The access to this course is restricted to eForensics Premium or IT Pack Premium Subscription


Risk management is the primary process in cloud forensics. Identifying evidence of malfeasance and malware is critical in uncovering digital evidence. Risk management is the first stage of analysis. When risk management has been established as a stage of analysis, an assessment must be conducted for the prospective cloud environment. The associated controls for providing digital forensic analysis are selected according to mitigation features that will permit optimal security and privacy. Controls are selected under the Control Objectives for Information and Technology (COBIT). COBIT 5 is the method for identifying controls and assurances for the cloud environment. Cloud computing requires investigative and forensic methodologies. Understanding the hypervisor as the host operating system to perform the allocation of resources is covered in this course. Its use as the pivotal control for intrusion detection is essential for setting up the forensic review procedures identified in this training.


What will you learn?

  • Risk management: Establishing risk management in the cloud
  • Risk assessment: Evaluating cloud vulnerabilities and threats
  • COBIT 5 control and assessment
  • Preparing baseline for the cloud service: Intrusion detection and the hypervisor
  • Procedures for conducting digital forensics in the cloud

What skills will you gain?

  • Students will learn to establish a viable risk management procedures for the cloud
  • Students will establish baselines for cloud services
  • Students will become proficient with the protocol for procedures in conducting digital forensics for intrusion detection systems

What will students need?

  • Laptop or desktop with internet access is required
  • Current operating system of Windows 7 or Windows 10

What students should you know before you join?

  • Students must have a working knowledge of risk management, security control assignment according to NIST 800-53 rev 4 and general knowledge of privacy controls and requirements.

Your instructor: 

Nancy M Landreville

NancyProfessor and CEO/CISO of NML Computer Consulting Co., LLC, Nancy M Landreville is a recognized leader in industry, military, government, and academia. Professor Landreville is frequently requested as a speaker, lecturer, workshop designer, curriculum designer, course developer, consultant in industry best practices, and author.

Venues include:

  • Academy of Management
  • International Academy of Management
  • IEEE (editor and contributing author)
  • ISACA (subject matter expert reviews)
  • ISC2 (contributing editor)
  • GovSec (subject matter expert)
  • National Institute Science and Technology (NIST) (contributor, editor, speaker, consultant)
  • Cap-Sci (author of Geothermal Energy implementation)
  • Cloud Security Alliance (Canada) (speaker), plus Pen-Test magazine and book author on e-discovery.

She is one of the officers with the Academy of Management, Organizational Division where she serves as the newsletter editor. She was a presenter at VA’s Annual Security Conference on Cloud Computing. Professor Landreville has over a decade in providing consulting services for industry at a level comparable to a government SES; decades of combined military service with the Navy and Army; several decades of higher level government service in information technology; and eight years as a college professor in cybersecurity and information assurance. As a veteran and volunteer with “Bugles across America,” Professor Landreville sounds taps as a volunteer at veteran funerals and other occasions including Memorial and Veterans Day.

She has pursued two doctorates simultaneously from 2006 (Doctor of Management and PhD in Applied Management and Decision Science; two Master degrees (Technology Management and Master of Business Administration); two Bachelor degrees (Information Systems Management and Law); several information technology certificates and miscellaneous certifications while working full time and serving her country as a reservist.


Syllabus

Module 1: Risk management

Establishing risk management in the cloud

Module 1 covered topics:

  • Executive Order on Improving Critical Infrastructure – Cybersecurity
  • Review of NIST Special Publication 800-39 on guidance for an integrated, organization-wide program for managing information security risk – an operational perspective

Module 1 exercises:

  • Map indicators, threats, and vulnerabilities to organization mission and operations

Module 2: Risk assessment

Evaluating cloud vulnerabilities and threats

Module 2 covered topics:

  • Review of NIST Special Publication 800-53 rev 4 on Security and Privacy controls
  • Review of FIPS 199 and 200

Module 2 exercises:

  • Prepare a cloud baseline according to the requirements of FIPS and guidance of NIST

Module 3: COBIT 5 control and assessment

Create a control and assessment decision tree

Module 3 covered topics:

  • Risk assessment when migrating to the cloud
  • Governance and management to the cloud
  • Security considerations
  • Assurance in cloud computing

Module 3 exercises:

  • Cloud risk scenarios

Module 4: Intrusion detection and the hypervisor

Develop an intrusion detection system guided by hypervisor instructions

Module 4 covered topics:

  • Establish an intrusion detection system
  • Assess a vulnerability scanning program
  • Detecting threats and protocols for response
  • Making use of the DMZ
  • Hypervisor functionality
  • Security and policy requirements for intrusion detection and hypervisor operations

Module 4 exercises:

  • Create a network diagram plan for intrusion detection and hypervisor operations

Module 5: Procedures for conducting digital forensics in the cloud

Develop processes for conducting forensics as identified in the intrusion detection system

Module 5 covered topics:

  • Incident response process
  • Forensic methodologies
  • Evaluating network traffic
  • Evidence capture
  • Flow analytics to identify threats
  • Investigation methodology

Module 5 exercises:

  • Forensic life cycle

Module 6: Examination

25 Question examination of 5 questions per module. Passing score is 80%.


Contact:

If you have any questions, please contact us at [email protected].

Course Reviews

5

5
1 ratings
  • 5 stars1
  • 4 stars0
  • 3 stars0
  • 2 stars0
  • 1 stars0
  1. Excellent course that provides much insight into digital review procedures in the Cloud

    5

    The self-paced structure of this course allows students to move at their own pace. What is most advantageous about this format, is that students can take time to focus on areas of greater interest, and to delve into areas related more specifically to their own needs. Questions are fair and cause students to ensure they have a good grasp on the course materials.
    Job well done by the team at eForensics.
    Chris Kayser
    Cybercriminologist
    Cybercrime Analytics Inc.
    Calgary, Alberta, Canada

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023