Risk Management Framework Bootcamp

FUSION CYBER

PROGRAM EXAMPLES AND DETAILS

 

Fusion Cyber creates Public-private partnerships with leading Universities & Colleges, and corporations to solve the Cyber talent gap. We provide 10-week and 24-week Online/Hybrid boot camps taught by practitioners. Many also integrate the curriculum into existing associate, bachelor's, and master’s degree academic programs through specific course and program articulation agreements. In addition, the Cybersecurity Program creates Risk Management Framework (RMF) professionals that can rapidly advance their cybersecurity career by combining certifications; that all validate their experience and cybersecurity knowledge to employers.  The program includes the Cybersecurity Maturity Model Certification (CMMC). We have thirty-four scholarships for July 2023 and another twenty-five to fifty for October 2023. Please fill out the www.fusioncyber.co/survey-form/ to start your Cyber career journey today! While we do not guarantee a job, we have a department that focuses on career and placement to ensure you have all the tools you need on your career journey. 

 

We now offer a for-credit program as well, starting in Summer 2023. Students can utilize Federal Student Loans, FASFA, GI Bill, 9/11 funds, and other veterans benefits. We also can articulate prior learning to complete an Associate in Cyber Security through our partner institution. 

 

We train students to solve monumental engineering and cybersecurity challenges. We offer rigorous programs and enriching experiences that encourage collaboration and creativity. We provide an environment where students can cultivate curiosity through innovative research. We create Public-Private partnerships with the industry through co-ops and internships to give students real-world experiences that lead to meaningful careers. We are a community making the future better through engineering and cyber talent management. Join us and create a world that works.

 

As students progress through the FC RMF – Fusion Cyber Risk Management Framework Professional Program (100% virtual, a performance-based certification), they also prepare for the Security+, CISA, CISSP, or CEH certifications. Students can earn up to two certificates within the FC RMF pathway, the world’s most complete hands-on cybersecurity workforce program. As a result, students get the skills they need to land a high-paying cybersecurity job and build a stable career. The FC RMF is academically aligned to the NIST Risk Management Framework (RMF) and Cybersecurity Framework (CSF), NICE Cybersecurity Workforce Framework, and includes browser-accessible Cyber Range instruction & labs providing hands-on experience using real-wunnamed (2)orld cybersecurity tools & techniques, and multiple levels of job readiness from internships to mentorships, to networking opportunities to find that new career position.

 

 

EXAMPLE: SALARY POTENTIAL after successfully passing corresponding industry certification(s):

 

 

 

 

 

 

 

 

 

Fusion Cyber Risk Management Framework Professional (FC RMF) - Common Body of Practice

 

    1. Individuals may pass the Security+ as their first entry point into Cyber security when switching from another career.

    2. Cybersecurity professionals who take and pass ISACA’s Certified Information Systems Auditor (CISA) certification demonstrate that they know to advance in their careers through practice. CISA is world-renowned as the standard of achievement for those who audit, control, monitor, and assess an organization’s information technology and business systems.

    3. Cybersecurity professionals who take and pass the CISSP and demonstrate through practice that they have mastered the seven domains of the Common Body of Practice will earn the certification. In addition, candidates demonstrate a mastery of the FC RMF Common Body of Practice by satisfactorily producing all critical deliverables required for implementing the NIST RMF/Fed/RAMP.

 

The Common Body of Practice includes the following seven domains:

 

  1. Categorize the information system and information processed, stored, & transmitted by that
  2. Select an initial set of baseline security controls for the system based on the security
  3. Implement selected security controls and describe how the controls are
  4. Assess security controls using appropriate assessment procedures to determine how the controls are implemented correctly, operating as intended, and producing the desired outcomes for meeting the system’s security.
  5. Authorize the information system operation based on determining the risk and the decision that this risk is
  6. Monitor the security controls continuously in the information
  7. Manage the risk exposure of on-premises systems by assessing the boundaries between on-premises and cloud-based

Cybersecurity professionals who take and pass EC-Council’s Certified Ethical Hacker (CEH) will show that they’ve mastered the latest commercial-grade hacking tools, techniques, and methodologies hackers and information security professionals use to hack an organization lawfully.

 

Additional certificate or degree options may be added or replaced, as the market demands, such as graduate certificate(s) or doctorate and bachelor's degree completion. The University partner powered by Fusion Cyber certificates can be articulated into various degree programs. In a credit-bearing program, each FC RMF course is academically worth multiple credits (thirty to forty or more credits).

 

Target Market: The baseline Fusion Cyber Risk Management Framework (Security+, CISA, CISSP, or CEH) appeals to professionals already working within a comparable field of IT or risk management, or other similar professional roles and requires 2 to 3 years of professional work experience.

 

Fusion Cyber Cybersecurity Risk Management Framework (FC RMF) Curriculum and Deliverables:

 

 

 

Title

 

Description

Range Force Modules and Practical Assignments

FC RMF 101

Cybersecurity Fundamentals and Risk Management

Students will learn the fundamentals of information technology and security including the methodologies, frameworks, and processes organizations use to ensure the confidentiality, integrity, and availability of its information, data, and IT services.

 

1.      Cybersecurity Fundamentals

2.      Frameworks, Laws, and Regulatory Standards

3.      Security Policies, Procedures, & Processes

4.      Risk Management Concepts, Frameworks, and Legal Requirements

5.      Organizational Structures and Project Management

6.      IT Lifecycle Management

7.      IT Auditing

 

  • Introduction to Cybersecurity
    Terminology
  • History of
    Cybersecurity
  • Cybersecurity Teams
  • Understanding the Threat Landscape
  • Security Topology
  • Introduction to OSI Model
  • Layer 2 Networking
  • Layer 3 Networking
  • Layer 4 Networking
    Firewall Overview
  • IDS/IPS Overview
  • Intro to GRC
  • Understanding the Cyber Kill Chain

 

 

 

FC RMF 201

NIST RMF Part I

Students will be introduced to the NIST Risk Management Framework and demonstrate their understanding of this framework, widely used in both public and private sectors, by completing all steps in the process and creating artifacts to support a comprehensive information system security assessment based on NIST 800-53 rev 5.

 

1.     Cybersecurity Program Management

2.     Certification & Authorization

3.     Cybersecurity Awareness & Training

4.     System & Software Development Methodologies

5.     Supply Chain Risk Management

6.     Identity & Access Management

7.     Change, Configuration, Release, & Patch Management

-   Intro to SOC

-   Blue Team Functions & Tasks

-   Red Team Functions & Tasks

-   DevOps Security Overview

-   Maturity Models, including CMMC for the United States Department of Defense, the Software Maturity Model, and how mature is your IT environment.

-    Conducting a Business Impact Analysis (BIA)

-    Conducting a Privacy Impact Assessment (PIA)

-    Selecting Baseline Security Controls

-    Creating a System Security Plan (SSP)

-    Analyzing a Vulnerability Scan Report

-    Creating Plan of Action & Milestones (PAOMs)

FC RMF 301

NIST RMF Part II

Students will continue their assessment of security controls and developing artifacts to support a comprehensive information system security assessment based on NIST 800-53 rev 5.

 

Students will present the results of their assessment and share their recommendation for authorizing the information system.

 

1.     Auditing

2.     Asset Management & Security

3.     IT Service Management

4.     Communication & Network Security

5.     Problem & Incident Management

6.     Business Continuity & Disaster Recovery

7.     Protecting PII

8.     Cryptography & Public Key Infrastructure

 

- Importance of Logs

- Windows – Introduction to Event Logs

- Linux Syslog

- Intro to SIEM & SOAR

- Event Analysis Basics

- Physical Security Considerations

- Endpoint Protection Overview

- Endpoint Detection & Response

- Server Protection Overview

- Windows – Deploying Endpoint Protection

- Deploying Windows Server Protections

- Deploying Linux Endpoint Protection

- Intro to Mobile Device Management

- Microsoft Defender Antivirus

- Windows – Cybersecurity Foundations Capstone

-     Deploy an Incident Handling & Response Architecture (Pt 1)

-     Deploy an Incident Handling & Response Architecture (Pt 2)

-     Deploy an Incident Handling & Response Architecture (Pt 3)

-     Contain & Mitigate Incidents (Pt 1)

-     Contain & Mitigate Incidents (Pt 2)

-     Prepare for Forensics Investigation as a CSIRT

-     Apply a Forensic Investigation (Pt 1)

-     Apply a Forensic Investigation (Pt 2)

-     Securely Collect & Analyze Electronic Evidence

-     Folllow-up on the Results of an Investigation

-     Complying with State, Federal, & National Legislation

 

FC RMF SP

 

Specialties

TBD per Partner institution

Students participate in a Cyber Information Operations Defense related to specific topics created and maintained by the University’s top researchers.

Security+

Exam Prep via 3rd party provider

CompTIA Security+ is a global certification that validates the baseline skills you need to perform core security functions and pursue an IT security career.

CompTIA Security+ complies with ISO 17024 standards and is approved by the U.S. DoD to meet directive 8140/8570.01-M requirements. Regulators and governments rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program.

CISA

Exam Prep via 3rd party provider

The Certified Information Systems Auditor (CISA) certification validates your knowledge of information systems auditing, assurance, control, security, cybersecurity, and governance.

CISA Certification is DoD Approved. CISA certification complies with ISO/IEC 17024:2012 standards and is approved by the US DoD to meet directive 8140/8570.01-M requirements.

CISSP

Exam Prep via 3rd party provider

The CISSP – Certified Information Systems Security Professional.

The Certified Information Systems Security Professional Certification is approved under the DoD 8570 Directive for the IAT Level III, IAM Level II, LAM Level III, IASAE I, and IASAE II categories.

CEH

Exam Prep via 3rd party provider

EC-Council Certified Ethical Hacker Certification Boot Camp covers how to work with various systems to find out where their weaknesses or vulnerabilities may be and how you can identify and reinforce these gaps to prevent successful hacking attempts.

The CEH Certification is approved under the DoD 8570 Directive for the CSSP Analyst, CSSP Infrastructure Support, CSSP Auditor, and CSSP Incident Responder categories.

The National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework (NICE Framework), published by the National Institute of Standards and Technology (NIST) in NIST Special Publication 800-181, is a nationally focused resource that establishes a taxonomy and common lexicon to describe cybersecurity work, and workers, regardless of where, or for whom, the work is performed.

 

The materials within The University partner powered by FC RMF bootcamps, programs, and courses focus on the Knowledge Skills and Abilities (KSAs) identified within the National Cybersecurity Workforce Framework specialty areas.

 

The FC RMF program uniquely combines top industry-recognized certifications into one pathway and 3rd parties and self-help guides to enable students to pass their certification exams. Multiple cyber range badges are issued at every FC RMF level and some individual levels.

 

The Security+, CISA, CISSP, or CEH certifications embedded (after passing the certification body exam) within the FC RMF program also meet DoD Directive 8140, the successor to 8570 certification and compliance requirements.

 

Example position titles aligned with the certifications:

Certification

Junior Level

Mid-Level

Senior Level

Sec+

Security Specialist

Sr. Security Specialist

Security Manager
 

Security Engineer

Sr. Security Engineer

Security Engineering Manager
 

Jr. Information Security Analyst

Information Security Analyst

Information Systems Security Manager (ISSM)
 

SOC Analyst

Sr. SOC Analyst

SOC Manager
       

CEH

Jr. Penetration Tester

Sr. Penetration Tester

Security Consultant
 

Cybersecurity Engineer

Sr. Cybersecurity Engineer

IT Security Architect
 

SOC Analyst

Sr. SOC Analyst

SOC Manager
 

IT Security Auditor

Sr IT Security Auditor

IT Security Audit Manager
       

CISA

IT Auditor

Sr IT Auditor

IT Audit Manager
 

IT Security Auditor

Sr IT Security Auditor

IT Security Audit Manager
 

Security Control Assessor (SCA)

Sr. Security Control Assessor

IT Security Audit Manager
       

CISSP

Cybersecurity Analyst

Sr. Cybersecurity Analyst

Information Systems Security Manager (ISSM)
 

Risk & Compliance Specialist

Risk & Compliance Lead

Risk & Compliance Director
 

Information Systems Security Officer

IT Security Director

Chief Information Security Officer (CISO)
 

Security Analyst

Security Engineer

Security Architect