to the organization, and the resources necessary to enable the recovery of each function. Students will be provided with insights into conducting Recovery Strategy Analysis, understanding the different strategies that are currently available and their applica bility based on their strengths and weaknesses. This course will expose the students to emergency response techniques from the development of checklists to crafting concise communications releases. Upon completion of the study of recovery planning foundations, this course will give the students a thorough knowledge of how to develop viable, easy-to-use recovery plans that address all hazards and all contingencies. Finally, this course is designed to provide the elements of an ongoing viable recovery capability through training and exercising programs that meet the needs of all audiences for all organizations. This Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material, a comprehensive set of National Institute of Standards and Technology (NIST) DoD approved templates, as well as copies of the guidelines, instructions, standards, and presentations discussed during the training. Certifications: You will receive your Certificate of successful participation in this course, which will allow you to claim hours of Continuous Professional Experience for your existing certifications. 9
12 ISC 2 Certified Authorization Professional (CAP) Course courses Lunarline is now authorized by (ISC) ² CAP - Certified Authorization Professional. The course is taught by (ISC) ² authorized instructors who employ effective delivery of the curriculum while focusing on preparing you with the knowledge and skills required with passing the rigorous CAP examination. Framework (RMF) as the foundation for their assessment and authorization (A&A) processes, formerly known as certification and accreditation (C&A). DoD is now in the process of establishing the regulatory foundation for their transition to the use of the NIST RMF. This hands-on training will enable your organization to understand the proposed changes and to position yourself early to make the transition as seamless and efficient as possible. ISC 2 Certified Authorization Professional Course (CAP) 4 Day Our Price: $3, COURSE DATES The Certified Authorization Professional (CAP) credential is an objective measure of the knowledge, skills and abilities required for personnel involved in the process of authorizing and maintaining information systems. Specifically, this credential applies to those responsible NOV 4-7, 2013 FEB 25-28, 2014 MAY 27-30, 2014 for formalizing processes used to assess risk and establish security requirements and documentation. Their decisions will ensure that information systems possess security commensurate with the level of exposure to potential risk, as well as damage to assets or individuals. OCT 14-17, 2014 The credential is appropriate for commercial markets, civilian and local governments, and the U.S. Federal government including the State Department and the Department of Defense (DoD). Job functions such as authorization officials, system owners, information owners, information system security officers, and certifiers as well as all senior system managers apply. Understand the Security Authorization of Information Systems - Security authorization includes a tiered risk management approach to evaluate both strategic and tactical risk across the enterprise. The authorization process incorporates the application of a Risk Management Framework (RMF), a review of the organizational structure, and the business process/mission as the foundation for the implementation and assessment of specified security controls. This authorization management process identifies vulnerabilities and countermeasures and determines residual risks. The residual risks are evaluated and deemed either acceptable or unacceptable. More controls must be implemented to reduce unacceptable risk. The system may be deployed only when the residual risks are acceptable to the enterprise. Categorize Information Systems - Categorization of the information system is based on an impact analysis. It is performed to determine the types of information included within the security authorization boundary, the security requirements for the information types, and the potential impact on the organization resulting from a security compromise. The result of the categorization is used as the basis for developing the security plan, selecting security controls, and determining the risk inherent in operating the system. Establish the Security Control Baseline - The security control baseline is established by determining specific controls required to protect the system based on the security categorization of the system. The baseline is tailored and supplemented in accordance with an organizational assessment of risk and local parameters. The security control baseline, as well as the plan for monitoring it, is documented in the security plan. Apply Security Controls - The security controls specified in the security plan are implemented by taking into account the minimum organizational assurance requirements. The security plan describes how the controls are employed within the information system and its operational environment. The security assessment plan documents the methods for testing these controls and the expected results throughout the systems life-cycle. Assess Security Controls - The security control assessment follows the approved plan, including defined procedures, to determine the effectiveness of the controls in meeting security requirements of the information system. The results are documented in the security assessment report. Authorize Information System - The residual risks identified during the security control assessment are evaluated and the decision is made to authorize the system to operate, deny its operation, or remediate the deficiencies. Associated documentation is prepared and/or updated depending on the authorization decision. Monitor Security Controls - After an Authorization to Operate (ATO) is granted, ongoing continuous monitoring is performed on all identified security controls as well as the political, legal, and physical environment in which the system operates. Changes to the system or its operational environment are documented and analyzed. The security state of the system is reported to designated officials. Significant changes will cause the system to reenter the security authorization process. Otherwise, the system will continue to be monitored on an ongoing basis in accordance with the organization s monitoring strategy. 10
13 Cloud Security and FedRAMP Training Are you in the cloud? Are you concerned about security in the cloud? Do you want to have a better understanding of FedRAMP? Are you a 3PAO? courses Cloud Security and FedRAMP Training 5 Day Our Price: $2, COURSE DATES JUL 29 - AUG 2, 2013 SEPT 16-20, 2013 JAN 13-17, 2014 APRIL 21-25, 2014 AUG 11-15, 2014 NOV 3-7, 2014 If you answered yes to any of the above questions, then you should register for the Lunarline School of Cyber Security (SCS) class in Cloud Security and FedRAMP. The 5-day Cloud Security and FedRAMP course provides students with an in-depth knowledge of cloud security requirements, cloud security issues, cloud computing architecture and security concepts for the three types of cloud computing: Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS), and explains what cloud service providers and agencies must do to understand the latest guidance provided by NIST and to meet the requirements for the Federal Risk and Authorization Management Program (FedRAMP). What you will learn: Cloud Computing Architecture and Security Concepts, Cloud Security Baselines, Cloud Security Assessment & Authorization, What is FedRAMP? FedRAMP Requirements, Roles and Responsibilities for Key FedRAMP Stakeholders (Providers, Federal Agencies, and 3PAOs), NIST SP Security Controls for Cloud Security Environments, Independent Verification and Validation, and Continuous Monitoring. Lunarline is known as an expert in cloud security and one of the first companies to be awarded 3PAO certification for FedRAMP. Our classes are provided by our Senior Strategists in Cloud Security, all of whom have demostrated hands-on experience. Course includes an Android tablet with the training material and other reference materials pre-loaded. Successful completion of this course provides each student with a Certification as a Certified Expert Cloud Security Provider (CECSP) issued by the Lunarline School of Cyber Security (SCS). Every student participating will receive a certificate of successful participation in this course, which will allow you to claim hours of Continuous Professional Experience for your existing certifications. Our Continuing Education Credits are accepted by ISC2, CompTIA and ISACA. Assessing Network Vulnerabilities courses Assessing Network Vulnerabilities Training 4 Day Our Price: $2, COURSE DATES SEPT 3-6, 2013 APRIL 1-4, 2014 AUG 19-22, 2014 Security professionals are overwhelmed by abundant security advisories, intrusion and firewall alerts, and vulnerability reports. Knowledge of actual hacking techniques and scenarios permits a more effective response against the growing threats from Internet access and presence. The 4-day instructor led course exposes students to exploits and and teaches them how to run vulnerability scans to better secure networks, servers and workstations. In the course, students will learn how to: Assess the risk to your systems from vulnerabilities and exploit, Conduct vulnerability scans of your networks, servers and workstations, Integrate advisories and alerts into your security practices and procedures, Respond to evolving risk levels by prioritizing your defensive resources, and Manage an ongoing vulnerability assessment process. This Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material and other reference materials pre-loaded. Certification: You will receiver your Certificate of successful participation in this course, which will allow you to claim hours of Continuous Professional Experience for your existing certifications. Our Continuing Education Credits are accepted by ISC2, CompTIA and ISACA. 11
14 Ethical Hacking & Penetration Testing courses Ethical Hacking & Penetration Testing Training 4 Day Our Price: $2, COURSE DATES AUG 20-23, 2013 NOV 12-15, 2013 MAR 18-21, 2014 JUL 29-31, 2014 DEC 16-18, 2014 Vulnerability scanning and security audits alone will not ensure the security of an organization because they only test for currently known vulnerabilities with little to no analysis of how these vulnerabilities may be exploited. To ensure that systems are adequately protected, administrators must probe networks and assess the security posture for vulnerabilities and exposed surfaces while attempting to exploit them. Penetration testing fills a vital organizational need by confirming information security policies are both adequate and sufficiently implemented to protect against novel attacks. The 4-day Ethical Hacking & Penetration Testing course provides students with intermediate level training in hacking and penetration testing techniques. The training immerses each student into a hand-on interactive environment where they will learn how to scan and attack with the purpose of securing networks and information systems. The training course is lead by an experienced instructor and provides students practial exercises in the skills needed to test and protect today s sensitive networks and information systems. The course includes a combination of lecture and demonstrations designed around a virtual lab environment. Labs cover various scenarios that provide for robust and realistic hands-on experiences across a range of topic areas. Students will begin by understanding the five phases of hacking and will then be introduced to various tools and methods for conducting white hat system/network penetration testing. Through exposure to the types of methodologies and tools used by hackers, students obtain the skills needed to provide evidence of weaknesses and real assurance that current controls are working properly. The students will obtain the ability to quantitatively assess and measure threats to information assets and discover where an organization is most vulnerable to hacking. In addition, students will receive in-depth instruction on the ethics of hacking and penetration testing as well as how to develop appropriate rules of engagement. The goal of this course is to help the student master a repeatable, documentable penetration testing methodology that can be used in an ethical penetration testing or white hat hacking situation. This Courses Include the Following Takeaway Items and Certifications An Android tablet that is uploaded with our training material and other reference materials pre-loaded. Certification: You will receiver your Certificate of successful participation in this course, which will allow you to claim hours of Continuous Professional Experience for your existing certifications. Our Continuing Education Credits are accepted by ISC2, CompTIA and ISACA. 12
15 Our Mobile Courses Need your team trained? No time for travel? No Problem... We can come to you! Lunarline is a SDVOSB that is ISO 9001: 2008 certified and appraised at Maturity Level 2 of CMMI. Lunarline, Inc. courseware meets all of the elements of the Committee on National Security Systems (CNSS) National Training Standard for Information Systems Security (INFOSEC) Professionals, NSTISSI No. 4011, 4012 and Our Mobile courses are one of Lunarline s most popular offerings. With instruction delivered through-out the world, Lunarline provides the flexibility to train virtually anywhere. We understand that our customers support real time, mission critical operations and are not necessarily available to travel no problem, we ll bring the training to you. You will see that having Lunarline come to your location you will save you on costs and be able to train more of your employees at once. You will be able to provide a more customized course for your needs. Our mobile class includes an Instructor/Security Engineer, his travel costs, training material for each student and the instruction of your class. All of our Instructors are security engineers with certifications such as Security+, CAP, CISSP and more. They can offer you real world experience, which you don t always get from other training companies. Our mobile courses are highly specialized and can be tailored to your environment Service, system and situation specific needs will be considered. In fact, many of our Mobile courses culminate into a C&A strategy development for your system. We have tailored DIACAP, FISMA, and CNSS courses for DISA, Army CIO G6, Air Force, Army (CENTCOM, SOCOM, LIA, NETCOM), Navy (SPAWAR), JSF and PM-JAIT, DOL OIG, Aetna Healthcare, Philips Electronics, SRI International, Lockheed Martin, Northrop Grumman, and more. Need to keep your certification current? Lunarline classes can earn you your CPE s to your existing certifications with CompTIA, ISC2 and ISACA. 13
LUNARLINE: School of Cyber Security. Dedicated to providing excellence in Cyber Security Training Certifications. ISO 9001: 2008 Certified
LUNARLINE: School of Cyber Security Dedicated to providing excellence in Cyber Security Training Certifications ISO 9001: 2008 Certified Maturity Level 2 of CMMI Top 2% D&B Rating VA Certified Service
More informationThe Premier IA & Cyber Security Training Specialist
The Premier IA & Cyber Security Training Specialist ISO 9001: 2008 Certified Maturity Level 2 of CMMI Top 2% D&B Rating VA Certified Service Disabled Veteran Owned Small Business SDVOSB DCAA Approved Accounting
More informationHosted by Lunarline: School of Cyber Security
Hosted by Lunarline: School of Cyber Security Please Fax Government Purchase Orders and SF 182s To (22) 315-33 Cybersecurity is one of the hottest issues for today s Federal and DOD Agencies and commercial
More informationRisk Management Framework (RMF): The Future of DoD Cyber Security is Here
Risk Management Framework (RMF): The Future of DoD Cyber Security is Here Authors: Rebecca Onuskanich William Peterson 3300 N Fairfax Drive, Suite 308 Arlington, VA 22201 Phone: 571-481-9300 Fax: 202-315-3003
More informationC O R P O R AT E O V E R V I E W. a C y b e r S e c u r i t y a n d P r i v a c y C o m p a n y
C O R P O R AT E O V E R V I E W a C y b e r S e c u r i t y a n d P r i v a c y C o m p a n y Our Only Discipline is Cyber Security & Privacy Solutions Status: VA Certified Service Disabled Veteran Owned
More informationAccess FedVTE online at: fedvte.usalearning.gov
FALL 2015 Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk her e or email the Help Desk at support@usalearning.net. To speak with a Help Desk
More informationFedVTE Training Catalog SPRING 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SPRING 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov If you need any assistance please contact the FedVTE Help Desk here or email the
More informationFedVTE Training Catalog SUMMER 2015. advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov
FedVTE Training Catalog SUMMER 2015 advance. Free cybersecurity training for government personnel. fedvte.usalearning.gov Access FedVTE online at: fedvte.usalearning.gov If you need any assistance please
More informationCorporate Overview. MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.
Corporate Overview MindPoint Group, LLC 8078 Edinburgh Drive, Springfield, VA 22153 Office: 703.636.2033 Fax: 866.761.7457 www.mindpointgroup.com IS&P Practice Areas Core Competencies Clients & Services
More informationSecurity Control Standard
Department of the Interior Security Control Standard Security Assessment and Authorization January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior,
More informationStrategic Plan On-Demand Services April 2, 2015
Strategic Plan On-Demand Services April 2, 2015 1 GDCS eliminates the fears and delays that accompany trying to run an organization in an unsecured environment, and ensures that our customers focus on
More informationPolicy on Information Assurance Risk Management for National Security Systems
CNSSP No. 22 January 2012 Policy on Information Assurance Risk Management for National Security Systems THIS DOCUMENT PRESCRIBES MINIMUM STANDARDS YOUR DEPARTMENT OR AGENCY MAY REQUIRE FURTHER IMPLEMENTATION
More informationDIACAP Presentation. Presented by: Dennis Bailey. Date: July, 2007
DIACAP Presentation Presented by: Dennis Bailey Date: July, 2007 Government C&A Models NIST SP 800-37 - Guide for the Security Certification and Accreditation of Federal Information Systems NIACAP - National
More informationOverview. FedRAMP CONOPS
Concept of Operations (CONOPS) Version 1.0 February 7, 2012 Overview Cloud computing technology allows the Federal Government to address demand from citizens for better, faster services and to save resources,
More information2015 Security Training Schedule
2015 Security Training Schedule Risk Management Framework Course (RMF) / $1,950.00 Per Student Dates June 1-4 Location 4775 Centennial Blvd., Suite 103 / Colorado Springs, CO 80919 July 20 23 444 W. Third
More informationHackers are here. Where are you?
1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.
More informationSecurity Transcends Technology
INTERNATIONAL INFORMATION SYSTEMS SECURITY CERTIFICATION CONSORTIUM, INC. Career Enhancement and Support Strategies for Information Security Professionals Paul Wang, MSc, CISA, CISSP Paul.Wang@ch.pwc.com
More informationDISA releases updated DoD Cloud Requirements What are the impacts? James Leach January 2015
DISA releases updated DoD Cloud Requirements What are the impacts? James Leach January 2015 New leadership breeds new policies and different approaches to a more rapid adoption of cloud services for the
More informationData- Centric Enterprise Approach to Risk Management Gregory G. Jackson, Sr. Cyber Analyst Cyber Engineering Division Dynetics Inc.
Data- Centric Enterprise Approach to Risk Management Gregory G. Jackson, Sr. Cyber Analyst Cyber Engineering Division Dynetics Inc. May 2012 (Updated) About the Author Gregory G. Jackson is a senior cyber
More informationIT-CNP, Inc. Capability Statement
Securing America s Infrastructure Security Compliant IT Operations Hosting Cyber Security Information FISMA Cloud Management Hosting Security Compliant IT Logistics Hosting 1 IT-CNP, Inc. is a Government
More informationSecurity-as-a-Service (Sec-aaS) Framework. Service Introduction
Security-as-a-Service (Sec-aaS) Framework Service Introduction Need of Information Security Program In current high-tech environment, we are getting more dependent on information systems. This dependency
More informationReview of the SEC s Systems Certification and Accreditation Process
Review of the SEC s Systems Certification and Accreditation Process March 27, 2013 Page i Should you have any questions regarding this report, please do not hesitate to contact me. We appreciate the courtesy
More informationEC-Council. Certified Ethical Hacker. Program Brochure
EC-Council C Certified E Ethical Hacker Program Brochure Course Description The (CEH) program is the core of the most desired information security training system any information security professional
More informationHEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES
HEALTHCARE SECURITY AND PRIVACY CATALOG OF SERVICES OCTOBER 2014 3300 North Fairfax Drive, Suite 308 Arlington, Virginia 22201 USA +1.571.481.9300 www.lunarline.com OUR CLIENTS INCLUDE Contents Healthcare
More informationInformation Security Risk and Compliance Series Risking Your Business
Information Security Risk and Compliance Series Risking Your Business Sergio Saenz and Ron Nemes June 2015 Introduction As the DoD Information Assurance Certification and Accreditation Process (DIACAP)
More informationTOPSECRETPROTECTION.COM (TSP)
TOPSECRETPROTECTION.COM (TSP) OVERVIEW OF CYBER SECURITY-INFORMATION SYSTEMS SECURITY PROGRAM MANAGEMENT TRAINING COURSE CYBER SECURITY-ISSPM PROFESSIONAL CERTIFICATION Introduction To TSP TSP has over
More informationCisco Security Optimization Service
Cisco Security Optimization Service Proactively strengthen your network to better respond to evolving security threats and planned and unplanned events. Service Overview Optimize Your Network for Borderless
More informationHackers are here. Where are you?
1 2 What is EC-Council Certified Security Analyst Licensed Penetration Tester Program You are an ethical hacker. Your last name is Pwned. You dream about enumeration and you can scan networks in your sleep.
More information2014 Audit of the Board s Information Security Program
O FFICE OF I NSPECTOR GENERAL Audit Report 2014-IT-B-019 2014 Audit of the Board s Information Security Program November 14, 2014 B OARD OF G OVERNORS OF THE F EDERAL R ESERVE S YSTEM C ONSUMER FINANCIAL
More informationA Comprehensive Cyber Compliance Model for Tactical Systems
A Comprehensive Cyber Compliance Model for Tactical Systems Author Mark S. Edwards, CISSP/MSEE/MCSE Table of Contents July 28, 2015 Meeting Army cyber security goals with an IA advocate that supports tactical
More informationSOC & HIPAA Compliance
2014 All Rights Reserved ecfirst An ecfirst Case Study: SOC & HIPAA Compliance An ecfirst Case Study: Lunarline & HIPAA Compliance TABLE OF CONTENTS EXECUTIVE SUMMARY... 3 SECURITY OPERATIONS CENTER (SOC)...
More informationSocial Media Security Training and Certifications. Stay Ahead. Get Certified. Ultimate Knowledge Institute. ultimateknowledge.com
Ultimate Knowledge Institute ultimateknowledge.com Social Media Security Training and Certifications Social Media Security Professional (SMSP) Social Media Engineering & Forensics Professional (SMEFP)
More informationIndependent Security Operations Oversight and Assessment. Captain Timothy Holland PM NGEN
Independent Security Operations Oversight and Assessment Captain Timothy Holland PM NGEN 23 June 2010 Independent Security Operations Oversight and Assessment Will Jordan NGEN Cyber Security 23 June 2010
More informationNetwork Management and Defense Telos offers a full range of managed services for:
Network Management and Defense Telos offers a full range of managed services for: Network Management Operations Defense Cybersecurity and Information Assurance Software and Application Assurance Telos:
More informationCYBER SECURITY TRAINING SAFE AND SECURE
CYBER SECURITY TRAINING KEEPING YOU SAFE AND SECURE Experts in Cyber Security training. Hardly a day goes by without a cyber attack being reported. With this ever-increasing threat there is a growing need
More informationCHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION
CHAIRMAN OF THE JOINT CHIEFS OF STAFF INSTRUCTION Directive Current as of 19 November 2014 J-8 CJCSI 8410.02 DISTRIBUTION: A, B, C, JS-LAN WARFIGHTING MISSION AREA (WMA) PRINCIPAL ACCREDITING AUTHORITY
More informationCybersecurity Risk Management Activities Instructions Fiscal Year 2015
Cybersecurity Risk Management Activities Instructions Fiscal Year 2015 An effective risk management program and compliance with the Federal Information Security Management Act (FISMA) requires the U.S.
More informationIndependent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015
Independent Evaluation of NRC s Implementation of the Federal Information Security Modernization Act of 2014 for Fiscal Year 2015 OIG-16-A-03 November 12, 2015 All publicly available OIG reports (including
More informationUNCLASSIFIED. Trademark Information
SAMSUNG KNOX ANDROID 1.0 SECURITY TECHNICAL IMPLEMENTATION GUIDE (STIG) OVERVIEW Version 1, Release 1 3 May 2013 Developed by Samsung Electronics Co., Ltd.; Fixmo, Inc.; and General Dynamics C4 Systems,
More informationEsri Managed Cloud Services and FedRAMP
Federal GIS Conference February 9 10, 2015 Washington, DC Esri Managed Cloud Services and FedRAMP Erin Ross & Michael Young Agenda Esri Managed Services Program Overview Example Deployments New FedRAMP
More informationCyber-Security Assessment, Remediation, and Identity Protection, Monitoring, and Restoration Services
4937 Fargo Street North Charleston SC 29418 Phone 843.266.2330 Fax 843.266.2333 w w w. c o d e l y n x. c o m Request for Information: Cyber-Security Assessment, Remediation, and Identity Protection, Monitoring,
More informationInformation Technology Risk Management
Find What Matters Information Technology Risk Management Control What Counts The Cyber-Security Discussion Series for Federal Government security experts... by Carson Associates your bridge to better IT
More informationOut with. AP, In. with. (C&A) and (RMF) LUNARLINE, INC.. 571-481-9300
Out with the DIACA AP, In with the DIARMF Say Goodbye to Certificatio n and Accreditation (C&A) and Hello to the Risk Management Framework (RMF) Author: Rebecca Onuskanich Program Manager, Lunarline LUNARLINE,
More informationFedRAMP Standard Contract Language
FedRAMP Standard Contract Language FedRAMP has developed a security contract clause template to assist federal agencies in procuring cloud-based services. This template should be reviewed by a Federal
More informationContinuous Monitoring in a Risk Management Framework. US Census Bureau Oct 2012
Monitoring in a Risk Management Framework US Census Bureau Oct 2012 Agenda Drivers for Monitoring What is Monitoring Monitoring in a Risk Management Framework (RMF) RMF Cost Efficiencies RMF Lessons Learned
More informationU.S. FLEET CYBER COMMAND U.S. TENTH FLEET DoD RMF Transition
U.S. FLEET CYBER COMMAND U.S. TENTH FLEET DoD RMF Transition Dr. Charles Kiriakou, Ms. Kate Cunningham, Mr. Kevin Winters, & Mr. Carl Rice September 3, 2014 UNCLASSIFIED 1 Bottom Line Up Front (BLUF) The
More informationFedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO
FedRAMP Online Training Security Assessment Plan (SAP) Overview 12/9/2015 Presented by: FedRAMP PMO www.fedramp.gov www.fedramp.gov 1 Today s Training Welcome to Part Four of the FedRAMP Training Series:
More informationCloud Security for Federal Agencies
Experience the commitment ISSUE BRIEF Rev. April 2014 Cloud Security for Federal Agencies This paper helps federal agency executives evaluate security and privacy features when choosing a cloud service
More informationGet Confidence in Mission Security with IV&V Information Assurance
Get Confidence in Mission Security with IV&V Information Assurance September 10, 2014 Threat Landscape Regulatory Framework Life-cycles IV&V Rigor and Independence Threat Landscape Continuously evolving
More informationInformation Security for Managers
Fiscal Year 2015 Information Security for Managers Introduction Information Security Overview Enterprise Performance Life Cycle Enterprise Performance Life Cycle and the Risk Management Framework Categorize
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More information5 FAH-11 H-500 PERFORMANCE MEASURES FOR INFORMATION ASSURANCE
5 FAH-11 H-500 PERFORMANCE MEASURES FOR INFORMATION ASSURANCE 5 FAH-11 H-510 GENERAL (Office of Origin: IRM/IA) 5 FAH-11 H-511 INTRODUCTION 5 FAH-11 H-511.1 Purpose a. This subchapter implements the policy
More informationBuilding Security In:
#CACyberSS2015 Building Security In: Intelligent Security Design, Development and Acquisition Steve Caimi Industry Solutions Specialist, US Public Sector Cybersecurity September 2015 A Little About Me
More informationCyber R &D Research Roundtable
Cyber R &D Research Roundtable 2 May 2013 N A T I O N A L S E C U R I T Y E N E R G Y & E N V I R O N M E N T H E A L T H C Y B E R S E C U R I T Y Changing Environment Rapidly Evolving Threat Changes
More informationAn Overview of Information Security Frameworks. Presented to TIF September 25, 2013
An Overview of Information Security Frameworks Presented to TIF September 25, 2013 What is a framework? A framework helps define an approach to implementing, maintaining, monitoring, and improving information
More informationVA Data Breach Follow-Up. Adair Martinez, Deputy Assistant Secretary for Information Protection and Risk Management Department of Veterans Affairs
VA Data Breach Follow-Up Adair Martinez, Deputy Assistant Secretary for Information Protection and Risk Management Department of Veterans Affairs Incidents In The News - VA Is Not Alone Data HMO Report:
More informationAudit of the Board s Information Security Program
Board of Governors of the Federal Reserve System Audit of the Board s Information Security Program Office of Inspector General November 2011 November 14, 2011 Board of Governors of the Federal Reserve
More informationFISMA Cloud GovDataHosting Service Portfolio
FISMA Cloud Advanced Government Oriented Cloud Hosting Solutions Cyber FISMA Security Cloud Information Security Management Compliance Security Compliant Disaster Recovery Hosting Application Cyber Security
More informationSecurity Authorization Process Guide
Security Authorization Process Guide Office of the Chief Information Security Officer (CISO) Version 11.1 March 16, 2015 TABLE OF CONTENTS Introduction... 1 1.1 Background... 1 1.2 Purpose... 2 1.3 Scope...
More informationDEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1. 12 January 2015
DEPARTMENT OF DEFENSE (DoD) CLOUD COMPUTING SECURITY REQUIREMENTS GUIDE (SRG) Version 1, Release 1 12 January 2015 Developed by the Defense Information Systems Agency (DISA) for the Department of Defense
More information2012 FISMA Executive Summary Report
2012 FISMA Executive Summary Report March 29, 2013 UNITED STATES SECURITIES AND EXCHANGE COMMISSION WASHINGTON, D.C. 20549 OI'!'ICEOI' lnstfl! C1'0R GENERAt MEMORANDUM March 29,2013 To: Jeff Heslop, Chief
More informationFREQUENTLY ASKED QUESTIONS
FREQUENTLY ASKED QUESTIONS Continuous Monitoring 1. What is continuous monitoring? Continuous monitoring is one of six steps in the Risk Management Framework (RMF) described in NIST Special Publication
More informationNICE and Framework Overview
NICE and Framework Overview Bill Newhouse NIST NICE Leadership Team Computer Security Division Information Technology Lab National Institute of Standards and Technology TABLE OF CONTENTS Introduction to
More informationVulnerability management lifecycle: defining vulnerability management
Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By
More informationSECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK
SECURITY CONTROLS AND RISK MANAGEMENT FRAMEWORK BACKGROUND The National Institute of Standards and Technology (NIST) Special Publication 800-53 defines a comprehensive set of controls that is the basis
More informationThe ICS Approach to Security-Focused IT Solutions
The ICS Approach to Security-Focused IT Solutions for the State of Mississippi ICS offers a dynamic and comprehensive portfolio of security-driven IT solutions for the State of Mississippi. Taking a proactive
More informationNETWORK PENETRATION TESTING
Tim West Consulting 6807 Wicklow St. Arlington, TX 76002 817-228-3420 Twest@timwestconsulting.com OVERVIEW Tim West Consulting Tim West Consulting is a full service IT security and support firm that specializes
More informationInformation Systems Security Certificate Program
Information Technologies Programs Information Systems Security Certificate Program Accelerate Your Career extension.uci.edu/infosec University of California, Irvine Extension s professional certificate
More informationOFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700
OFFICE OF THE SECRETARY OF DEFENSE 1700 DEFENSE PENTAGON WASHINGTON, DC 20301-1700 OPERATIONAL TEST AND EVALUATION AUG 0 1 2014 MEMORANDUM FOR COMMANDER, ARMY TEST AND EVALUATION COMMAND COMMANDER, AIR
More informationCompliance Risk Management IT Governance Assurance
Compliance Risk Management IT Governance Assurance Solutions That Matter Introduction to Federal Information Security Management Act (FISMA) Without proper safeguards, federal agencies computer systems
More informationSolving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense
Solving the CIO s Cybersecurity Dilemma: 20 Critical Controls for Effective Cyber Defense John M. Gilligan Information systems Security Association National Capital Chapter January 19, 2010 1 Topics Background
More informationNational Information Assurance Certification and Accreditation Process (NIACAP)
NSTISSI No. 1000 April 2000 National Information Assurance Certification and Accreditation Process (NIACAP) THIS DOCUMENT PROVIDES MINIMUM STANDARDS. FURTHER INFORMATION MAY BE REQUIRED BY YOUR DEPARTMENT
More informationContinuous Network Monitoring
Continuous Network Monitoring Eliminate periodic assessment processes that expose security and compliance programs to failure Continuous Network Monitoring Continuous network monitoring and assessment
More informationIBM Internet Security Systems October 2007. FISMA Compliance A Holistic Approach to FISMA and Information Security
IBM Internet Security Systems October 2007 FISMA Compliance A Holistic Approach to FISMA and Information Security Page 1 Contents 1 Executive Summary 1 FISMA Overview 3 Agency Challenges 4 The IBM ISS
More informationAccenture Cyber Security Transformation. October 2015
Accenture Cyber Security Transformation October 2015 Today s Presenter Antti Ropponen, Nordic Cyber Defense Domain Lead Accenture Nordics Antti is a leading consultant in Accenture's security consulting
More informationRisk Management Guide for Information Technology Systems. NIST SP800-30 Overview
Risk Management Guide for Information Technology Systems NIST SP800-30 Overview 1 Risk Management Process that allows IT managers to balance operational and economic costs of protective measures and achieve
More informationSPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles
PNNL-24138 SPSP Phase III Recruiting, Selecting, and Developing Secure Power Systems Professionals: Job Profiles March 2015 LR O Neil TJ Conway DH Tobey FL Greitzer AC Dalton PK Pusey Prepared for the
More informationHow to use the National Cybersecurity Workforce Framework. Your Implementation Guide
How to use the National Cybersecurity Workforce Framework Your Implementation Guide A NATIONAL PROBLEM The Nation needs greater cybersecurity awareness. The US workforce lacks cybersecurity experts. Many
More informationCertified Information Security Manager (CISM)
Certified Information Security Manager (CISM) Course Introduction Course Introduction Domain 01 - Information Security Governance Lesson 1: Information Security Governance Overview Information Security
More informationHow To Evaluate A Dod Cyber Red Team
CHAIRMAN OF THE JOINT CHIEFS OF STAFF MANUAL J-6 CJCSM 6510.03 DISTRIBUTION: A, B, C DEPARTMENT OF DEFENSE CYBER RED TEAM CERTIFICATION AND ACCREDITATION Reference(s): Enclosure F. 1. Purpose a. This manual,
More informationLINUX / INFORMATION SECURITY
LINUX / INFORMATION SECURITY CERTIFICATE IN LINUX SYSTEM ADMINISTRATION The Linux open source operating system offers a wide range of graphical and command line tools that can be used to implement a high-performance,
More informationHow SPAWAR s Information Technology & Information Assurance Technical Authority Support Navy Cybersecurity Objectives
How SPAWAR s Information Technology & Information Assurance Technical Authority Support Navy Cybersecurity Objectives DON IT Conference // AFCEA West 2015 Presented by: RDML John Ailes Chief Engineer SPAWAR
More informationCertification Programs
Certification Programs 2014 The SBS Institute serves community banks by providing educational programs that will certify a banker has the knowledge and skills to protect against todays information security
More informationDoD IA Training Products, Tools Integration, and Operationalization
Defense Information Systems Agency A Combat Support Agency DoD IA Training Products, Tools Integration, and Operationalization Roger S. Greenwell, CISSP, CISA, CISM Technical Director / Capabilities Implementation
More informationEC-Council Certified Security Analyst (ECSA)
EC-Council Certified Security Analyst (ECSA) v8 Eğitim Tipi ve Süresi: 5 Days VILT 5 Day VILT EC-Council Certified Security Analyst (ECSA) v8 Learn penetration testing methodologies while preparing for
More informationGUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT
GUIDE TO INFORMATION SECURITY TESTING AND ASSESSMENT Shirley Radack, Editor Computer Security Division Information Technology Laboratory National Institute of Standards and Technology A comprehensive approach
More informationSTIGs,, SCAP and Data Metrics
Defense Information Systems Agency A Combat Support Agency STIGs,, SCAP and Data Metrics Roger S. Greenwell, CISSP, CISA, CISM Technical Director / Capabilities Implementation Division DISA Field Security
More informationEnterprise Continuous Monitoring Bridging Shared Services, Clouds, and In-House Solutions
Enterprise Continuous Monitoring Bridging Shared Services, Clouds, and In-House Solutions Benjamin Bergersen Certified in the Governance of Enterprise IT - CGEIT Certified Information Systems Security
More informationDEPARTMENT OF VETERANS AFFAIRS VA HANDBOOK 6500.5 INCORPORATING SECURITY AND PRIVACY INTO THE SYSTEM DEVELOPMENT LIFE CYCLE
DEPARTMENT OF VETERANS AFFAIRS VA HANDBOOK 6500.5 Washington, DC 20420 Transmittal Sheet March 22, 2010 INCORPORATING SECURITY AND PRIVACY INTO THE SYSTEM DEVELOPMENT LIFE CYCLE 1. REASON FOR ISSUE: This
More informationManaging Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services
Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult
More informationCS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool
INL/CON-07-12810 PREPRINT CS 2 SAT: The Control Systems Cyber Security Self-Assessment Tool ISA Expo 2007 Kathleen A. Lee January 2008 This is a preprint of a paper intended for publication in a journal
More informationDepartment of Homeland Security Federal Government Offerings, Products, and Services
Department of Homeland Security Federal Government Offerings, Products, and Services The Department of Homeland Security (DHS) partners with the public and private sectors to improve the cybersecurity
More informationCONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL
CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to
More informationRaytheon Secure Systems and Networks
Technology Today HIGHLIGHTING RAYTHEON S TECHNOLOGY 2007 Issue 2 Raytheon Secure s and Networks Delivering Mission Assurance in a Hostile Cyberspace Feature Ensuring That Our s Can Be Trusted The systems
More informationApplying the DOD Information Assurance C&A Process (DIACAP) Overview
Applying the DOD Information Assurance C&A Process (DIACAP) Overview C&A, Risk, and the System Life Cycle 2006 Hatha Systems Agenda Part 1 Part 2 Part 3 The C&A Challenge DOD s IA Framework Making C&A
More informationDEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000
DEPARTMENT OF DEFENSE 6000 DEFENSE PENTAGON WASHINGTON, D.C. 20301-6000 NOV 1 0 2015 CHIEF INFORMATION OFFICER MEMORANDUM FOR ASSISTANT SECRETARY OF THE ARMY FOR ACQUISITION, LOGISTICS AND TECHNOLOGY ASSIST
More informationEC-Council C E. Hacking Technology. v8 Certified Ethical Hacker
EC-Council Hacking Technology C Certified E Ethical Hacker Certified Ethical Hacker v8 Certified Ethical Hacker Course Description CEHv8 is a comprehensive Ethical Hacking and Information Systems Security
More informationEPA Classification No.: CIO-2150.3-P-04.1 CIO Approval Date: 08/06/2012 CIO Transmittal No.: 12-003 Review Date: 08/06/2015
Issued by the EPA Chief Information Officer, Pursuant to Delegation 1-19, dated 07/07/2005 INFORMATION SECURITY INTERIM SECURITY ASSESSMENT AND AUTHORIZATION PROCEDURES V2 JULY 16, 2012 1. PURPOSE The
More informationSecurity Control Standard
Department of the Interior Security Control Standard Risk Assessment January 2012 Version: 1.2 Signature Approval Page Designated Official Bernard J. Mazer, Department of the Interior, Chief Information
More information