Online Cloud Security Risk Management Methodology

Integrating enterprise and cloud systems risk management, students apply the NIST RMF steps 4-6 and corresponding /FedRAMP steps 2-4 as they complete project deliverables and communicate project results. In addition, students develop in-depth analytic competencies.

• Security Assessment Plan
• Conduct Security Assessment
• Security Assessment Report (SAR)
• Update System Security Plan (SSP)
• Plan of Action and Milestones (POA&M)
• Compile ATO or Security Authorization Package for On-Premise/ Cloud Systems
• Information Security Continuous Monitoring (ISCM) Plan

Attendees must take the five courses in the CCRMP certification course series in order. Before attending this course, attendees must first successfully complete the following course:

Online Cloud Security Risk Management Policy and Methods Review • Course 2095

The flexible, online 8-week course schedule enables you to collaborate with your instructor and fellow students to acquire the cloud security risk management expertise employers seek.

Asynchronous Threaded Discussions
Each week’s discussion threads focus on a specific cloud security risk management concept. You can participate in these discussions anytime, anywhere as you interact with your instructor and fellow students online.

Four Live Virtual Seminars
At 10 a.m. ET on alternate Saturdays you will participate in live-online interactive sessions led by your expert, practitioner instructor. Recordings of each session will be available to you.

Virtual Office Hours
To further enhance your learning experience, you may communicate with your instructor during weekly virtual office hours.

• Broad, J. (2013). Risk Management Framework: A Lab-Based Approach to Securing Information Systems. Imprint: Syngress.
  E-Book ISBN: 9780124047235
  Print Book ISBN: 9781597499958
  Cost: $50.00 USD
   
• The course also contains links to a Course Webliography for required readings.

Students will work with their NIST RMF/FedRAMP practitioner instructor to produce NIST RMF/FedRAMP projects by participating in weekly virtual discussions, as well as completing weekly assignments and project reports. They will attend bi-weekly, live virtual seminars led by their instructor.

• Access to Microsoft Office, including Word, Excel, and a PDF reader.
• Access to high-speed internet connection.
• A headset with microphone is recommended; using built-in speakers/microphone causes echo issues. Headsets give participants complete interaction with the instructor and other students.

Overview of NIST Special Publications, FedRAMP, and other governmental guidance and policies pertaining to cloud security risk management. Understand Authorization to Operate Package (ATO) completion, including system test plan development, security assessment report, plan of action and milestones (POA&M) and NIST RMF transition strategy.

• Analyze a complete System Security Plan (SSP)
• Discuss and negotiate rules of behavior with a third-party assessor (3PAO)
• Analyze a system or application for Security Assessment Plan (SAP)

• Components of a Security Assessment Report (SAR)
• Results compilation

• Determine remediation tasks based on security assessment results
• Determine timelines and deadlines for each task
• Produce a completed POA&M template

• Components of a complete Authorization to Operate (ATO) package
• Compile an ATO Package in compliance with policies and regulations
• Create an ATO cover letter

• Analyze and evaluate the Information Security Continuous Monitoring (ISCM) processes
• Role of security assessment and the Security Control Assessor in the continuous monitoring process
• Apply system changes to case scenario
• Audit process and elements that could trigger an audit

• Ongoing security posture
• Evaluate and report proposed changes to the information system during continuous monitoring

• Organizational strategy for transitioning to the NIST RMF and FedRAMP
• Conduct research and make recommendations to address organizational risk management issues