Online Cloud Security Risk Management Methodology
Level: Intermediate
Become a Job-Ready Certified Cloud Risk Management Professional (CCRMP). To prevent the $2.1T in projected cyber breaches, employers need Certified Cloud Risk Management Professionals who have demonstrated they can implement the NIST Risk Management Framework and FedRAMP. The NIST Risk Management Framework (RMF) and the Federal Risk and authorization Management Program (FedRAMP) are the de facto standards utilized for cloud security risk management in the U.S. today.
To address accelerating cyber staffing shortages, Mission Critical Institute (MCI) established the CCRMP to provide employers and candidates a performance-based cloud security certification.
As an MCI authorized training partner, Learning Tree can help you earn the CCRMP through five courses that ensure you acquire hands-on project experience in implementing the NIST RMF and FedRAMP.
This is the second of five courses that help you earn CCRMP certification.
Key Features of this Cloud Security Risk Management Methodology Course:
- 100% hands-on projects — no exams
- Validation you are NIST RMF/FedRAMP job-ready
- Certified NIST RMF/FedRAMP practitioner instructors
- NIST RMF/FedRAMP project experience employers seek
- Recognition of curriculum by Department of Homeland Security
You Will Learn How To:
- Prepare and develop a Security Assessment Plan (SAP)
- Create a Security Assessment Report (SAR)
- Develop a Plan of Action and Milestones (POA&M)
- Compile and submit an Authorization to Operate (ATO) package
- Implement the Information System Continuous Monitoring (ISCM) processes
- Update Systems Security Plan (SSP) utilizing selected controls and overlays
- Draft Risk Management Framework (RMF) transition strategy
- Reason analytically and apply framework across interdisciplinary boundaries to solve problems and create innovative solutions
- Communicate and negotiate effectively in business and professional settings
Choose the CCRMP Training Solution That Best Fits Your Individual Needs or Organizational Goals
ONLINE, INSTRUCTOR-LED
Online Instruction + Live Seminars
- 8 weeks of "anywhere anytime" online instruction plus 4 live, online seminars
- Earn academic credits for your accredited cloud security degree
- Complete your 100% hands-on CCRMP certification
- Tuition can be paid later by invoice -OR- at the time of checkout by credit card
TRAINING AT YOUR SITE
Team Training
- Bring this or any training to your organization
- Full - scale program development
- Delivered when, where, and how you want it
- Blended learning models
- Tailored content
- Expert team coaching
Contact Us for Team Pricing
GET STARTEDSave More On Training with FlexVouchers – A Unique Training Savings Account
Our FlexVouchers help you lock in your training budgets without having to commit to a traditional 1 voucher = 1 course classroom-only attendance. FlexVouchers expand your purchasing power to modern blended solutions and services that are completely customizable. For details, please call 888-843-8733 or chat live.
Online Instruction + Live Seminars
-
Nov 5 - Dec 30 (Multiple*)
9:00 AM - 5:00 PM EST Online (AnyWare) Reserve Your Seat -
Mar 18 - May 12 (Multiple*)
9:00 AM - 5:00 PM EDT Online (AnyWare) Reserve Your Seat -
May 13 - Jul 7 (Multiple*)
9:00 AM - 5:00 PM EDT Online (AnyWare) Reserve Your Seat -
Jul 8 - Sep 1 (Multiple*)
9:00 AM - 5:00 PM EDT Online (AnyWare) Reserve Your Seat
Guaranteed to Run
When you see the "Guaranteed to Run" icon next to a course event, you can rest assured that your course event — date, time, location — will run. Guaranteed.Cloud Security Risk Management Course Information
-
Cloud Security Risk Management Course Description
Integrating enterprise and cloud systems risk management, students apply the NIST RMF steps 4-6 and corresponding /FedRAMP steps 2-4 as they complete project deliverables and communicate project results. In addition, students develop in-depth analytic competencies.
-
Course Deliverables
- Security Assessment Plan
- Conduct Security Assessment
- Security Assessment Report (SAR)
- Update System Security Plan (SSP)
- Plan of Action and Milestones (POA&M)
- Compile ATO or Security Authorization Package for On-Premise/ Cloud Systems
- Information Security Continuous Monitoring (ISCM) Plan
-
Prerequisites
Attendees must take the five courses in the CCRMP certification course series in order. Before attending this course, attendees must first successfully complete the following course:
Online Cloud Security Risk Management Policy and Methods Review • Course 2095 -
Course Schedule
The flexible, online 8-week course schedule enables you to collaborate with your instructor and fellow students to acquire the cloud security risk management expertise employers seek.
Asynchronous Threaded Discussions
Each week’s discussion threads focus on a specific cloud security risk management concept. You can participate in these discussions anytime, anywhere as you interact with your instructor and fellow students online.Four Live Virtual Seminars
At 10 a.m. ET on alternate Saturdays you will participate in live-online interactive sessions led by your expert, practitioner instructor. Recordings of each session will be available to you.Virtual Office Hours
To further enhance your learning experience, you may communicate with your instructor during weekly virtual office hours. -
Course Materials
- Broad, J. (2013). Risk Management Framework: A Lab-Based Approach to Securing Information Systems. Imprint: Syngress.
E-Book ISBN: 9780124047235
Print Book ISBN: 9781597499958
Cost: $50.00 USD
- The course also contains links to a Course Webliography for required readings.
- Broad, J. (2013). Risk Management Framework: A Lab-Based Approach to Securing Information Systems. Imprint: Syngress.
-
Coursework
Students will work with their NIST RMF/FedRAMP practitioner instructor to produce NIST RMF/FedRAMP projects by participating in weekly virtual discussions, as well as completing weekly assignments and project reports. They will attend bi-weekly, live virtual seminars led by their instructor.
-
Software/Hardware Required
- Access to Microsoft Office, including Word, Excel, and a PDF reader.
- Access to high-speed internet connection.
- A headset with microphone is recommended; using built-in speakers/microphone causes echo issues. Headsets give participants complete interaction with the instructor and other students.
Cloud Security Risk Management Course Outline
-
Cloud Security Risk Management Course Outline Information
Overview of NIST Special Publications, FedRAMP, and other governmental guidance and policies pertaining to cloud security risk management. Understand Authorization to Operate Package (ATO) completion, including system test plan development, security assessment report, plan of action and milestones (POA&M) and NIST RMF transition strategy.
-
Prepare and Develop a Security Assessment Plan (SAP)
- Analyze a complete System Security Plan (SSP)
- Discuss and negotiate rules of behavior with a third-party assessor (3PAO)
- Analyze a system or application for Security Assessment Plan (SAP)
-
Create a Security Assessment Report (SAR)
- Components of a Security Assessment Report (SAR)
- Results compilation
-
Develop a Plan of Action and Milestones (POA&M)
- Determine remediation tasks based on security assessment results
- Determine timelines and deadlines for each task
- Produce a completed POA&M template
-
Compile and Submit an Authorization to Operate (ATO) Package
- Components of a complete Authorization to Operate (ATO) package
- Compile an ATO Package in compliance with policies and regulations
- Create an ATO cover letter
-
Implement the Information Security Continuous Monitoring (ISCM) Processes
- Analyze and evaluate the Information Security Continuous Monitoring (ISCM) processes
- Role of security assessment and the Security Control Assessor in the continuous monitoring process
- Apply system changes to case scenario
- Audit process and elements that could trigger an audit
-
Update Systems Security Plan (SSP) Utilizing Selected Controls and Overlays
- Ongoing security posture
- Evaluate and report proposed changes to the information system during continuous monitoring
-
Draft Risk Management Framework (RMF) Transition Strategy
- Organizational strategy for transitioning to the NIST RMF and FedRAMP
- Conduct research and make recommendations to address organizational risk management issues
Team Training
Cloud Security Risk Management Course FAQs
-
Who should become a CCRMP?
Individuals seeking to advance in cybersecurity risk management to positions in which the NIST RMF/FedRAMP is utilized to secure integrated cloud and on-premise systems in the following sectors:
- Systems Integrators
- Federal Civilian, DoD, and Intelligence Communities
- Critical Infrastructure Protection
- Financial Services
- HIPAA
- And More
-
What are the eligibility requirements for CCRMP certification?
Eligibility for the CCRMP Certification
To receive the CCRMP certification, applicants must:- Demonstrate competency with the CCRMP Common Body of Practice by producing specified NIST RMF/FedRAMP deliverables.
- Have five years of relevant technical experience or substitute a bachelor's degree for two years of relevant experience.
Demonstration of CCRMP CBP Competencies
To demonstrate mastery of the CCRMP CBP, applicants produce the deliverables by:- Satisfactorily completing an MCI-approved cybersecurity/cloud security risk management curriculum, offered through an MCI academic partner.
Or - Submitting a portfolio of project deliverables that demonstrates the mastery of CBP competencies.
For details, please review the CCRMP Policies and Procedures ›
-
Which courses can help me earn CCRMP certification?
Mission Critical Institute offers a five-course learning pathway to help you earn your CCRMP certification. The courses must be take in this order:
- Course 1: Online Cloud Security Risk Management Policy and Methods Review
- Course 2: Online Cloud Security Risk Management Methodology
- Course 3: Online Cloud Security Risk Management Practicum I
- Course 4: Online Cloud Security Risk Management Practicum II
- Course 5: Online Cloud Security Vulnerability Management
-
What is the Mission Critical Institute?
The Mission Critical Institute advances cybersecurity careers and thought leadership by developing career-focused cybersecurity education and training programs for use by universities and cybersecurity employers. In addition, MCI provides strategic cybersecurity consulting services to employers and higher education institutions.
-
What is the NIST RMP and FedRAMP?
The NIST Risk Management Framework (RMF) and the Federal Risk and Authorization Management Program (FedRAMP) are the de facto standards utilized for cloud security risk management in the U.S. today. To address accelerating cyber staffing shortages, Mission Critical Institute (MCI) established the CCRMP to provide employers and candidates a performance-based cloud security certification.
-
Are there any extra costs associated with this course?
There is no extra fee associated with this course.
-
Is this a self-paced course?
No, it is not 100% self-paced. In weeks 1, 3, 5 and 7 students must attend a 2 hour live virtual seminar on Saturdays from 10am -12. This course is in 8 modules, one module per week. Assignments are due at the end of each module – so this is not self-paced, although it is online, and therefore allows for flexibility with the learner’s schedule. On Saturdays, there is the live virtual instruction – which includes content and Q&A.M
-
Is pre-payment required?
Yes. Additionally, there are no refunds once the course begins.
-
Is there an application process students need to go through to qualify for the certification?
Yes there is an application required. The application fee is waived for students who successfully complete the 5 courses through Learning Tree.
-
What is the cancellation policy?
You must cancel 2 weeks prior to class to receive a refund. After that, students who cannot attend this course, can attend a future scheduled same course.
