The access to this course is restricted to eForensics Premium or IT Pack Premium Subscription
Risk management is the primary process in cloud forensics. Identifying evidence of malfeasance and malware is critical in uncovering digital evidence. Risk management is the first stage of analysis. When risk management has been established as a stage of analysis, an assessment must be conducted for the prospective cloud environment. The associated controls for providing digital forensic analysis are selected according to mitigation features that will permit optimal security and privacy. Controls are selected under the Control Objectives for Information and Technology (COBIT). COBIT 5 is the method for identifying controls and assurances for the cloud environment. Cloud computing requires investigative and forensic methodologies. Understanding the hypervisor as the host operating system to perform the allocation of resources is covered in this course. Its use as the pivotal control for intrusion detection is essential for setting up the forensic review procedures identified in this training.
What will you learn?
- Risk management: Establishing risk management in the cloud
- Risk assessment: Evaluating cloud vulnerabilities and threats
- COBIT 5 control and assessment
- Preparing baseline for the cloud service: Intrusion detection and the hypervisor
- Procedures for conducting digital forensics in the cloud
What skills will you gain?
- Students will learn to establish a viable risk management procedures for the cloud
- Students will establish baselines for cloud services
- Students will become proficient with the protocol for procedures in conducting digital forensics for intrusion detection systems
What will students need?
- Laptop or desktop with internet access is requiredC
- Current operating system of Windows 7 or Windows 10
What students should you know before you join?
- Students must have a working knowledge of risk management, security control assignment according to NIST 800-53 rev 4 and general knowledge of privacy controls and requirements.
Nancy M Landerville
Professor and CEO/CISO of NML Computer Consulting Co., LLC, Nancy M Landreville is a recognized leader in industry, military, government, and academia. Professor Landreville is frequently requested as a speaker, lecturer, workshop designer, curriculum designer, course developer, consultant in industry best practices, and author.
- Academy of Management
- International Academy of Management
- IEEE (editor and contributing author)
- ISACA (subject matter expert reviews)
- ISC2 (contributing editor)
- GovSec (subject matter expert)
- National Institute Science and Technology (NIST) (contributor, editor, speaker, consultant)
- Cap-Sci (author of Geothermal Energy implementation)
- Cloud Security Alliance (Canada) (speaker), plus Pen-Test magazine and book author on e-discovery.
She is one of the officers with the Academy of Management, Organizational Division where she serves as the newsletter editor. She was a presenter at VA’s Annual Security Conference on Cloud Computing. Professor Landreville has over a decade in providing consulting services for industry at a level comparable to a government SES; decades of combined military service with the Navy and Army; several decades of higher level government service in information technology; and eight years as a college professor in cybersecurity and information assurance. As a veteran and volunteer with “Bugles across America,” Professor Landreville sounds taps as a volunteer at veteran funerals and other occasions including Memorial and Veterans Day.
She has pursued two doctorates simultaneously from 2006 (Doctor of Management and PhD in Applied Management and Decision Science; two Master degrees (Technology Management and Master of Business Administration); two Bachelor degrees (Information Systems Management and Law); several information technology certificates and miscellaneous certifications while working full time and serving her country as a reservist.
Module 1: Risk management
Establishing risk management in the cloud
Module 1 covered topics:
- Executive Order on Improving Critical Infrastructure – Cybersecurity
- Review of NIST Special Publication 800-39 on guidance for an integrated, organization-wide program for managing information security risk – an operational perspective
Module 1 exercises:
- Map indicators, threats, and vulnerabilities to organization mission and operations
Module 2: Risk assessment
Evaluating cloud vulnerabilities and threats
Module 2 covered topics:
- Review of NIST Special Publication 800-53 rev 4 on Security and Privacy controls
- Review of FIPS 199 and 200
Module 2 exercises:
- Prepare a cloud baseline according to the requirements of FIPS and guidance of NIST
Module 3: COBIT 5 control and assessment
Create a control and assessment decision tree
Module 3 covered topics:
- Risk assessment when migrating to the cloud
- Governance and management to the cloud
- Security considerations
- Assurance in cloud computing
Module 3 exercises:
- Cloud risk scenarios
Module 4: Intrusion detection and the hypervisor
Develop an intrusion detection system guided by hypervisor instructions
Module 4 covered topics:
- Establish an intrusion detection system
- Assess a vulnerability scanning program
- Detecting threats and protocols for response
- Making use of the DMZ
- Hypervisor functionality
- Security and policy requirements for intrusion detection and hypervisor operations
Module 4 exercises:
- Create a network diagram plan for intrusion detection and hypervisor operations
Module 5: Procedures for conducting digital forensics in the cloud
Develop processes for conducting forensics as identified in the intrusion detection system
Module 5 covered topics:
- Incident response process
- Forensic methodologies
- Evaluating network traffic
- Evidence capture
- Flow analytics to identify threats
- Investigation methodology
Module 5 exercises:
- Forensic life cycle
Module 6: Examination
25 Question examination of 5 questions per module. Passing score is 80%.