H12172 Ds Rsa Education Services Catalog

Transcript

RSA CUSTOMER EDUCATION CATALOG Services Catalog – Q4 2015 COURSE DESCRIPTION INDEX Identity and Access Management RSA Access Manager Administration, Installation and Configuration ........................................... 9 RSA Via Lifecycle and Governance Administration ..................................................................... 11 RSA Business Role Manager ..................................................................................................... 13 RSA Data Access Governance Basics ........................................................................................ 15 RSA Authentication Manager Administration ............................................................................. 16 RSA Authentication Manager Installation and Configuration ...................................................... 18 RSA SecurID Help Desk Basics ..................................................................................................20 RSA Authentication Manager 6.1 to 8.x Data Migration .............................................................. 22 Migrating RSA Authentication Manager v6.1 to a v8.1 Hardware Appliance ................................. 22 RSA Authentication Manager 7.1 to 8.x Data Migration ............................................................... 24 Migrating RSA Authentication Manager v7.1 to a v8.1 Hardware Appliance ................................. 24 Governance, Risk and Compliance Getting Started with Enterprise Risk Management .....................................................................26 Getting Started with Policy and Compliance Management .........................................................28 GRC Overview .......................................................................................................................... 30 RSA Archer Administration........................................................................................................ 31 RSA Archer Advanced Administration ........................................................................................ 33 RSA Archer Solutions Overview ................................................................................................ 35 RSA Archer Security Operations (SecOps) Management Essentials............................................. 37 RSA Archer Security Operations (SecOps) Management Solution Basics .................................... 39 RSA Archer Custom End-User Training Service .......................................................................... 41 Advanced Security Operations RSA Data Loss Prevention Administration.................................................................................. 43 RSA ECAT Fundamentals ........................................................................................................... 45 RSA Security Analytics Introduction .......................................................................................... 47 RSA Security Analytics 10.5 What’s New Overview .....................................................................49 RSA Security Analytics Foundations .......................................................................................... 50 RSA Security Analytics Core Administration ............................................................................... 52 RSA Security Analytics Hunting ................................................................................................. 54 RSA Security Analytics Introduction to Troubleshooting for Customers ....................................... 56 Anti Fraud RSA Adaptive Authentication On-Premise Administration .......................................................... 58 RSA Adaptive Authentication for eCommerce Back Office Tools ................................................ 60 RSA Adaptive Authentication 12 Migration ................................................................................62 RSA Web Threat Detection Essentials ........................................................................................64 Cyber Defense RSA Intelligence-Driven Event Analysis..................................................................................... 66 RSA Incident Handling and Response ...................................................................................... 68 RSA Threat Intelligence ............................................................................................................. 70 RSA Malware Analysis .............................................................................................................. 72 RSA SOC Simulation Challenge ................................................................................................. 74 RSA Cyber Defense Workshop ................................................................................................... 75 Security Concepts and Principles RSA Security Awareness Program .............................................................................................. 77 RSA CISSP Certification Boot Camp ........................................................................................... 79 Learning Assessments RSA Learning Assessments ...................................................................................................... 80 RSA, The Security Division of EMC 2 The Value of Professional Education Investing in training and education makes good business sense and can have a profound impact on your team. It enables an organization to: – Decrease operating costs and increase productivity – Reduce technical infrastructure ENABLE YOUR TEAM TODAY FOR TOMORROW’S IT SECURITY CHALLENGES RSA Education Services provides practical and relevant courses that support security learning across an enterprise. Properly trained personnel are the lifeblood of any organization. As you implement new technologies, add new functionality to existing systems or orient new staff, education is a key element. Consistent and focused training helps maintain the security of your computing environment, improves the end user experience and increases productivity and job satisfaction among your staff. costs – Increase effectiveness of your technology investment – Reduce your organization’s overall information risk NEW OFFERINGS RSA Security Analytics RSA Security Analytics courses have been updated for product version 10.5 and are now available as the following courses:      RSA Security Analytics RSA Security Analytics RSA Security Analytics RSA Security Analytics RSA Security Analytics [see page 56] Introduction (eLearning) [see page 47] 10.5 What’s New Overview [see page 49] Foundations [see page 50] Core Administration [see page 52] Introduction to Troubleshooting for Customers And, with expected availabilty in late Q4, 2015: RSA Security Analytics Hunting [see page 54]. RSA Via Lifecycle and Governance The former RSA IMG Administration course has been revised in line with the introduction of the RSA Via Lifecycle and RSA Via Governance platforms. [see page 11] RSA Archer Two eLearning courses have been added to our offerings:   GRC Overview [see page 30] RSA Archer Solutions Overview [see page 35] FLEXIBLE DELIVERY OPTIONS How to Contact Us Online www.emc.com/rsa-training E-mail [email protected] Phone: 800-995-5095 International: 781-515-7700 Fax: 781-515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 USA Instructor-Led Training (ILT) Instructor-led classes offer comprehensive training in a fullyequipped RSA Learning Center. Public classes give you the opportunity to interact with your peers, further enhancing your learning experience by sharing real-world tips and best practices. Video Instructor Led Training (Video ILT) Video ILT courses combine the best of instructor-delivered lectures and presentations with the convenience and flexibility of an ondemand learning format. Video ILT programs are delivered in streaming format and can be viewed by the student directly on their own computer with an internet connection. Online Instructor-Led Training (Online ILT) Online ILT provides real-time, interactive, virtual training where students participate online to access the instructor-led virtual classroom. Lecture, discussion, questions and answers, and lab exercises makes this a flexible training experience. eLearning Self-paced eLearning provides you with training that is generally one to three hours in length giving you the convenience of learning at your own pace. RSA, The Security Division of EMC 3 RSA PRODUCT TRAINING Our worldwide training services are targeted to serve professionals who are responsible for installing, supporting and administering the entire range of RSA solutions. Developed for security administration and network operations, the product courses offer a variety of teaching methods including traditional instructor-led and virtual (“on line”) instructor-led training, video-based learning, and elearning. Instructor-led courses can also be made available as on-site engagements at a customer’s location. Each of these options gives you the flexibility to select a learning mode that best fits your learning style, time constraints and budget. RSA SECURITY AWARENESS PROGRAMS RSA’s Security Awareness programs offer ways to test and measure vulnerability, then provide essential education to fill any gaps. Our Security Awareness training can target virtually every level of an organization – raising awareness and offering concrete steps to effect change, thus helping to prevent attackers from gaining a foothold through unsuspecting targets. See individual program descriptions for further details. CYBER DEFENSE TRAINING COURSES FOR SECURITY ANALYSTS The threat landscape is becoming more complicated every day. With the advent and enhancement of technical innovations like cloud computing, social media, mobile devices and big data, organizations are finding it very difficult to keep ahead of advanced threats. Security products, while necessary, can only go so far in identifying and mitigating potential breaches. A skilled security analyst is key to the success of any Information Security strategy. The RSA Cyber Defense Training courses address these challenges by offering comprehensive training on analytic processes and techniques that are independent of a specific attack technique or security product. These courses focus on analysis skills that are directly relevant to the current security climate. The curriculum also provides a path for security analysts to advance their skills by offering an approach based on roles that are generally consistent with the roles and responsibilities of a SOC. RSA, The Security Division of EMC 4 ONSITE TRAINING Benefits of Onsite Training Substantial cost Savings – Save up to 40% compared to individual public class rates Less student down time – Reduce travel concerns and out-of-office time Convenient, Flexible Scheduling – Your training can be scheduled at the time and location most convenient for you With RSA Onsite training, you and your people aren’t locked into a pre-existing schedule of public classes at a pre-existing location. RSA Education Services can work with you to schedule your training at the time and location that’s most convenient for you. That means training doesn’t have to conflict with your other business priorities – and it can be timed precisely to support your RSA implementation. RSA Onsite training rates can save an organization up to 40% when compared to individual student rates. Additional cost savings are realized by eliminating the need for student travel. What’s more, since your students are not preparing for trips – or making their way back from airports after training – they are likely to be more productive and accessible in the days surrounding their training experience. ONLINE INSTRUCTOR-LED TRAINING What is Online ILT? Online ILT is real-time virtual training conducted remotely by RSA instructors. It’s virtual training that mirrors the classroom experience with: Live web casts. During scheduled web casts, students communicate with their RSA instructor and other students, ask questions, and experience RSA products through live demonstration. Benefits of Online Instructor-led Training – No travel cost or travel time – Live instructor with whom you can interact and ask questions – Same content as the classroom version of the course with hands-on labs to reinforce concepts Hands-on labs. Students access a remote lab environment that enables them to interact with RSA software and practice what they’ve learned. Course materials. Course materials are shipped to participants in advance of the class. Just like in a classroom, students use these materials under the guidance of the instructor. Instructor guidance. During class time, students have the benefit of the instructor’s expertise to assist during the live web casts and Hands-on Labs. During lab time, the instructor can shadow students by virtually looking over the shoulder of each student to evaluate their progress and provide assistance. – Modest connectivity requirements allow participation from anywhere RSA LEARNING ASSESSMENTS – Publicly-scheduled classes for individual participants or Private sessions for organizations that prefer virtual training for their dispersed teams As organizations increasingly depend on technology to manage their businesses, the need for employees to be knowledgeable about security is increasingly evident. Whether they are IT security professionals or general office staff, having the appropriate security knowledge and skills to perform their jobs is a critical business driver. To plan and position your security training initiatives cost-effectively, RSA Learning Assessments are tools to measure your team’s knowledge of RSA products and other security-related concepts. Based on the learning assessment results, we can work with you to identify a learning program that works for you and your team. RSA Learning Assessments are useful for organizations who recognize a need for training but aren’t quite sure what training their team really needs. By leveraging RSA Learning Assessments, you can better understand the learning gaps and make an informed decision about the most effective individual and group training plans for your team. Online RSA Learning Assessments are available to you at no charge. An assessment can be completed within 15-20 minutes with immediate results provided to the assessment taker. For a team assessment, management reports can be provided that evaluates individual and group results. RSA, The Security Division of EMC 5 RSA Training Unit Details: – Each Training Unit has a value of $100 US – Valid for customers and partners in all regions RSA TRAINING UNITS Training is an invaluable means of facilitating growth in your organization and increasing the skills and knowledge of your employees. With RSA Training Units (TUs) you can invest in RSA courses and use them whenever RSA training is necessary. – Can be redeemed for any RSA course and any delivery mode Training units are simply RSA Education Services currency. They are deposited into a company’s training account and are available for general consumption by your company’s employees. Valid for one year from date of purchase, pre-paid TUs provide maximum flexibility to ensure your team’s readiness. – Valid for one year (364 days) from time of issuance. Any unused days are null and void after the expiration date With RSA TUs you can satisfy your training requirements as they evolve throughout the year. You reduce the paperwork and approvals associated with multiple enrollments by taking care of all your training needs with a single purchase. – Can be used to register one or more individuals – Payment can be made with: purchase order, credit card, or company check Registration and Payment Please complete your registration at www.emc.com/rsa-training. Be sure you register with the e-mail address of the student attending class, as this is the only unique identifier we have for each student. Complete details regarding payment by purchase order, credit card or check are provided on our web site. RSA CERTIFIED SECURITY PROFESSIONAL CERTIFICATION By becoming an RSA Certified Security Professional, you possess the credentials that demonstrate your knowledge and skills necessary to function as a practical expert in the rapidly growing information security industry. Job-based certifications are available for administrators for the product areas designated below. Our relationship with Pearson VUE, which operates 5,000 testing centers in 165 countries, provides convenient access to certification exams and ensures impartial testing. The RSA Certified Administrator specialization is designed for professionals who administer and maintain enterprise security systems that use RSA SecurID®, RSA Archer®, or RSA® Security Analytics. Certification Recommended RSA Courses RSA Archer Certified Administrator  RSA Archer Administration RSA SecurID Certified Administrator RSA Security Analytics Certified Administrator  RSA Archer Advanced Administration  RSA Authentication Manager Administration  RSA Authentication Manager Installation and Configuration  RSA Security Analytics Administration EMC2, EMC, RSA, RSA Security, Archer and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. © Copyright 2014 EMC Corporation. All rights reserved. Published in the USA. EDCAT SB 0615 r1 RSA, The Security Division of EMC 6 SUMMARY OF OFFERINGS BY DELIVERY MODE ILT VILT e-Learning Online ILT                                                                                         Identity and Access Management RSA Access Manager Administration, Installation and Configuration RSA Via Lifecycle and Governance Administration RSA Business Role Manager RSA Data Access Governance Basics RSA Authentication Manager Administration RSA Authentication Manager Installation and Configuration RSA SecurID Help Desk Basics RSA Authentication Manager 6.1 to 8.x Data Migration Migrating RSA Authentication Manager v6.1 to a v8.1 Hardware Appliance RSA Authentication Manager 7.1 to 8.x Data Migration Migrating RSA Authentication Manager v7.1 to a v8.1 Hardware Appliance            Governance, Risk and Compliance Getting Started with Enterprise Risk Management Getting Started with Policy and Compliance Management GRC Overview RSA Archer Administration RSA Archer Advanced Administration RSA Archer Solutions Overview RSA Archer Security Operations (SecOps) Management Essentials [Expected availability: early Q4 2015] RSA Archer Security Operations (SecOps) Management Solution Basics RSA Archer Custom End-User Training Service Advanced Security Operations RSA Data Loss Prevention Administration RSA ECAT Fundamentals RSA Security Analytics Introduction RSA Security Analytics 10.5 What’s New Overview RSA Security Analytics Foundations RSA Security Analytics Core Administration RSA Security Analytics Hunting [Expected availability: late Q4 2015] RSA Security Analytics Introduction to Troubleshooting for Customers  7 SUMMARY OF OFFERINGS BY DELIVERY MODE (CONTINUED) ILT VILT e-Learning Online ILT Anti Fraud RSA Adaptive Authentication On Premise Administration RSA Adaptive Authentication for eCommerce Back Office Tools RSA Adaptive Authentication 12 Migration RSA Web Threat Detection Essentials        Cyber Defense RSA Intelligence-Driven Event Analysis RSA Incident Handling and Response RSA Threat Intelligence RSA Malware Analysis RSA SOC Simulation Challenge RSA Cyber Defense Workshop             Security Concepts and Principles RSA Security Awareness Program RSA Certified Information Systems Security Professional (CISSP) Boot Camp             8 RSA® Access Manager Administration, Installation and Configuration Course Description AT-A-GLANCE Overview This course offers theoretical and hands-on instruction in the administrative functions, operations, and installation and configuration tasks associated with the RSA Access Manager product. RSA Access Manager system architecture, server structure, integration of components into an enterprise infrastructure, user organization, and the importance of various configuration parameters are discussed. Hands-on labs allow the student to work step-bystep through the phases of an RSA Access Manager implementation. Extensive hands-on labs and the use of a realistic case study reinforce the tasks involved in creating a complete Web access management solution. Audience System, security, or help desk personnel who need to install, deploy and/or maintain RSA Access Manager. Duration 4 days REGISTER FOR CLASSES: Prerequisite Knowledge/Skills For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: Familiarity with Web and directory server or database technologies; A functional knowledge of OS and networking fundamentals. www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED CLRAIN210 – Onsite Class ED ACCMGR TRAIN UNIT – Training Units Course Objectives Upon successful completion of this course, participants should be able to:  Explain the basic architecture and integration of RSA Access Manager in an enterprise environment  Describe the processes and methodology for performing a successful installation and implementation of the core servers, data adapter, Administrative Console and representative Agents  Describe the management functions used for resource and end user administration  Using a case study, perform typical administration functions to populate and configure users, administrators and groups in an RSA Access Manager database  Explain the configuration parameters that can be used to tailor the RSA Access Manager components to accomplish specific tasks and functions  Establish Entitlements and use RSA Access Manager Smart Rules™ to manage Web access and protect resources in a classroom Web environment  Perform system troubleshooting and analysis through the use of audit logs and user reports  Explore how runtime and administrative operations can be extended through the use of the API library 9 Course Outline  RSA Access Manager Overview ▬ High level description of RSA Access Manager and its contribution to access management  Resource Protection and Authentication ▬ Discussion of Authentication Methods used to protect resources; Form-based vs. challenge/response authentication; Chaining and combining forms  RSA Access Manager Architecture ▬ Description and functions of the Primary Servers; Web and Application Server Agents ▬ ▬ Data Flow for the Runtime and Administrative operations Discussion of how resources are defined to allow granular protection ▬ Use of RSA Access Manager Entitlements and ▬ Description of how RSA Access Manager fits into a distributed security model Smart Rules to selectively manage access to resources ▬ How to manage conflicts among Smart Rules and between Smart Rules and Entitlements ▬ Configuration of Access Manager for external authentication and URL retention  Installation and Configuration ▬ Description of RSA Access Manager system requirements and pre-installation readiness tasks ▬ Installation procedure, options, and recommended practices ▬ Installation of Access Manager Servers, LDAP Data Adapter, Administrative Console, and Web and Application Server Agents ▬ Configuration of Web Server for Single SignOn  Managing Resources ▬ Discussion of how resources (Web sites, Applications, etc.) are protected using RSA Access Manager – focusing on selectivity and granularity in various situations ▬ Registration of Web Servers and definition of Applications ▬ Discussion of Virtual Web Server Hosts ▬ Configuration of Web Server for virtual hosts  Delegated Administration ▬ Discussion of the administrative structure that is possible in an RSA Access Manager installation ▬ Use of Administrative Groups and ownership hierarchy of administrators, users, and objects ▬ Examination of Administrative Roles and responsibilities  Managing the Organization ▬ Policy control for user authentication and passwords ▬ Methodology of structuring users, groups, user  Troubleshooting ▬ Examination of the log files and use of special configuration parameters to control log detail ▬ Configuration of servers for centralized logging ▬ Configuration of Network Management ▬ Discussion of approaches to user and system troubleshooting  Development Tools ▬ Discussion of the various Runtime, Administrative, and Web Agent Extension API tools that are available ▬ Examination and implementation of JAVA coding examples  Single Sign-On ▬ Discussion of the function and objectives of creating a single sign-on environment ▬ Explanation of the differences and challenges of ‘Intra-’ vs. ‘Inter-’ site single sign-on ▬ Configuration of Access Manager for SSO and ISSO  Distributed Authorization ▬ Discussion of achieving redundant functionality and failover ▬ Explanation of the differences in Standard Mode vs. Distributed Mode failover ▬ Test of centralized logging attributes, and properties Creation of user properties and addition of users to groups © Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 10 RSA® Via Lifecycle and Governance Administration Course Description Overview AT-A-GLANCE The RSA Via Lifecycle and Governance Administration course provides an overview of the administrative and configuration options associated with the RSA Via Lifecycle and Governance platform. This course provides an overview of the administrative responsibilities and configuration options associated with the RSA Via Lifecycle and Governance (RSA Via L & G) platform. Students will gain a comprehensive understanding of the access review cycle, change request and provisioning capabilities of the platform. Students will enable the ACM, ARM, AFX and Rules modules. Hands-on labs are used to reinforce the tasks involved in configuring, maintaining, and utilizing the platform to collect identities, accounts, entitlements and application roles for several directories and applications as well as perform user and account reviews and other tasks in a simulated review cycle. Students will configure the components necessary to automate provisioning and new user registration processes and will create workflows, notifications, and several types of change requests. Students will discuss collectors, applications, directories, business descriptions, roles, rules, provisioning options, reporting and dashboards to provide an end-to-end structured experience for the students. Audience RSA Via Lifecycle and Governance (formerly RSA IMG) platform administrators, implementers and other technical users who need to configure, administer, or support the RSA Via Lifecycle and Governance platform. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED-VLG-ADM-110 – Public class ED-VLG-ADM-210 – Onsite class ED-VLG-ADM-TRAINUNIT – Training Units Duration 4 days Prerequisite Knowledge/Skills Familiarity with Identity Management concepts, Active Directory, LDAP, and SQL querying. Course Objectives Upon successful completion of this course, participants should be able to:           List the components included in the RSA Via L&G platform Understand platform configuration options Enable the ACM, ARM, Roles, AFX and Rules modules Package and import platform resource objects Perform administrative functions, including configuring identity, account, and entitlement collectors, and unifying user data Configure and process business policy sets, rules, notifications and workflows Configure, run, and perform user access certification reviews Configure and take action on change requests, user registrations, and workflows for requests Deploy automated provisioning options for change requests and user registrations Create and publish reports and charts to dashboards and external sources 11 Course Outline  Introduction to RSA Via L&G ▬ RSA Via L&G Platform Overview ▬ Course scenario overview ▬ Data model overview ▬ Prestige Simulation  Administration Overview ▬ AveksaAdmin account ▬ Admin menu ▬ Enabling platform modules ▬ Enabling Notifications ▬ Help system ▬ Task list ▬ UI Security  RSA ▬ ▬ ▬ ▬ ▬ ▬ Via L&G Platform User Interface Admin System Settings User Interface styles Naming your environment Login Screen Header and Menu Bar Packaging and Importing  Requirements Gathering ▬ Business Resources ▬ Directories and Applications ▬ Out of the Box Attributes ▬ Custom Attributes ▬ Custom Values Lists ▬ Collected VS. ACM Managed Attributes ▬ Hiding attributes ▬ Table options  Users and Identities ▬ Users and Identities Overview ▬ Directories ▬ Directory Groups ▬ Business Units ▬ Identity Data Collectors ▬ Unification Process ▬ Collecting Identities ▬ Authentication  Accounts, Roles and Entitlements ▬ Aveksa Admin roles ▬ Granular Aveksa Admin Privileges ▬ Rapid Application Onboarding ▬ Account Attributes ▬ Account Data Collectors ▬ Orphaned Accounts ▬ Entitlement Attributes ▬ Entitlement Data Collectors ▬ Application Roles ▬ Business Descriptions ▬ Collecting Entitlements ▬ Collecting multiple owners for resources  Roles ▬ Roles Overview ▬ Collecting Application Roles ▬ Roles module vs. BRM  Rules ▬ Rules Overview ▬ Rule Definitions ▬ Out of the box Rules ▬ Creating custom rules ▬ Rules logic ▬ Processing Rules ▬ Violations, Remediations and exceptions ▬ Out of the box and custom rules workflows ▬ Granular security for rules  Reviews ▬ Reviews Overview ▬ Creating Review Definitions ▬ Modifying reviews workflows ▬ Administering Reviews ▬ Performing Reviews ▬ Refreshing Reviews ▬ Watch closures ▬ Completing a Review and Reporting Results  Workflows, Notifications and Escalations ▬ Workflows Overview ▬ Creating Workflows ▬ Out of the box templates ▬ Creating Notification templates ▬ Creating Escalations ▬ Viewing email logs  Dashboards and Reports ▬ Reports Overview ▬ Out of the box reports and charts ▬ Modify OOTB reports using the query tab ▬ Build Custom Reports and Charts ▬ Dashboard options ▬ Build and modify dashboards  Access Request Manager ▬ Access Requests Manager Overview ▬ Custom Forms and controls (fields) ▬ Custom Buttons ▬ Naming policies and naming transforms ▬ Custom User and Entitlement Views ▬ Workflows, Notifications and Escalations ▬ Provisioning options  Provisioning with AFX ▬ Access Fulfillment Express Overview ▬ Deploying Access Fulfillment Express ▬ Importing AFX Connectors ▬ Configuring Connectors ▬ Configuring Endpoint capabilities  Capstone Structured Experience ▬ Complete end-to-end access review cycle ▬ Deploy change requests with automated provisioning ▬ Publish final reports to simulation auditors and executives  Additional Resources ▬ Community membership ▬ RSA Secure Care Online © Copyright 2015 EMC Corporation. All rights reserved. 09/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 12 RSA® Business Role Manager Course Description Overview AT-A-GLANCE The RSA Business Role Manager eLearning provides instruction on the administrative responsibilities and configuration options associated with the RSA Business Role Manager module. The RSA Business Role Manager eLearning module extends the capabilities of the IMG product to include the ability to group users and entitlements into roles. The RSA BRM eLearning module provides an overview of BRM components. Topics include terminology, configuration, and role mining options to tailor the module to a customer’s needs. Demonstrations illustrate the tasks involved in configuring, maintaining, and utilizing the Business Role Manager module. The course is comprised of lecture content as well as recorded product demonstrations to illustrate the RSA BRM product in action. Audience RSA Identity and Access Management/Identity Management and Governance/RSA Via Lifecycle and Governance administrators, implementers and other technical users who need to configure, administer, or support the RSA Business Role Manager module. Duration 4 hours (eLearning) REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: Prerequisite Knowledge/Skills Completion of the RSA Identity Management and Governance (IMG) course (or former RSA ACM Foundations course). Course Objectives Upon successful completion of this course, participants should be able to:  Enable the Roles option and Business Role Manager module  Understand the functionality and capabilities of the Roles and Business Role Manager modules  Understand Business Role Manager terminology  Understand the differences between business, technical, and global roles  Interpret role metrics are produced  Create, configure and manage roles  Create and configure role options  Create and configure role sets  Discover roles and entitlements  Define role membership rules  Manage organization roles for compliance to best practice principles  Allow others to manage roles ED-VLG-ADM-TRAINUNIT – Training Units © Copyright 2014 EMC Corporation. All rights reserved. 03/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 13 Course Outline  Business Role Manager Overview ▬ Role management lifecycle ▬ Definition of a Role ▬ Common indicators of role problems ▬ Benefits of using Roles in Access Governance ▬ Using roles in entitlement reviews ▬ Difference between Business Roles and Technical Roles ▬ Interpreting role metrics Enable and Configure BRM ▬ How to enable BRM. ▬ Role configuration options ▬ Role management options    Manage Roles BRM Features    ▬ Create a Role ▬ Best practices for creating a role ▬ Definition of a birthright role ▬ How to create a role ▬ Definition of a role set ▬ How to create a role set ▬ How to add members to a role ▬ Role membership rules ▬ Role metrics Discover Roles ▬ Benefit of role discovery ▬ Definition of top-down role modeling ▬ Demonstration of top-down role modeling ▬ Definition of bottom up role modeling ▬ Demonstration of bottom-up role modeling © Copyright 2014 EMC Corporation. All rights reserved. 12/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 14 RSA® Data Access Governance Basics Course Description Overview AT-A-GLANCE The RSA Data Access Governance Basics eLearning course provides instruction on the administrative responsibilities and configuration options associated with the RSA Data Access Governance module. This eLearning course discusses the use of the RSA Data Access Governance module as a tool to collect and manage user access to data resources. Topics include collection configuration, access reviews, user access requests, and data resource ownership. Recorded demonstrations (eLearning) reinforce the tasks involved in configuring, maintaining, and utilizing the Data Access Governance module. Audience RSA Identity and Access Management/Identity Management and Governance administrators, implementers and other technical users who need to configure, administer, or support the RSA IMG Business Role Manager module. Duration 2 hours (eLearning) Prerequisite Knowledge/Skills REGISTER FOR CLASSES: Completion of the RSA Identity Management and Governance (IMG) Administration course (or former RSA ACM Foundations course). For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: Course Objectives www.emc.com/rsa-training CONTACT US: Email: [email protected] Upon successful completion of this course, participants should be able to:  Enable the RSA Data Access Governance (DAG) module  Understand how RSA DAG and StealthBits® StealthAUDIT® work together to collect data resource information  Manage reviews of resource owners and user access  Configure rules to support an organization’s user access policies  Configure and manage end user data access requests Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 Course Outline  Purpose and function of RSA Data Access Governance ▬ Use and benefits of RSA DAG ▬ Permission types ▬ DAG operations  RSA DAG Architecture ▬ Components and functions ▬ Data flows  Process and Workflows ▬ Data acquisition ▬ Review workflow ▬ Rules and rule processing ▬ End user data access requests 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED-VLG-ADM-TRAINUNIT – Training Units 15 RSA® Authentication Manager Administration Course Description AT-A-GLANCE This course provides an overview of the administrative responsibilities associated with an RSA SecurID® system. Overview The working principles behind RSA Authentication Manager and RSA SecurID authenticators are discussed, including product architecture, time synchronization, managing external Identity Sources and exploring all aspects of an administrative structure. Extensive hands-on labs reinforce the administrative tasks involved in managing a user population and token assignment. The subject matter in this course prepares students with the classroom component recommended for the RSA Authentication Manager Certified Administrator certification. Audience System, security, or help desk administrators who need to administer and support RSA SecurID products. Duration REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 2 days Prerequisite Knowledge/Skills Familiarity with Microsoft® Windows® or UNIX/Linux system administration. Course Objectives Upon successful completion of this course, participants should be able to:  Understand the basic architecture and theory of operation of the RSA SecurID product suite  Perform configurations required for RSA Authentication Manager system operations  Perform user administration functions to populate and manage users  Perform reporting and user troubleshooting  Understand ongoing maintenance requirements  Understand the setup and use of software authenticators  Understand the configuration and use of self-service functionality COURSE PART NUMBERS: ED AMADM210 – Onsite Class ED AM TRAIN UNIT – Training Units 16 Course Outline  Product and Technology Overview ▬ High level description of RSA Authentication Manager and its contribution to user authentication ▬ Authentication as a foundation of security, trust and confidence in digital identities ▬ RSA Authentication Manager system  System Administration ▬ - components and communication  RSA SecurID Authentication Establishing and maintaining organizational and administrative structures: LDAP Identity Sources Security Domains User and User Group structures Administrative roles and delegation Authentication Agents  Authenticator Management ▬ RSA SecurID authentication options ▬ Managing RSA SecurID hardware tokens ▬ Concepts of strong user authentication ▬ Software token deployment and installation ▬ Token technology – time synchronization, ▬ Managing Risk-Based Authentication authenticator types ▬ Managing On-Demand Authentication  Risk-Based Authentication  Auditing, Reports and Troubleshooting Configuration and management of Riskbased authentication ▬ RSA Authentication Manager report functions ▬ Report customization ▬ Device fingerprinting and behavior data collection and analysis ▬ Troubleshooting procedures ▬ Selecting assurance levels ▬  Deployment and Administrative Structure ▬ Deployment planning and establishing an administrative structure  Self-Service Management and Support ▬ Configurations for user self-service functions ▬ User account and authenticator management and provisioning  Policy Management ▬ Defining and applying policies to the system and Security Domains - Password and Token policies - Lockout and self-service policies - Risk-based and Offline authentication policies   © Copyright 2014 EMC Corporation. All rights reserved. 12/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 17 RSA® Authentication Manager Installation and Configuration Course Description AT-A-GLANCE This course offers hands-on training on the installation and configuration of RSA Authentication Manager, Authentication Agents, Web Tier, and other RSA SecurID® system components.. Overview This course assumes that the student has attended the RSA Authentication Manager Administration course or has equivalent operation and administrative experience with RSA Authentication Manager – administrative tasks are not covered as part of this course. Audience Technical personnel who install, service and support RSA Authentication Manager and RSA SecurID deployments. Duration 2 days Prerequisite Knowledge/Skills REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 Microsoft® Windows® or UNIX/Linux system administration; attendance in RSA Authentication Manager Administration course, or equivalent v7.1 or v8 administration experience; Familiarity with virtual machine deployment on VMware. Course Objectives Upon successful completion of this course, participants should be able to:  Plan and perform the pre-installation, installation, and configuration tasks to accomplish an RSA Authentication Manager virtual appliance installation in a VMware environment  Configure RSA Authentication Manager system parameters  Configure and connect to external LDAP Identity Sources  Create redundant/failover RSA Authentication Manager replica servers and understand the role and management of replica server instances  Install and configure RSA Authentication Agents for local workstation and web access protection  Perform an RSA Authentication Manager Web Tier installation to support user self-service and risk-based authentication COURSE PART NUMBERS: ED AMINS210 – Onsite Class ED AM TRAIN UNIT – Training Units 18 Course Outline  RSA Authentication Manager System Architecture ▬ Primary and Replica instances ▬ Authentication Agents and communication paths ▬ Identity Sources ▬ Firewall configurations ▬ Web Tier component ▬ RADIUS communication  Deployment Scenarios and Planning ▬ Deployment and Installation planning ▬ Using the right Authentication Agent ▬ Planning administrative support ▬ Using CT-KIP for software token deployment  RSA Authentication Manager Deployment ▬ Pre-Installation requirements and considerations ▬ Supported VMware environments and features ▬ Strategies for dealing with primary instance failures and replica promotion ▬ Creating replica packages ▬ Establishing preferred and failover servers in Agent hosts  Web Tier Installation ▬ Requirements and installation process for the Web Tier component ▬ Customizing the end user interface  System Utilities ▬ Using the Command-line Utility package ▬ Installing and configuring the Windows MMC snap-in ▬ Managing Realm trusts  Credential Manager Configuration ▬ Setting up the Credential Manager for provisioning  RADIUS Server Configuration ▬ V8.1 Hardware Appliance deployment ▬ Deployment process and steps ▬ RADIUS functions and capabilities Post-deployment tasks ▬ Primary and Replica RADIUS servers ▬ Managing RADIUS users ▬  System Configurations ▬ Settings and configurations - System-wide configurations - Instance settings - Console and dashboard personalization   Replica Instances Authentication Agent Configurations ▬ Functions and features of representative Authentication Agent installations for Microsoft Windows and Linux operating systems ▬ Configuring Agent software for local, network and web access protection ▬ Handling node secret and sdconf.rec files  RSA Authentication Manager Migration Overview ▬ Optional overview of the migration process from version 6.1 to version 8 and/or version 7.1 to version 8 ▬ This module is delivered if students are planning to perform a migration in their production system and are interested in the general planning and steps involved in a migration © Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 19 RSA SecurID® Help Desk Basics Course Description AT-A-GLANCE This course provides the fundamental information about an RSA SecurID® system deployment to assist Help Desk representatives respond to end users. Overview An overview of RSA Authentication Manager and RSA SecurID authenticators and authentication methods are presented, as well as how functions and controls are accessed in the administrative interface. Instructor demonstrations of important operations relating to typical end user cases reinforce the steps that Help Desk representatives can take for troubleshooting and assisting their user population. This course is useful for new representatives supporting RSA SecurID users as well as a refresher course for representatives who infrequently work with RSA SecurID support issues. Audience Help Desk representatives who need to assist and support RSA SecurID users Duration 1 day REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 Prerequisite Knowledge/Skills General familiarity with system administration functions Course Objectives Upon successful completion of this course, participants should be able to:  Understand the high-level architecture and theory of operation of the RSA SecurID product suite  Identify common authentication problem areas  Perform common user assistance tasks  Understand the use of the user Self-service capabilities 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED AM TRAIN UNIT – Training Units 20 Course Outline The following modules are designed to support the course objectives:  RSA SecurID System Overview ▬ High level description of RSA SecurID and RSA Authentication Manager system components ▬ ▬ RSA authentication methods: o Hardware and Software authenticators o On-Demand Authentication o Risk-Based Authentication Authentication process and data flow  Monitors and Reports ▬ Using the Authentication Monitor ▬ Generating reports to track and user activity  User Troubleshooting ▬ Troubleshooting procedures ▬ Security considerations  Self-service Console ▬ User self-service functions ▬ Self-Service provisioning flow ▬ Troubleshooting user self-service problems  Authentication Problem Areas ▬ Identifying and isolating user problems ▬ Common user errors ▬ Differentiating User vs Agent vs Server problems  System Configurations ▬ Organizational structures – users, groups, Security Domains and Identity Sources ▬ Authentication options and policies  Authenticator Operations ▬ Hardware tokens ▬ Software tokens ▬ On-demand codes ▬ Emergency and temporary codes © Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 21 RSA® Authentication Manager 6.1 to 8.x Migration Course Descriptions AT-A-GLANCE This eLearning course guides the participant through the steps to accomplish a standard migration from RSA Authentication Manager version 6.1 to version 8.x. Overview Product functionality that is pertinent to the migration of v6.1 is discussed as well as the process and considerations for migrating to a v8.x environment. Note that this course discusses migration of “out-of-box” deployments and does not address migration of customized APIs running under v6.1. Audience Technologists who are responsible for an RSA SecurID system and intend on migrating from RSA Authentication Manager v6.1 to v8. Prerequisite Knowledge/Skills Familiarity with RSA SecurID technology and RSA Authentication Manager v6.1. RSA Authentication Manager 6.1 to 8.0 Data Migration REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: This course describes the features and functions that are new to RSA Authentication Manager v8.x as well as how database objects and structures map from v6.1 to v8.x. It details several deployment and migration scenarios and the steps required to migrate v6.1 data to a v8.x installation. Duration Approximately 1 hour www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Migrating RSA Authentication Manager v6.1 to a v8.1 Hardware Appliance This course augments the data migration course (described above) and focuses on the process and considerations for migrating to a version 8.1 hardware appliance from v6.1. Duration Approximately 15 minutes Bedford, Massachusetts 01730 This elearning course is available to customers at no charge. If you are accessing RSA eLearning for the first time, please visit http://powerlink.emc.com to establish an account. If you already have an account through EMC Powerlink, go directly to www.emc.com/rsa-training to access this course. 22 RSA Authentication Manager 6.1 to 8.0 Data Migration Migrating RSA Authentication Manager v6.1 to a v8.1 Hardware Appliance Course Objectives Course Objectives Upon successful completion of this course, participants should be able to:  Provide an overview of the fundamental differences between RSA Authentication Manager v6.1 and v8.x – features and functions  Describe the specific database objects that are migrated between product versions and how they are handled by the migration  Describe the pre-migration steps to prepare a v6.1 database for migration  Describe the post-migration structures that can be created in v8.x to contain and manage migrated objects Upon successful completion of this course, participants should be able to:  Understand a deployment architecture that includes one or more v8.1 hardware appliances as primary and/or Replica instances  Describe the migration process of migrating from a v6.1 software or hardware appliance platform to a v8.1 hardware appliance Course Outline  Comparison of v6.1/v8.x Architecture and Administrative Structures ▬ Describes the general architecture and compares differences/parallels between product versions ▬ Describes the major areas of importance in the v8.x data structures and how they map to a v6.1 environment ▬ Describes terminology used in v8.x  Overview of the Migration Process ▬ High-level description of the methodology for approaching a migration ▬ Describes in detail how database objects are mapped from version to version Course Outline  Overview of v8.1 Architecture ▬ Describes the architecture and deployments options that include a v8.1 hardware appliance  Overview of the Migration Process ▬ Describes migration tasks involved with migrating to a hardware appliance that are over and above the tasks involved with data migration alone ▬ Using the v6.1 Migration Assessment Tool  Migration Steps ▬ Describes the initial connections and setup of a v8.1 hardware appliance ▬ Describes the steps involved with migration from exporting v6.1 data to importing it into a v8.1 hardware appliance.  Pre-Migration Preparation ▬ Describes the considerations and best practices involved in preparing a v6.1 environment for migration — database cleaning, creating/dismantling structures, etc. and preparing a v8.x environment to receive migrated information — what decisions and elements should be made before migration  Post-Migration Considerations ▬ Description of tasks that can be performed after the completion of the migration process  Migration of an RSA SecurID Appliance ▬ Describes the general process for migrating data from a v6.1 RSA SecurID Appliance to a v8 environment © Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 23 RSA® Authentication Manager 7.1 to 8.x Migration Course Descriptions AT-A-GLANCE This eLearning course guides the participant through the steps to accomplish a standard migration from RSA Authentication Manager version 7.1 to version 8.x. Overview Product functionality that is pertinent to the migration is discussed as well as virtual and hardware appliance deployment, Web Tier, and Risk-Based Authentication options that are new in v8.x. Note that these courses discuss migration of “out-of-box” deployments and do not address migration of customized environments or APIs running under v7.1. Audience Technologists who are responsible for an RSA SecurID system and intend on migrating from RSA Authentication Manager v7.1 to v8. Prerequisite Knowledge/Skills Familiarity with RSA SecurID technology and RSA Authentication Manager v7.1. RSA Authentication Manager 7.1 to 8.0 Data Migration REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: This course describes the features and functions that are new to RSA Authentication Manager v8.x. It details several deployment and migration scenarios and the steps required to migrate v7.1 data to a v8.x installation. Duration Approximately 1 hour www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 Migrating RSA Authentication Manager v7.1 to a v8.1 Hardware Appliance This course augments the data migration course (described above) and focuses on the process and considerations for migrating to a version 8.1 hardware appliance from v7.1. The information in this course is appropriate for v7.1 deployments that currently use hardware appliances as well as for migrations to v8.1 that will begin using a hardware appliance for the first time. Duration  Approximately 15 minutes This elearning course is available to customers at no charge. If you are accessing RSA eLearning for the first time, please visit http://powerlink.emc.com to establish an account. If you already have an account through EMC Powerlink, go directly to www.emc.com/rsa-training to access this course. 24 RSA Authentication Manager 7.1 to 8.0 Data Migration Migrating RSA Authentication Manager v7.1 to a v8.1 Hardware Appliance Course Objectives Course Objectives Upon successful completion of this course, participants should be able to:  Provide an overview of the fundamental differences between RSA Authentication Manager v7.1 and v8 – features and functions  Describe the migration process  Describe the pre-migration steps to prepare for v7.1 data export  Describe the post-migration tasks in a v8 environment Upon successful completion of this course, participants should be able to:  Understand a deployment architecture that includes one or more hardware appliances as primary and/or Replica instances  Describe the migration process of migrating from a software or hardware appliance platform to a v8.1 hardware appliance  Understand how to upgrade an existing supported hardware appliance to be v8.x-capable Course Outline Course Outline  Comparison of v7.1/v8 Architecture ▬ Describes the general architecture and system components that are similar to v7.1 and those that are new to v8  Overview of the Migration Process ▬ High-level description of the options and methodology involved with migration ▬ Discusses approaches to minimize downtime during migration  Migration Steps ▬ Discusses pre-migration preparations ▬ Describes the v8 deployment ▬ Describes installation of the RSA Authentication Manager Migration Export Utility ▬ Describes Basic and Advanced migration options ▬ Considerations for RADIUS migration  Overview of v8.1 Architecture ▬ Describes the architecture and deployments options that include a v8.1 hardware appliance  Overview of the Migration Process ▬ Describes migration tasks involved with migrating to a hardware appliance that are over and above the tasks involved with data migration alone  Upgrading and Re-imaging an RSA SecurID Appliance ▬ Describes the process to upgrade supported RSA SecurID Appliance 3.0 equipment to enable it to host a v8.x instance  Migration Steps ▬ Describes the steps involved with migration from exporting v7.1 data to importing it into a v8.1 hardware appliance.  Post-Migration Tasks ▬ Describes tasks to be performed after the completion of the migration process ▬ Discusses rolling back a migration  Migration Assistance ▬ Describes troubleshooting information and how to obtain further assistance from RSA resources © Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 25 Getting Started with Enterprise Risk Management Course Description AT-A-GLANCE This course provides an overview of the concepts, processes, and procedures necessary to successfully begin implementation of an Enterprise Risk Management (ERM) system. Overview Students will gain knowledge of the key RSA Archer ERM components through presentations and hands-on exercises. Audience Risk management team members who will be using the RSA Archer Risk Management solution to define, support, and maintain a risk management initiative. This may include managers, team leads, and anyone involved in scoping a risk project. Duration 2 days Prerequisite Knowledge/Skills REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Familiarity with RSA Archer eGRC framework and a general familiarity with organizational Risk concepts. Course Objectives Upon successful completion of this course, participants should be able to:  Explain basic Risk Management terminology and methodologies  Illustrate the structure of the RSA Archer Risk Management Solution  Define business requirements related to Risk Management  Begin the implementation process of an Enterprise Risk Management program Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED ARCERM210 – Onsite Class ED ARC TRAIN UNIT – Training Units 26 Course Outline  Introduction to Risk Management  Top-Down Risk Assessment ▬ What is Risk? ▬ ▬ General Enterprise Risk Management Approach Overview Discussion: Common Issues for Specific Industries/Business Types ▬ Exercise: Risk Identification ▬ Types of Risk ▬ Exercise: Risk Assessment ▬ Exercise: Risk Decision  Digging Deeper ▬ Exercise: Risk Treatment ▬ Common Frameworks Overview ▬ Exercise: Metrics Monitoring ▬ Developing a Common Risk Taxonomy ▬ Exercise: Loss Monitoring ▬ Elements of Risk Management ▬ Exercise: Overall Monitoring ▬ Phases of Growth: ▬ Risk Identification ▬ Assessment ▬ Exercise: Create a new Risk Project ▬ Decision ▬ Exercise: Complete Risk Assessments ▬ Treatment ▬ Exercise: Create reports based on new data ▬ Monitoring ▬ Exercise: Bring in sample model data via Data Import ▬ Exercise: Create dashboard that incorporates  RSA Archer Risk Management Solution ▬ RSA Archer ERM Structure Components ▬ ERM Processes and Key Integrations with  Bottom-Up Risk Assessment model data’s impact on business Other Solutions ▬ How RSA Archer Maps to Common Risk Frameworks © Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 27 Getting Started with Policy and Compliance Management Course Description AT-A-GLANCE This course provides an overview of the concepts, processes, and procedures necessary to successfully begin implementation of a Policy and Compliance Management system. Overview Students will gain knowledge of the key RSA Archer Policy and Compliance Management components through presentations and hands-on exercises. Audience Policy and Compliance management team members who will be using the RSA Archer Policy and Compliance Management solution to define, implement, and maintain a policy and compliance management initiative. This may include managers, team leads, and anyone involved in consolidating policies and ensuring compliance with authoritative sources. Duration 2 days Prerequisite Knowledge/Skills REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Familiarity with the RSA Archer eGRC framework and a general familiarity with policy and compliance concepts. Course Objectives Upon successful completion of this course, participants should be able to:  Explain basic Policy and Compliance Management issues and processes  Illustrate the structure of the RSA Archer Policy and Compliance Management Solution  Begin the implementation process of a Policy and Compliance Management program Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED ARCPCM210 – Onsite class ED ARC TRAIN UNIT – Training Units 28 Course Outline  Introduction to Policy and Compliance Management  RSA Archer Compliance Management Solution ▬ Sarbanes-Oxley Act Concerns ▬ Top Policy and Compliance Management Issues ▬ RSA Archer Compliance Structure Components ▬ Policy and Compliance Processes in a Nutshell ▬ How Compliance is Rated ▬ Exception Requests Workflow ▬ Policy and Compliance Key Components  RSA Archer Policy Management Solution  Compliance Management Exercises RSA Archer Interface ▬ Exercise: Review Control Procedure Mapping RSA Archer Policy Structure Components ▬ Exercise: Assess a Process Control ▬ Phased Implementation Approach ▬ Exercise: Assess a Technical Control ▬ Post-Implementation Processes ▬ Exercise: Address Findings – Remediation Plan ▬ Exercise: Address Findings – Exception ▬ ▬ Request  Policy Management Exercises ▬ Exercise: Analyze Existing Policy ▬ Exercise: Define Scope ▬ Extraction & Mapping ▬ Exercise: Policy Extraction ▬ Exercise: Control Standard Extraction & Mapping ▬ Exercise: Format/Import Content ▬ Exercise: Perform a Gap Analysis ▬ Exercise: Import Provided Content ▬ Exercise: Approve a Policy Change ▬ Exercise: Policy Awareness Campaign  Compliance Strategies ▬ Control-Based Compliance ▬ Asset-Based Compliance ▬ Compliance Testing Cycle ▬ Round Table Discussion ▬ Additional Resources © Copyright 2013 EMC Corporation. All rights reserved. 08/2013 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 29 GRC Overview Course Description AT-A-GLANCE This e-Learning course provides a general introduction to Governance, Risk, and Compliance concepts. This eLearning course is not product specific. Overview This self-paced eLearning course introduces the general concepts of Governance, Risk and Compliance (GRC) from a business perspective. It focusses on why GRC is important to business and how GRC impacts each area of a business. Audience - RSA Customers Duration Approximately 30 minutes (e-Learning) Prerequisite Knowledge/Skills None REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training Course Objectives Upon successful completion of this course, participants should be able to:  Describe the elements that comprise Governance, Risk and Compliance  Describe how GRC addresses business challenges  Understand the impact of GRC on people and processes within the business Course Outline  Business pressures and risks CONTACT US: Email: [email protected]  What is GRC?  Governance, Risk and Compliance strategies  How companies address GRC Phone: 800-995-5095  Enterprise GRC Int’l: 781-515-7700  Stages of GRC adoption 781- 515-6630  GRC for IT organizations  Technology that supports GRC Fax: 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED-ARC-TRAINUNIT – Training Units © Copyright 2015 EMC Corporation. All rights reserved. 9/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 30 RSA Archer® Administration Course Description AT-A-GLANCE This course provides an overview to the concepts, processes, and procedures necessary to successfully design and administer the RSA Archer platform. Overview Students will gain knowledge of the key RSA Archer platform components such as applications, security management, and communication tools through presentations and hands-on exercises. After taking this course, students will be able to plan, configure, and manage the RSA Archer environment. The subject matter in this course prepares students with the classroom component recommended for the RSA Archer Certified Administrator certification. Audience Archer administrators who are responsible for building and managing the RSA Archer eGRC product. Duration 4 days REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED ARCADMIN210 – Onsite Class Prerequisite Knowledge/Skills None Course Objectives Upon successful completion of this course, participants should be able to:  Navigate within the RSA Archer system  Configure the look and feel of the RSA Archer interface  Create or edit an application  Import data  Set up email notifications  Create data-driven events and calculated fields  Manage user access  Automate work streams  Complete a questionnaire  Perform a data feed  Search and report on data  Set up a dashboard  Migrate changes between environments  Identify additional support resources ED ARC TRAIN UNIT – Training Units 31 Course Outline  Introduction to RSA Archer ▬ RSA Archer Overview ▬ Introduction to the case study  Automate Work Streams ▬  Configure a two-stage workflow Questionnaires ▬ Question Library Overview ▬ Interface components ▬ Questionnaire Creation Process ▬ Managing content records ▬ Completing a Questionnaire  General Navigation  Configure the Appearance ▬ Managing Themes ▬ Managing the Appearance  Centralize and Organize Data  Integration Options ▬  Data Feed Manager Search and Report on Data ▬ Quick Search ▬ Advanced Search ▬ Statistics Search and Chart Options ▬ Reporting ▬ Data structure ▬ Application Builder overview ▬ Inside Manage Applications ▬ General Application Properties ▬ Field Management ▬ Page Layout ▬ iViews ▬ Navigation Menu ▬ Dashboards ▬ Workspaces ▬ Additional Configuration Options   Import Data ▬ Using the Data Import Manager  Alert Users to Data Changes ▬ Creating Letterheads ▬ Managing Subscription Notifications ▬ Troubleshooting Tips  Optimize the User Experience ▬ Data-Driven Events ▬ Calculated Fields ▬ Troubleshooting Tips  Manage User Access    Communicate Information to Stakeholders Packaging for Production ▬ Creating Packages ▬ Installing Packages ▬ Advanced Package Mapper Design Best Practices ▬ Field Design Tips ▬ Application Layout Tips ▬ Data-Driven Event Tips Application Creation Case Study ▬ Hands-on exercise in which participants are challenged to build a best-in-class application with minimal assistance ▬ Access Control Basics ▬ User Accounts ▬ Access Roles ▬ Groups ▬ Record Permissions ▬ Customer Support Options ▬ Private Fields ▬ Certification Exam Information ▬ Troubleshooting Tips  Course Summary © Copyright 2014 EMC Corporation. All rights reserved. 09/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 32 RSA Archer® Advanced Administration Course Description AT-A-GLANCE This course provides handson training on the administration, configuration and bestpractice deployment of the RSA Archer Platform. Overview Throughout the course, students will be presented with a diverse collection of realworld governance, risk, and compliance problems and be shown and guided through the recommended steps involved in solving these pain points by using the features available in the RSA Archer eGRC Suite. Extensive hands-on labs reinforce the tasks involved in designing and automating GRC processes and extending the value of the RSA Archer eGRC Suite throughout the organization. After completing this class, students will be prepared to use the RSA Archer eGRC Suite to solve an extensive array of GRC problems and meet the business requirements of various enterprise stakeholders. Audience Governance, risk, and/or compliance professionals, business owners, or IT personnel who need to automate and streamline existing processes, integrate the RSA Archer platform with third-party systems, or deliver assessments across the enterprise. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED ARCADVADM210 – Onsite Class ED ARC TRAIN UNIT – Training Units Duration 4 days Prerequisite Knowledge/Skills Previous experience creating applications within the RSA Archer product or successful participation in the standard RSA Archer Administration course. Course Objectives Upon successful completion of this course, participants should be able to:  Create a custom, multi-stage workflow process that automates a manual process  Import existing information from a legacy system into RSA Archer applications and questionnaires  Integrate the RSA Archer product with third-party systems and data sources to consolidate enterprise information  Design best-practice assessment campaigns to measure compliance across the organization  Construct complex search criteria to locate key information and identify data trends  Visually showcase compliance with industry regulations through reports and dashboards  Alert organization stakeholders through scheduled report distributions  Export RSA Archer data into pre-formatted, professional-looking report templates 33 Course Outline  Streamlining GRC Processes — Day One  Communicating GRC Data – Day Four, Part I ▬ Replicating a multi-stage workflow to transfer a manual, paper-based process to an automated, online tool ▬ Generating real-time reports across distant data relationships to provide greater insights into GRC processes ▬ Constructing a scalable access control framework for enabling end users to participate in GRC processes ▬ Designing a user-friendly dashboard and interface to clearly communicate the posture of various business units ▬ Automating and manipulating data through ▬ Delivering snapshot reports on a set schedule calculations to support enhanced data analytics and reduce data entry time to inform key stakeholders of the current status ▬ Exporting RSA Archer data to email and Word templates to generate professional-looking, document-based reports for senior management ▬ Publishing RSA Archer data to external databases  Integrating External Data — Day Two ▬ Transferring leveled, document-centric policies into a data-centric format in the RSA Archer Platform ▬ Using a data feed targeting database sources to quickly transfer legacy data to a centralized system ▬ ▬ Creating a data feed to access an RSS source and retrieve the information into an RSA Archer application Transferring data between RSA Archer applications to support data trending and reduce manual effort  Demonstrating Compliance – Day Three ▬ Importing compliance questions into RSA Archer’s global question library ▬ Creating an assessment campaign to demonstrate compliance with internal and external regulations ▬ Managing question scoring and findings  Maintaining the System – Day Four, Part II ▬ Discussing resources for the most current installation and sizing recommendations ▬ Configuring instance settings via the Archer Control Panel ▬ Accessing and reading log files ▬ Troubleshooting common RSA Archer issues to ensure effective system operations generation to better understand the risk impact to the organization ▬ Referencing existing assessment responses in future assessments © Copyright 2014 EMC Corporation. All rights reserved. 09/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 34 RSA Archer® Solutions Overview Course Description AT-A-GLANCE This e-Learning course provides an overview of the RSA Archer GRC Platform, RSA Archer Solution modules, and Out-of-theBox business use cases. Overview This self-paced, interactive e-Learning course provides an introduction to the RSA Archer Platform and its application to the management of Governance, Risk, and Compliance in an organization. RSA Archer’s Solution modules are described and use cases discussed for Out-of-the-Box applications. Audience RSA Customers RSA Partners RSA Internal Staff Duration Approximately 20 minutes (e-Learning) Prerequisite Knowledge/Skills Students should be familiar with basic principles of GRC (Governance, Risk, and Compliance). REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Course Objectives Upon successful completion of this course, participants should be able to:  Understand Governance, Risk, and Compliance (GRC) and its organizational impact.  Describe the RSA Approach and its Business Value.  Summarize RSA Archer Solution Areas.  Reference and describe common RSA Archer Use Cases.  Describe each RSA Archer Solution module and summarize key features and benefits. Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED ARCADVADM210 – Onsite Class ED ARC TRAIN UNIT – Training Units 35 Course Outline  RSA Archer Introduction ▬ GRC Defined ▬ Organizational Challenges ▬ The RSA Approach & Business Value ▬ RSA Archer Platform  RSA Archer Solution Areas: Addressing Critical Business Needs ▬ IT Risk & Security Management (ITRSM) ▬ Operational Risk ▬ Regulatory Compliance ▬ Third Party Risk ▬ Audit ▬ Business Resiliency  RSA Archer Use Cases ▬ Review various Out of the Box (OOTB) Use Cases  RSA Archer Solution modules ▬ Threat Management ▬ Vendor Management ▬ Vulnerability Risk Management (VRM) ▬ Risk Management ▬ SecOps Management ▬ Business Continuity Management ▬ Compliance Management ▬ Incident Management ▬ Policy Management ▬ Audit Management © Copyright 2014 EMC Corporation. All rights reserved. 09/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 36 Expected Availability: mid-Q4 2015! RSA® Archer Security Operations Management (SecOps) Essentials Course Description Overview AT-A-GLANCE The RSA Archer Security Operations Management course provides an overview of the business need for managing security operations and the business impact that SecOps provides. Content includes SecOps functionality for SOC management and incident and data-breach management. This course provides practitioner-level training on the business need for managing security operations and the business impact of the RSA Archer Security Operations Management (SecOps) solution and its basic functionality. Content provides a basic understanding of the challenges of managing IT security operations, and describes how SecOps is positioned to address those challenges. Students will learn about the basic functionality of SecOps – from managing a Security Operations Center (SOC) to managing incident response and data-breach response – and will learn how the SecOps solution enables organizations to manage the entire lifecycle with integrated business context and best practices aligned with industry standards. This course introduces the key personas involved in security operations management, as well as presenting typical security operations management workflows and describes how various roles have full visibility into the entire process lifecycle with focused workflows, dashboards, and reports. Audience RSA Archer Security Operations Management Practitioners. Duration REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Estimated time to complete is 90 minutes. Prerequisite Knowledge/Skills Archer GRC Solutions Overview and knowledge about the GRC industry. Course Objectives Upon successful completion of this course, participants should be able to:       Explain the necessity for and challenges to security operations management Describe the business impact that SecOps provides. Identify the purpose of, workflow, and typical roles in a security operations center. Describe the functionality of the SecOps solution. Perform the functional tasks – at a Practitioner level – that are enabled by SecOps. Explain how SecOps is used to meet IT Security and Risk Management business requirements. Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED-ARC-TRAINUNIT – Training Units 37 Course Outline  Module 1 – Managing Security Operations – Importance of managing security operations – Function and purpose of a SOC – Process of security operations management – Key personas in a SOC  Module 2 – RSA Archer Security Operations Management Solution (SecOps) – World-Class SOC program – SecOps in action – SecOps value – SecOps and the SOC lifecycle – SOC maturity model – Security incident response industry standards – SecOps architecture – SecOps workflow  Module 3 – Managing SOC Readiness – SOC staff and contacts – SOC policies and procedures – Policy review – Security controls – Call trees  Module 4 – Responding to Incidents – Level 1 workflow – Level 2 workflow – Alerts and incidents – Alert aggregation – Declared incidents – Confidential incidents  Module 5 – Responding to Data Breaches – Data breach workflow – Breach response lead and team  Module 6 – Remediation – Remediation workflow – Review workflow – Exception request workflow  Module 7 – How SecOps Fits into ITSRM – What is ITSRM? – How is SecOps used in the ITSRM solution © Copyright 2014 EMC Corporation. All rights reserved. 09/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 38 RSA® Security Operations Management Solution Basics Course Description Overview AT-A-GLANCE This course provides an overview of the concepts, processes, and procedures to effectively use RSA Security Operations Management Solution in a Security Operations Center. Students will gain knowledge of the structure and operations of the RSA Security Operations Management Solution through presentations and hands-on exercises. This course addresses the tasks and responsibilities of several typical roles and personas that are part of an organization’s Security Operations Center. Audience Customers who perform the following jobs can benefit from this course:  Security Operations Center (SOC) manager  Breach coordinator  Incident coordinator  Incident handler  IT Helpdesk analyst Duration 2 days Prerequisite Knowledge/Skills REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED-ARC-TRAINUNIT – Training Units To receive the most benefit from this training, we recommend that students have:  Basic understanding of the use and management of RSA Archer and RSA Archer Enterprise Management Solution  Basic understanding of the use and management of RSA Security Analytics  Familiarity with basic security event reporting and analysis  Familiarity with basic Security Operations Center functions and tasks Course Objectives Upon successful completion of this course, participants should be able to:  Understand the industry standards such as VERIS, NIST, and SANS with respect to reporting and managing a security incident response process; and how RSA Security Operations Management Solution is so aligned  Understand the high-level solution architecture of the RSA Security Operations Management Solution  Explain the security operations management workflow supported by the RSA Security Operations Management Solution  Explain and navigate the built-in dashboards of the RSA Security Operations Management Solution  Identify and understand the differences between the six personas (roles) supported by the RSA Security Operations Management Solution  Understand the workflows in the solution for the respective SOC personas  Identify the phases and workflow relating to incident management  Understand the contribution of RSA Security Operations Management Solution to SOC operations 39 Course Outline  Security Operations Management Overview ▬ ▬ ▬  Incident Response Function and purpose of a Security Operations Center (SOC) ▬ Incident response workflow ▬ Alerts and incidents; aggregating alerts Security incident response industry standards [VERIS, NIST, and SANS] ▬ Incident types ▬ Incident Declaration, Creation, Assignment, Review, and Closure Capabilities of RSA Security Operations Management Solution ▬ Incident response tasks ▬ Solution architecture ▬ Incident escalation ▬ Key personas in Security Operations Management ▬ Incident investigation, forensic and impact analysis ▬ Security Operations workflow ▬ Handling shift handovers ▬ RSA Archer Enterprise Management Solution Overview  Introduction to RSA Security Operations Management Solution ▬ ▬ RSA Security Operations Management Solution dashboards and navigation RSA Security Operations Management Solution implementation lifecycle  Managing SOC Readiness ▬ Managing the SOC staff and Contacts – Managing SOC policies and procedures  Data Breach Response ▬ Data Breach response workflow ▬ Breach risk assessment ▬ Declaring a breach ▬ Creating and assigning breach tasks ▬ Executing a call tree  Remediation ▬ Issue remediation workflow ▬ Findings process ▬ Resolving and reviewing findings ▬ Exception process ▬ Remediation plan © Copyright 2015 EMC Corporation. All rights reserved. 09/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 40 RSA Archer® Custom End-User Training Data Sheet AT-A-GLANCE “It was an absolutely fantastic course due to the instructor’s energy, enthusiasm, and excitement about the product and interest in our success. The coaching and support throughout the process had a huge impact on our team.” VP Educational Services Major Financial Institution Overview RSA Archer supports business-level management of enterprise governance, risk and compliance. With RSA Archer you have the ability to adapt a solution to your requirements without touching a single line of code. The most demanding Fortune 500 companies have seized the power of RSA Archer to automate business process, streamline workflow, control user access, and tailor a user interface and report in real time. To ensure that your RSA Archer solution is being leveraged to its maximum potential, RSA Education Services offers the RSA Archer Custom End-User Training Service to guide you through the process of training your organization’s end user population. Offering Details With practical experience using Archer solutions, business process and risk management expertise, and instructional design and training delivery skills, an RSA Training Consultant will work closely with you to understand your specific RSA Archer use case and identify learning objectives. You’ll have the opportunity to review the training content along the way to ensure that you receive deliverables that will successfully meet your training objectives. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] While every customer’s use case is unique, training may include topics like the following:  RSA Archer Overview  General Navigation  Working with records  Searching and Reporting  Custom topics (defined with the customer) This education service is based on a single use case and includes the following:  A needs assessment to understand the customer’s use case and training requirements  A scripted PowerPoint slide deck that includes content customized to your environment  Content branded with the organization’s logo and standard .PPT template  Unlimited use of materials for its end users  Access to an editable version of the content Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED ARC EUTTT 210 – Train-thetrainer option ED ARC EUELN 210 – E-Learning option ED ARC EUILT 210 – Instructor Led Delivery by RSA “It was an absolutely fantastic course due to the instructor’s energy, enthusiasm, and excitement about the product and interest in our success. The coaching and support throughout the process had a huge impact on our team.” VP Educational Services Large Financial Institution 41 ABOUT RSA RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world's leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com, or email [email protected]. © Copyright 2014 EMC Corporation. All rights reserved. 09/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 42 RSA® Data Loss Prevention Administration Course Description AT-A-GLANCE This course provides comprehensive instruction in the administration and configuration of the RSA Data Loss Prevention (DLP) Suite. Overview Theory and product basics such as the RSA DLP Suite architecture, integration of RSA DLP components, and the importance of various configuration parameters are discussed. Students participate in hands-on exercises that build on the basic concepts and allow practical experience in building an RSA DLP system. Audience System, security, or help desk personnel who need to install, deploy and/or maintain an RSA Data Loss Prevention system. Duration 4 days Prerequisite Knowledge/Skills REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED DLPADM210 – Onsite Class Familiarity with user and system administration, networking fundamentals, and general information security concepts. Familiarity with Web, Application and directory server (LDAP) and/or Relational Database (RDBMS) technologies as well as basic programming and scripting concepts is also beneficial. Course Objectives Upon successful completion of this course, participants should be able to:  List the features and benefits of the RSA Data Loss Prevention Suite of products including DLP Network, DLP Datacenter, and DLP Endpoint  Administer the RSA Data Loss Prevention Enterprise Manager  Create and manage RSA Data Loss Prevention policies  Create and manage RSA Data Loss Prevention content blades  Deploy RSA Data Loss Prevention agents and grid scan groups  Review what remediation actions are available and what the benefit of each is  Generate RSA Data Loss Prevention incident and event reports  Perform basic operational tasks including upgrading software, importing and exporting configuration files, reviewing high availability and load balancing, applying patches, and viewing alerts ED DLP TRAIN UNIT – Training Units 43 Course Outline  Introduction to Data Loss Prevention ▬ List the key features of the RSA DLP Suite ▬ Identify the key components of the RSA DLP Suite ▬ Describe the role of RSA DLP Enterprise Manager ▬ Explain the differences between RSA DLP Network, Datacenter, and Endpoint ▬ Define how policy violations are handled by RSA DLP Endpoint Enforce  Creating Content Blades ▬ Compare fingerprinting and describing content ▬ List the detection accuracy methods available ▬ Discuss the importance of weight, score and count ▬ Discuss the importance of accuracy and precision ▬ Explain how a risk score determines severity ▬ Manage and create content blades  Enterprise Manager Administration ▬ Login to the Enterprise Manager for the first time ▬ List the key features of Enterprise Manager ▬ Access and license the Enterprise Manager ▬ List new dashboard features ▬ Review the Enterprise Manager tabs ▬ Enter LDAP configuration settings ▬ Perform user and group administration ▬ Configure an email server and notifications ▬ Delete incidents and events ▬ Display device status  Working with Fingerprinted Content ▬ Describe fingerprinting and hashes ▬ Define fingerprinting terminology ▬ Configure a file crawler ▬ Configure a database crawler  Network Appliance Configuration ▬ Identify the main components of RSA DLP Network ▬ Re-install an RSA DLP Network appliance ▬ Login to an RSA DLP Network appliance ▬ Perform an initial configuration of an appliance ▬ Perform basic configuration for a RSA DLP Network Interceptor ▬ Describe the Email Self Release feature ▬ Evaluate sensor capacity needs ▬ Diagram the ICAP server event flow ▬ Perform a basic configuration of an ICAP server  Introduction to Policies ▬ Explain the function of the RSA DLP Content Classification and Analysis system ▬ Describe the use and purpose of policies in the DLP Suite ▬ Explain how content blades are used in policies to detect sensitive information ▬ Create policies using a supplied template ▬ Configure DLP Network policies in a virtual network environment  DLP Datacenter ▬ List key features and components of DLP Datacenter ▬ Install the Enterprise Coordinator ▬ Configure the Enterprise Coordinator ▬ Describe the scan types available in DLP Datacenter ▬ Install and configure a site coordinator ▬ Create a grid scan group ▬ View scan status and history  Agent and Repository Scans ▬ Analyze agent scan status ▬ Configure an agent scan group ▬ Schedule an agent scan ▬ Analyze agent scan history ▬ Configure a repository database scan  DLP Endpoint ▬ Explain how DLP Endpoint Enforce works ▬ List the components that comprise DLP Endpoint ▬ Configure policy settings relevant to DLP Endpoint ▬ Install DLP Endpoint Enforce agents ▬ Create a DLP Endpoint Enforce group ▬ Manually deploy a DLP Endpoint Enforce agent  Workflow and Remediation ▬ Describe incident and event workflow within RSA DLP ▬ Compare DLP remediation actions ▬ Describe how manual remediation functions ▬ View policy, incident, and transmission details ▬ View incident history and notifications  Reports ▬ Describe the main DLP reporting features ▬ Navigate the Enterprise Manager dashboard ▬ View and edit reports ▬ Customize a report ▬ Export report data ▬ Create DLP Asset Heat Map reports  Basic Operations ▬ Export and import DLP configuration files ▬ Review backup options for DLP ▬ Discuss high availability options for DLP components ▬ Describe how to configure Enterprise Manager failover ▬ Review Patching and upgrade operations for DLP ▬ List the benefits of integrating DLP and RMS ▬ Select and associate an RMS template for use with DLP © Copyright 2014 EMC Corporation. All rights reserved. 08/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 44 RSA® ECAT Fundamentals Preliminary Course Description Overview AT-A-GLANCE The RSA ECAT Fundamentals eLearning provides an overview of ECAT’s role, familiarizes you with key components of the ECAT user interface, and enables you to conduct basic threat analysis. This eLearning provides an overview of RSA ECAT’s role and core functionality. Students will gain familiarity with the ECAT interface, a broad understanding of the team responsibilities necessary for effective threat detection, and a detailed understanding of basic threat analysis. Video-based instruction is used to reinforce the student’s familiarity with ECAT and the key Modules and Machines views. Concept review and further User Interface engagement is provided in the form of a series of interactive challenges. Audience Enterprise security analysts, consultants, incident response staff and managers, RSA ECAT administrators, and any other technical users who will employ or support the tool. Duration 90 minutes REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 Prerequisite Knowledge/Skills No prerequisites; familiarity with network, security, and general IT principles will be helpful. Course Objectives Upon successful completion of this course, participants should be able to:  Describe the role of RSA ECAT in endpoint threat detection  Understand the roles and responsibilities required within an ECAT team  Detect known and some unknown malware executables and processes  Determine the general ECAT architecture of any deployment  Interpret module and machine lists in the ECAT interface  Detect malicious characteristics and behaviors in endpoint files and processes 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED-SA-TRAINUNIT – Training Units 45 Course Outline  Overview ▬ The Challenge: Malware Inside ▬ A Malware Rogue’s Gallery ▬ Threats from Basic to Advanced ▬ Monitoring the Modules in the Endpoints ▬ ECAT’s Approach to Endpoint Threat Detection ▬ ECAT’s Scan Techniques ▬ Timeline of Typical Attack ▬ ECAT Architecture ▬ Option: The Roaming Agent Relay ▬ Installation and Deployment ▬ Tuning, Optimization, and Administration  Getting Started ▬ Meet the Team ▬ Process: Getting Started ▬ Continual Analysis, Occasional Re-Tuning ▬ Main Menu ▬ Dashboard ▬ Machines ▬ Modules ▬ IP List ▬ Certificates ▬ Instant IOCs ▬ Downloads ▬ Events ▬ User Interface Walkthrough ▬ ECAT Packager  Threat Detection ▬ Out of the Box Monitoring ▬ Whitelisting and Blacklisting ▬ Automatic Whitelisting and Blacklisting ▬ Additional Tuning and Optimization ▬ Analysis: Review Which Modules? ▬ Module Review ▬ Network Monitoring ▬ Behavior Tracking ▬ Confirm Trusted Module ▬ Confirm Malicious Module ▬ Forward to Security Analytics ▬ Edit Status and Remediation Action ▬ Active Hunting Tactics ▬ Team-Based Hunting  A Week of ECAT ▬ Concept Review ▬ Interactive Interface Quiz © Copyright 2015 EMC Corporation. All rights reserved. 09/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 46 RSA® Security Analytics Introduction Course Description AT-A-GLANCE Overview This course provides an overview of RSA Security Analytics, including monitoring. This self-paced, interactive eLearning provides an introduction to the RSA Security Analytics product, along with the components and different appliances that make up an RSA Security Analytics implementation. You will first familiarize yourself with the RSA Security Analytics product, its functionality, and different customer implementations. You will then review the architecture and various components of RSA security Analytics. Finally, you will examine the way data flows throughout an RSA Security Analytics implementation. Audience REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] RSA RSA RSA RSA RSA RSA RSA Customers Professional Services Consultants and Partner Technical Support Engineers and Consultants Project Managers Solutions Success Managers Solutions Architects Sales Engineers Duration Approximately 1 hour (E-learning) Prerequisite Knowledge/Skills Students should be familiar with basic computer architecture, data networking fundamentals and general information security concepts. A background in Enterprise networking and data communications is required. Basic knowledge of the TCP/IP protocol stack is required. Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED SA AN 210 - Onsite Class ED SA TRAIN UNIT – Training Units Course Objectives Upon successful completion of this course, participants should be able to:  Understand RSA Security Analytics  Explain the architecture of RSA Security Analytics  Analyze common customer implementations of RSA Security Analytics  Identify, describe, and compare the components and appliances of RSA Security Analytics  Summarize the flow of information throughout an RSA Security Analytics environment 47 Course Outline  RSA Security Analytics Overview ▬ Define RSA Security Analytics ▬ Identify how meta is created ▬ Summarize the role meta plays in SA  RSA Security Analytics Architecture ▬ Identify components of the RSA Security Analytics environment ▬ Compare the function of the RSA Security Analytics components ▬ Explain how RSA Analytics captures information  Customer Implementations ▬ Review various RSA Security Analytics implementations and use cases  How Data Flows through RSA Security Analytics ▬ Summarize how data flows through the SA environment ▬ Compare the role of specific appliances in this process  Suggested Resources ▬ Suggested training © Copyright 2015 EMC Corporation. All rights reserved. 09/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 48 RSA® Security Analytics 10.5 What’s New Overview Course Description AT-A-GLANCE Overview This E-learning course focuses on reviewing the new features of the RSA Security Analytics 10.5 product release. This E-learning course provides an overview of the new and exciting features being introduced in RSA Security Analytics 10.5, such as platform updates, licensing changes, data privacy and cloud visibility. Audience Anyone interested in an overview of the new features of RSA Security Analytics 10.5. Duration 30 minutes (E-learning) Prerequisite Knowledge/Skills Students should be familiar with previous versions of the RSA Security Analytics product. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED SA TRAIN UNIT – Training Units Students should be familiar with basic computer architecture, data networking fundamentals and general information security concepts. A background in Enterprise networking and data communications is required. Basic knowledge of the TCP/IP protocol stack is required. Course Objectives Upon successful completion of this course, participants should be able to:  Platform updates  Licensing and entitlement changes  Administration and audit logging  Event source grouping and monitoring  Health and wellness  Data privacy  Investigation and concentrator changes  Reporting engine updates  Event Stream Analysis (ESA)  Incident management  Archiver and analyst updates  Workbench  Cloud visibility © Copyright 2015 EMC Corporation. All rights reserved. 09/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 49 RSA® Security Analytics Foundations Course Description AT-A-GLANCE Overview This foundations course focuses on the core features and functions of the RSA Security Analytics product. This Instructor Led Training (ILT) course provides a foundational overview of the core components of RSA Security Analytics. Students gain insight into the core concepts, uses, functions and features of RSA Security Analytics and also gain practical experience by performing a series of hands-on labs. Audience Anyone new to RSA Security Analytics. Duration 3 days (ILT) Prerequisite Knowledge/Skills REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 Students should be familiar with basic computer architecture, data networking fundamentals and general information security concepts. A background in Enterprise networking and data communications is required. Basic knowledge of the TCP/IP protocol stack is required. Course Objectives Upon successful completion of this course, participants should be able to:  Describe the Security Analytics architecture, components and their functions  Describe how metadata is created  Differentiate between meta keys, meta values, and meta data  Investigate data using simple and complex queries  Customize the investigation display  Filter data using rules  Create new meta values using Application and Correlation rules and RSA Live content  Create alerts using ESA and reporting rules to track potential threats  Create and manage incidents 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED SA TRAIN UNIT – Training Units 50 Course Outline  1. RSA Security Analytics Overview ▬ What is RSA Security Analytics? ▬ RSA Security Analytics architecture ▬ Supported data sources ▬ Key features and functions ▬ Customizing the user interface  2. Investigation Basics ▬ What is metadata? ▬ Differentiating between packets and logs ▬ Differentiating between data and metadata ▬ Customizing the investigation screens ▬ Viewing reconstructed events ▬ Writing simple and complex queries ▬ Describing the purpose of meta key indexing ▬ Customizing data and meta data displays ▬ Creating data visualizations ▬ Creating meta groups ▬ Creating custom column groups ▬ Using complex queries, drills and views to perform investigations  3. Refining the Dataset ▬ Filtering data with rules ▬ Taxonomy concepts for metadata ▬ Using Application rules to create new meta ▬ Using Correlation rules to create new meta ▬ Deploying content from RSA Live to create new meta ▬ Describing how parsers populate meta keys ▬ Using alerts and metadata to investigate potential threats ▬ Determining the cause of an incident  4. Reporting and Alerting ▬ Creating reports ▬ Creating alerts to identify future threats ▬ Creating ESA alerts ▬ Managing incidents ▬ Creating incidents © Copyright 2015 EMC Corporation. All rights reserved. 09/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 51 RSA® Security Analytics Core Administration Course Description AT-A-GLANCE Overview This course focuses the essential administrative tasks for RSA Security Analytics, such as user management, configuration and monitoring. This Instructor Led Training (ILT) course provides an overview of essential administrative tasks that are performed for RSA Security Analytics. Students gain insight into Configuring Devices, Monitoring and User Management within RSA Security Analytics and also gain practical experience by performing a series of hands-on labs. Audience Anyone interested in the administration topics listed below for RSA Security Analytics. Duration 2 days (ILT) Prerequisite Knowledge/Skills Students should have completed the RSA Security Analytics Foundations (3-day) ILT course prior to attending this course. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Students should be familiar with basic computer architecture, data networking fundamentals and general information security concepts. A background in Enterprise networking and data communications is required. Basic knowledge of the TCP/IP protocol stack is required. Course Objectives Upon successful completion of this course, participants should be able to:  Discover and configure core RSA Security Analytics hosts  Configure the Reporting Engine and Events Stream Analysis (ESA)  Configure Incident Management (IM) and the Archiver  Describe the Health and Wellness module  Review the REST API  Monitor RSA Security Analytics hosts and services  Create and manage users  Describe data privacy Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED SA AN 210 - Onsite Class ED SA TRAIN UNIT – Training Units 52 Course Outline  1. Configuring RSA Security Analytics ▬ Discovering hosts ▬ Configuring the core hosts ▬ Configuring Security Analytics system settings ▬ Configuring the RSA Live service ▬ Configuring Incident Management (IM) ▬ Configuring the Archiver ▬ Configuring ESA ▬ Configuring the Reporting Engine  2. Monitoring (Health and Wellness) ▬ Health and Wellness module overview ▬ Health and Wellness user interface ▬ Configuring a health notification ▬ System stats browser ▬ Event Source Monitoring ▬ Viewing statistics ▬ Viewing logs ▬ REST API  3. Managing Users ▬ RSA trust model ▬ Managing RSA Security Analytics users and roles ▬ Configuring data privacy ▬ Configuring External Authentication using Active Directory ▬ Configuring External Authentication using PAM ▬ Configuring Data Privacy © Copyright 2015 EMC Corporation. All rights reserved. 09/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 53 Expected Availability: late Q4 2015! RSA® Security Analytics Hunting Course Description AT-A-GLANCE Overview This course presents techniques prescribed by security experts for quickly locating anomalies on the network as well as methods for enhancing the data set to highlight suspicious activity. This Instructor Led Training (ILT) course presents methods and techniques prescribed by security experts for quickly locating anomalies on the network and for enhancing the data set to highlight suspicious activity. It provides recommended strategies and processes for searching for threats along with specific use cases where you will apply the techniques and processes to real-world situations. Audience Anyone interested in using RSA Security Analytics to locate anomalies on the network and identify suspicious activity Duration 2 days Prerequisite Knowledge/Skills REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 Students should have completed the RSA Security Analytics Foundations (3-day) ILT course prior to attending this course. Students should be familiar with basic computer architecture, data networking fundamentals and general information security concepts. A background in Enterprise networking and data communications is required. Strong knowledge of the TCP/IP protocol stack as well as protocols such as DNS, RDP, SSH, ICMP, CIFS, and HTTP are highly recommended. Course Objectives Upon successful completion of this course, participants should be able to:  List techniques for filtering data  Identify protocol anomalies and associated threats  Describe the process for detecting a malware infected host  Identify the causes and implications of Service type OTHER  Identify RSA Security Analytics functions to use in analysis and creation of new intelligence  Create an alert taxonomy  Automate analysis using reports, alerts and incidents  Identify common indicators of compromise  Use recommended techniques, methods, and processes to resolve use cases COURSE PART NUMBERS: ED-SA-TRAINUNIT – Training Units ED-SA-HUNT-210 - Onsite 54 Course Outline 1. Hunting Strategies ▬ Identifying traffic flows ▬ Filtering baseline traffic with network and application rules ▬ Protocol anomalies ▬ Identifying unique network traffic patterns ▬ generated by a host infected with malware ▬ Identifying the difference between network traffic generated by Trojans and normal browsing ▬ Service type OTHER ▬ Defining a taxonomy for alerts ▬ Automating analysis with reports, charts, and incidents 2. Identifying Common Indicators of Compromise (IOC) ▬ Unusual outbound network traffic ▬ Anomalies in privileged user account activity ▬ Geographical irregularities ▬ Login red flags ▬ Swells in database read volume ▬ HTML response sizes ▬ Large numbers of requests for the same file ▬ Mismatched port/application traffic ▬ Suspicious registry or system file changes ▬ DNS request anomalies ▬ Unexpected patching of systems ▬ Mobile device profile changes ▬ Bundles of data in the wrong place ▬ Web traffic with unhuman behavior ▬ Signs of DDoS activity 3. Finding the Threat – Use Cases ▬ Webshell ▬ Malicious Insider ▬ Phishing Challenge Lab © Copyright 2015 EMC Corporation. All rights reserved. 09/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 55 RSA® Security Analytics Introduction to Troubleshooting for Customers Course Description Overview AT-A-GLANCE This e-Learning course provides an introduction to troubleshooting RSA Security Analytics. This self-paced eLearning will improve your understanding of how to troubleshoot. RSA Security Analytics 10.4 (SA). Through a series of interactions and “just-showme” video demonstrations, this course will answer common questions about troubleshooting RSA’s Security Analytics and provide you with the concepts needed to begin troubleshooting on your own. The content is specific to RSA Security Analytics version 10.4. However, there is a lot of commonality between versions and some of the things that you learn may be used to troubleshoot older or newer versions of RSA Security Analytics. Please keep this in mind as you proceed because there may well be variances based on the version. Audience - RSA Customers Duration Approximately 2.5 hours (e-Learning) REGISTER FOR CLASSES: Prerequisite Knowledge/Skills For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: Students should have the following skills or knowledge prior to attending class: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED-SA-TRAINUNIT – Training Units      Familiarity with general troubleshooting methodology Basic understanding of networking concepts General understanding of networking Familiarity with Linux, Java, scripting, and computer hardware Basic experience with Security Analytics Course Objectives Upon successful completion of this course, participants should be able to:          Describe RSA Security Analytics troubleshooting strategies & basicpractices Identify techniques to troubleshoot several specific RSA Security Analytics issues after viewing videos Describe an overall approach to troubleshooting RSA Security Analytics Describe general IT troubleshooting, complexity of RSA Security Analytics, need to look beyond the UI Describe the RSA Security Analytics core components Describe the flow of data throughout an SA environment Describe the life cycle/processing of data Identify the interaction between components Identify common issues with core components 56 Course Outline  Introduction  Component Architecture  Data Flow  Platform Overview  Life-Cycle of Data  Starting Points: Issues with Components Interacting  Assessment  Course Evaluation © Copyright 2015 EMC Corporation. All rights reserved. 09/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 57 RSA® Adaptive Authentication On-Premise Administration Course Description AT-A-GLANCE Overview This course offers hands-on training on the installation, integration, configuration, and administration of RSA Adaptive Authentication OnPremise. The working principles behind RSA Adaptive Authentication On-Premise architecture, system components, and administrative tasks are discussed. Extensive hands-on labs reinforce the tasks involved in implementing an RSA Adaptive Authentication On-Premise system. Audience System, security, or help desk administrators who need to install, configure and/or maintain an RSA Adaptive Authentication On-Premise system. Duration 3 days Prerequisite Knowledge/Skills REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 Familiarity with user and system administration, networking fundamentals, and general information security concepts. Course Objectives Upon successful completion of this course, participants should be able to:  Explain the basic architecture and theory of operation of RSA Adaptive Authentication On-Premise  Describe how RSA Adaptive Authentication On-Premise determines risk  Describe the recommended workflows  Perform the installation tasks involved in installing RSA Adaptive Authentication OnPremise  Explain the steps required to integrate RSA Adaptive Authentication On-Premise with a web application  Use the Back Office Applications to configure, manage, and administer RSA Adaptive Authentication On-Premise  Perform the day to day administrative tasks to keep the RSA Adaptive Authentication On-Premise functioning properly COURSE PART NUMBERS: ED AAOPADMIN210 – Onsite Class ED AA TRAIN UNIT – Training Units 58 Course Outline Operations Session (Day 1 and 2)  RSA Adaptive Authentication On-Premise Overview ▬ Relevant terminology ▬ Features and benefits of RSA Adaptive Authentication On-Premise ▬ Risk-Based authentication ▬ Device profiling ▬ Behavioral profiling ▬ What is multi-factor authentication? ▬ How RSA Adaptive Authentication On-Premise provides for multi-factor authentication  RSA Adaptive Authentication On-Premise Architecture ▬ System components overview ▬ Network Integration ▬ RSA eFraudNetwork ▬ RSA Risk Engine ▬ Policy Management ▬ Back Office Applications ▬ RSA Central ▬ GeoIP Service ▬ Scheduler ▬ Adaptive Authentication utilities  RSA Adaptive Authentication On-Premise Workflows and Processes ▬ Terminology used in workflows ▬ RSA Adaptive Authentication On-Premise workflows  RSA Adaptive Authentication On-Premise Installation ▬ ▬ ▬ ▬  RSA ▬ ▬ ▬ Pre-installation overview Installing RSA Adaptive Authentication OnPremise Post-installation tasks Setting up maintenance and development utilities Back Office Tools Session (Day 3)  RSA Adaptive Authentication On-Premise Overview ▬ Relevant terminology ▬ Features and benefits of RSA Adaptive Authentication On-Premise ▬ Risk-Based authentication ▬ Device profiling ▬ Behavioral profiling ▬ What is multi-factor authentication? ▬ How RSA Adaptive Authentication OnPremise provides for multi-factor authentication ▬ System Components Overview  RSA Adaptive Authentication On-Premise Risk Score Calculation ▬ How Adaptive Authentication determines risk ▬ Risk score calculation stages  RSA Adaptive Authentication On-Premise Workflows and Processes ▬ Terminology used in workflows ▬ RSA Adaptive Authentication On-Premise workflows  RSA Adaptive Authentication Back Office Applications ▬ Overview of the Back Office Applications ▬ Access Management ▬ Policy Management ▬ Case Management ▬ Customer Service Application ▬ Report Viewer Adaptive Authentication Configuration The configuration framework Creating default configuration files Customizing configuration files  RSA Adaptive Authentication On-Premise Integration ▬ Introduction to the Web services API and methods ▬ Collecting device information ▬ Message format and recommended data elements  RSA Adaptive Authentication Back Office Applications ▬ Overview of the Back Office Applications ▬ Access Management ▬ Report Viewer  Operations ▬ Administration Console ▬ GeoIP Update ▬ Schedule tasks ▬ Update the eFraud Network agent ▬ Log files ▬ RSA Central © Copyright 2014 EMC Corporation. All rights reserved. 06/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 59 RSA® Adaptive Authentication for eCommerce Back Office Tools Course Description AT-A-GLANCE Overview This course offers training on the RSA Adaptive Authentication for eCommerce Back Office Tools. The working principles behind RSA Adaptive Authentication technology, architecture, and system components are discussed. Video demonstrations reinforce the tasks involved in using the RSA Adaptive Authentication Back Office Tools. Audience Team Leaders/Fraud Strategists responsible for fraud prevention planning. Customer Service Representatives who provide support for card holders requiring online transaction assistance, and Fraud Investigators/Analysts. Duration Approximately 2 hours The modules and content presented depends on the student’s job role. The job role is selected from a menu presented at the beginning of the training. REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Prerequisite Knowledge/Skills Familiarity with general information security concepts. Course Objectives Upon successful completion of this course, participants should be able to:  Define RSA Adaptive Authentication for eCommerce  Explain the basic system architecture and components of RSA Adaptive Authentication for eCommerce  Provide an overview of the RSA Adaptive Authentication for eCommerce Back Office Tools  Use the Back Office Tools including: ▬ Back Office Administration ▬ Customer Service ▬ Case Management 174 Middlesex Turnpike ▬ Policy Manager Bedford, Massachusetts 01730 ▬ Management Information Reports Generate Web Reports Describe Raw Data Reports Int’l: 781-515-7700 Fax: 781- 515-6630 COURSE PART NUMBERS: ED AA TRAIN UNIT – Training Units   © Copyright 2014 EMC Corporation. All rights reserved. 06/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 60 Course Outline  RSA Adaptive Authentication for eCommerce Overview ▬ History and evolution of Adaptive Authentication for eCommerce  Case Management Application ▬ Describe a case ▬ List case management best practices ▬ Explain the importance of feedback and Components and processes that make up 3DSecure ▬ Describe repudiation files ▬ Transaction Monitoring ▬ View and update cases ▬ The RSA Risk Engine and eFraudNetwork ▬ Describe low, high, and very high risk transaction workflows ▬  Back Office Tools Overview ▬ Overview of the Back Office tools ▬ Back Office Administration ▬ Customer Service ▬ Case Management ▬ Policy Manager ▬ Management Information Reports  Back Office Administration ▬ Describe the hierarchical structure of users ▬ Roles and access ▬ Manage groups ▬ Manage CSRs working cases  Policy Manager Application ▬ View and update rule definitions ▬ Add rules ▬ Activate a new test rule ▬ Edit and delete rules  Reporting ▬ Describe the different types of reports available ▬ Generate web reports ▬ Describe Raw Data Reports ▬ Describe MIS reports  Customer Service Application ▬ Validate a cardholder’s identity ▬ Manage cardholders ▬ View activity and transaction logs ▬ Use the Personal Account Manager ▬ Work with e-mail alerts © Copyright 2014 EMC Corporation. All rights reserved. 06/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 61 RSA® Adaptive Authentication 12 Migration Course Description AT-A-GLANCE This e-learning course provides an overview modifications for the RSA Adaptive Authentication 12 product through a combination of lecture and demonstrations. Overview This e-learning course describes the back office applications of RSA Adaptive Authentication version 12, with emphasis on the changes compared to the previous version: version 11. The course is comprised of recorded product demonstrations to illustrate RSA Adaptive Authentication 12 in action. Audience Customers who may perform any of the following roles related to an RSA Adaptive Authentication deployment: administration, configuration or maintenance. Duration 60 minutes REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 Prerequisite Knowledge/Skills Students should have the following prerequisite knowledge:  Exposure to administration within RSA Adaptive Authentication  Familiarity with RSA Adaptive Authentication 11 Back Office applications Course Objectives Upon successful completion of this course, participants should be able to work effectively with the new back office applications of RSA Adaptive Authentication 12, including:  Managing administrative settings  Managing access to back office applications  Policy Management  Case Management  Customer Service  Web Reports 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED AA TRAIN UNIT – Training Credits © Copyright 2014 EMC Corporation. All rights reserved. 06/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 62 Course Outline  Migration Preparation Phase ▬ Pre-requisites ▬ Removing Beacon and Web Redirect ▬ Upgrading API ▬ Provisioning ▬ Data Migration  Migration Silent Period ▬ Changing SOAP URL and FQDN ▬ Removing STU and Proxies ▬ Re-implementing RDR, CM API, Bath Files and BO SSO ▬ Re-creating policies   New Features ▬ Device Identification Module ▬ Back Coloring ▬ eFN Enhancements Back Office Differences ▬ URLs ▬ Case Management ▬ Customer Service Updates ▬ Policy Management Changes ▬ Admin Console Changes © Copyright 2014 EMC Corporation. All rights reserved. 06/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 63 RSA® Web Threat Detection Essentials Course Description AT-A-GLANCE This course provides customers with the knowledge and skills they need to use the RSA Web Threat Detection Product solutions. Overview On Day One, users navigate the RSA Web Threat Detection Back Office applications such as the Dashboard, Profile Timeline and more, in their own environment and learn how to evaluate and diagnose web session trends and threats via the RSA Web Threat Detection Dashboard interface. On Day Two, users learn to write rules that result in alerts and actions that provide critical information for further analysis and reporting. All training is delivered on-site at the customer’s location. During these two days, the training will include real-world examples and best practices that RSA Web Threat Detection Threat Analysts use today. Audience Security analysts and/or administrators who will be using the RSA Web Threat Detection system. Duration REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: 2 days Prerequisite Knowledge/Skills Day One attendees will need:  An understanding of web logic abuse and forensic investigation  A general understanding of HTTP, and how web sites work Day Two attendees will need the Day One knowledge, plus:  A general understanding of rules syntax, regular expressions, or similar technologies Course Objectives Upon successful completion of this course, participants should be able to:  Navigate the RSA Web Threat Detection back office applications  Perform searches and analytics based on specific data elements and timeframes  Identify threats, patterns and abnormal behavior based on high risk behaviors  Create Rules and Alerts  Implement best practices for rules management ED WTD ES 210 – Onsite Class ED WTD TRAIN UNIT – Training Units 64 Course Outline Day One:  Introduction to RSA Web Threat Detection Analysis tools ▬ Overview of detection logic concepts ▬ Introduction to threat score types ▬ Overview of rules and alerts  RSA Analysis User Interface utilities Day Two:  Introduction to Rules  Rules Interface ▬ Structure of a Rule ▬ Forensics and Mitigation  Rules Language ▬ Data ▬ Functions ▬ Threat Scores ▬ Dashboard ▬ Profile Timeline ▬ Risk Indicators ▬ Page Analysis ▬ User Analysis ▬ Registers ▬ IP Analysis ▬ External Data Sets ▬ Score trends ▬ Recent incidents  Search  Advanced Techniques  Rules Management ▬ Alerts and Events ▬ Best Practices ▬ Search Overview ▬ Step-by-Step Process ▬ Search Examples ▬ Example Rules ▬ RSA WTD User/IP Lookup ▬ Glossary ▬ Search Query Management ▬ Export of Search Results  Appendix  Rules Overview ▬ Rules Typologies ▬ Rules Data ▬ Rule Format ▬ Rule Syntax ▬ Rule Functions ▬ Use Cases © Copyright 2014 EMC Corporation. All rights reserved. 08/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries 65 RSA® Intelligence-Driven Event Analysis Course Description AT-A-GLANCE The RSA Intelligence-Driven Event Analysis course discusses an intelligencedriven approach to event and incident management for a Security Analyst in a forward-thinking Security Operations Center (SOC). Overview Participants learn about intelligence-driven SOC processes, standard operating procedures (SOPs), and monitoring tools. They learn to recognize the formats associated with the various sources of information available in a network environment. The course follows the end-to-end workflow of a Security Analyst, including all appropriate steps that are needed to handle each type of identified security incident. Audience IT professionals with 2 to 3 years of experience in a troubleshooting role, such as a systems/network engineer, a system administrator, network operations analyst, or a newly-hired security analyst. Knowledge of security fundamentals is required. Duration 2 days Prerequisite Knowledge/Skills REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 Proven capabilities with networking fundamentals, operating systems, and security concepts such as confidentiality, integrity, availability, authentication, and identity. Course Objectives Upon successful completion of this course, participants should be able to:  Identify the roles and responsibilities in a SOC.  Interpret sources of information in a SOC.  Describe how Security Analysts interact with information and data in the SOC environment.  Monitor incoming event queues for potential security events and/or incidents using various security tools per operational procedures.  Perform initial investigation and triage of potential incidents.  Investigate/analyze an incident.  Escalate an incident for further analysis aligned to SOPs.  Document and communicate investigative results aligned to escalation and/or handoff SOPs.  Walk through an incident from alert to escalation to closure.  Apply concepts that are learned in the classroom setting to their specific working environment. COURSE PART NUMBERS: ED ACD IDEA 210 – Onsite Class ED ACD TRAIN UNIT – Training Units Industry tools used in this course include:  PsTools • Sysinternals Suite  Nmap/ZenMap • RSA Archer  Wireshark • RSA Security Analytics  Process Explorer 66 Course Outline  Roles and Responsibilities in a Security Operations Center ▬ Describe the purpose of a Security Operations Center (SOC) and its basic structure. ▬ Define an event and an incident and describe the difference between the two terms. ▬ Identify the roles and responsibilities in a SOC. ▬ Name some of the tools that are commonly used to monitor events in the SOC. ▬ Outline some of the key components in the incident processing workflow  Interpreting Sources of Information ▬ Diagram the components and tools of technical environment you are working in ▬ Categorize sources of information available to a security analyst ▬ Recognize information formats ▬ Establish the context of the observed information/data ▬ Assimilate external threat data and threat intelligence ▬ Apply internal and external sources of intelligence to an incident  Interacting with Information (Identifying Events) ▬ Become the ‘eyes on glass’ ▬ Analyze logs from distributed system and network security devices ▬ Monitor all alerting systems ▬ Inspect network packet data ▬ View information using a console  Correlating Events ▬ Define event correlation ▬ Use several correlation engines ▬ Assist in the identification of potential computer and communications security issues ▬ Correlate events and incidents with knowledge base of historical events and incidents  Triaging Events ▬ Follow the triage process ▬ Prioritize incidents ▬ Apply standard operating procedures  Analyzing incidents using sources of information ▬ Explain the incident – is your system infected? ▬ Demonstrate fundamental understanding of all standard information sources ▬ Determine whether an incident occurred and handle appropriately  Escalation and Handoff ▬ Escalate an event for further analysis to the incident handler ▬ Follow the SLA to resolution or escalation ▬ Standard operating procedures and analysis  Documenting and Communicating Issues ▬ Update the internal knowledge base and wiki ▬ Perform maintenance activities on security related databases ▬ Assimilate external threat data and threat intelligence © Copyright 2015 EMC Corporation. All rights reserved. 01/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 67 RSA® Incident Handling and Response Course Description Overview AT-A-GLANCE The RSA Incident Handling and Response course prepares a security analyst to take on incident handling responsibilities in a forward-thinking Security Operations Center (SOC). The course provides a thorough overview of tasks, processes, procedures, escalation workflows and tools used by a Security Analyst/Incident Handler. Through use cases, examples, and hands-on exercises, participants investigate a variety of critical incident response scenarios. The instructional material emphasizes decision-making and prioritization with the goal of teaching the students how to make an assessment in a short amount of time using security monitoring instrumentation, contextual analysis and correlation to indicators of network exploitation. Students develop a broader understanding of the role the SOC fulfills in the larger organization, including exposing them to the legal and regulatory compliance issues associated with incident response and assessing organizational risk. Audience Security Analysts with 6-12 months of experience working in a Security Operations Center, Network Operation Center (NOC), Critical Incident Response Team (CIRT) or similar function. Duration REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED ACD IHR 210 – Onsite Class ED ACD TRAIN UNIT – Training Units 3 days Prerequisite Knowledge/Skills Students who have taken the RSA Intelligence-Driven Event Analysis training course and have 6-12 months of experience as a security analyst. Course Objectives Upon successful completion of this course, participants should be able to:  Outline sustainable and repeatable tasks, process, procedures, escalation points and workflows of the Security Analyst/Incident Handler.  Ingest daily intelligence reports and previous shift logs.  Recognize the legal, corporate investigative responsibilities and compliance issues associated with incident response.  Participate in risk analysis for central and distributed networks to include the impact of cloud based infrastructures as part of the SOC.  Outline sustainable and repeatable tasks, process, procedures, escalation points and workflows of the Security Analyst/Incident Handler.  Monitor security events using all SOC data sources.  Investigate all incidents aligned to proper process, procedure and escalation points.  Prioritize incident response relative to threat severity, business context and activity volume.  Recommend, develop, and implement remediation procedures.  Create an incident report with appropriate handoffs and closure.  Coordinate, de-conflict and align event and incident communication.  Support root cause analysis.  Prepare communication for executives and enterprise stakeholders. 68 Course Outline  The Tools and Tasks of an Incident Handler ▬ List the tasks, processes, procedures and escalation points of a level two security analyst ▬ Identify the tools used by the Incident Handler ▬ Provide examples of the types of incidents handled by the Level Two security analyst ▬ Ingest daily intelligence reports and previous shift logs for efficient operations handoffs, escalations and transitions  Investigating an Incident ▬ Outline the steps to take when investigating a security incident. ▬ Develop a set of questions when presented with an incident. ▬ Gather data important to describing and documenting the incident. ▬ Document all collected data. ▬ Analyze the collected data in order to put the pieces together to tell a story. ▬ Make recommendations for next steps for the incident investigation.  Participating in Regulatory Compliance ▬ Define security compliance ▬ Describe the types of compliance standards ▬ Outline the steps to become compliant with a standard ▬ Distinguish a security program from a compliance program ▬ Outline what happens during a compliance audit ▬ Identify the responsibilities of a security analyst for a security audit   Contributing to Risk Assessment and Mitigation ▬ Define organizational risk. ▬ Identify organizational assets and their business function. ▬ Categorize the impact of a loss of an asset or business function. ▬ Monitor security controls to mitigate the risk to your organization. ▬ Contribute to risk analysis for central and distributed networks. ▬ Assess the vulnerabilities of the organizational assets protected by the SOC. Outline an approach to risk management. Prioritizing Incident Response ▬ Evaluate threat severity, business context and activity volume when prioritizing incident response. ▬ Identify escalation points for incident response. ▬ List steps in shift handoff. ▬ Outline the structure of a shift log entry. ▬ List best practices for the shift log.  Recommending Remediation ▬ Recommend remediation to operations ▬ Make recommendations to appropriate department for each incident  Addressing After-Action Items ▬ Create an incident report ▬ Derive and incorporate threat intelligence from incident ▬ Participate in root cause analysis  Preparing Executive-level Communications ▬ Summarize the outcome of a security incident. ▬ Identify the various audiences for a security incident report. ▬ Identify appropriate content for each audience. ▬ Develop the outline of a report for internal and external audience. Industry tools used in this course include:  RSA Security Analytics  RSA Archer © Copyright 2015 EMC Corporation. All rights reserved. 01/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 69 RSA® Threat Intelligence Course Description AT-A-GLANCE The RSA Threat Intelligence course provides Security Analysts with comprehensive instruction on the global threat ecosystem and strategies that organizations can take to protect their assets. Overview In the context of the current threat environment, students learn ways to detect and correlate data for better threat analysis; reduce breach exposure time and break the cyber kill chain; and manage current and future threats. As participants progress through the course, their perceptions of threats will evolve, and they will receive instruction on the role of threat intelligence in security systems that are evolving along with the threat environment. Students participate in hands-on and table-top exercises to practice strategies for analyzing attacks and mitigating their effects, and for applying intelligence-driven security practices in their own organizations. Audience  REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED ACD TI 210 – Onsite Class ED ACD TRAIN UNIT – Training Units   Security analysts who investigate, analyze, and resolve or escalate incidents and issues; monitor external security information sources; or feed actionable intelligence back into systems SOC managers who want to implement a Threat Intelligence capability Novice security analysts who meet prerequisites and want to advance their skills Duration 2 days Prerequisite Knowledge/Skills Students who have taken the RSA intelligence-Drive Event Analysis course. Familiarity with computer architecture principles; networking concepts, and information security theory. Course Objectives Upon successful completion of this course, participants should be able to:  Describe the current global threat ecosystem  Illustrate the logical components of an advanced security program  List best practices for planning advanced defenses  Describe the cyber kill chain  Provide examples of cyber kill chain intervention  Compare traditional threats and Advanced Persistent Threats  Find and use sources of threat intelligence  Perform threat modeling of high-value assets and high-value adversaries  Gather and analyze threat intelligence  Manage the threat lifecycle 70 Course Outline  Threat Overview ▬ Current Threat Ecosystem ▬ Ecosystem Overview ▬ Communities of Attackers ▬ Targets ▬ Vulnerabilities ▬ Avenues of Attack ▬ Tactics, Techniques, and Procedures ▬ Advanced Persistent Threats ▬ Threat Intelligence in an Advanced Security Program ▬ Shortcomings of Traditional Security Measures ▬ Advanced Approaches to Information Security ▬ Advanced Security Operations Center Model ▬ Planning Advanced Defenses ▬ Guiding Principles for Defending the Enterprise ▬ Defining a Cyber Footprint ▬ Quantifying Risk ▬ Applying Security Best Practices ▬ Promoting User Education  Types of Threats ▬ Crimeware ▬ Advanced Persistent Threats (APTs)  Cyber Kill Chain ▬ Attack Progression ▬ Anatomy of an Attack ▬ Cyber Kill Chain Model ▬ Kill Chain Interventions ▬ Detecting Attacks ▬ Indicators of Compromise ▬ Network-based Indicators ▬ Host-based Indicators  Intelligence Sources ▬ Government ▬ Industry Associations & Networks ▬ Commercial Sources ▬ Open Source ▬ Extended Enterprise ▬ Internal Organization Sources  Threat Modeling ▬ Threat Modeling Perspective ▬ Profiling Targets ▬ APT Targets ▬ Reconnoitering Targets, Web Presence, Industries, Social Media, High-Value Assets ▬ Threat Actor Attribution ▬ Actor Identification ▬ Target Identification ▬ Actor Behaviors ▬ Communication Strategy ▬ Threat Modeling Resources  Developing Threat Intelligence ▬ Command and Control Protocol Decoding ▬ Passive DNS Monitoring ▬ Email Operations ▬ Threat Infrastructure Enumeration ▬ Command and Control Domain Correlation ▬ Intrusion Set Attribution ▬ Public-Facing Web Infrastructure  Threat Management ▬ Detecting Threats ▬ Threat Mitigation Strategy ▬ Predicting Threats © Copyright 2015 EMC Corporation. All rights reserved. 01/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 71 RSA® Malware Analysis Course Description AT-A-GLANCE The RSA Malware Analysis course provides security analysts with tools and techniques for analyzing malware and extracting indicators of compromise. Overview The RSA Malware Analysis course provides students with the knowledge and skills to identify and act on actionable intelligence gathered through the process of malware analysis. Students are introduced to the threat landscape and common malware vectors. They learn to select and apply the tools and techniques required to reverse, monitor, and detect a malware threat. Students develop a workflow to gather intelligence and apply it to their security environment. Audience Security analysts, computer forensic investigators, incident responders who have basic knowledge of malware analysis and want to know more about the tools and techniques associated with gathering and responding to actionable intelligence. Duration 4 days Prerequisite Knowledge/Skills REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED ACD MA 210 – Onsite Class ED ACD TRAIN UNIT – Training Units Students who have taken the Intelligence-Driven Event Analysis, Incident Handling & Response, and Threat Intelligence courses or have commensurate experience. Familiarity with computer architecture principles, operating system theory, networking principles (including protocols and communication channels), and fundamental principles of computer security. Experience with programming and scripting concepts is also required. (Python is used during the course.) Course Objectives Upon successful completion of this course, participants should be able to:  Describe the RSA Cyber Defense recommended workflow for reverse engineering current malware threats.  Assess the presence of malware on system.  Examine behavior of malware and its interaction with its environment using dynamic analysis tools and techniques.  Analyze command and control (C2) communication methods to establish the intention and functionality of the malware.  Deduce the program instructions of a malware executable through the use static analysis tools.  Combine static and dynamic analysis methods to investigate more complex features of malware using disassembly and debugging tools.  Collect and report actionable intelligence gained from reverse engineering malware.  Recommend changes to a security program based upon actionable intelligence. Industry tools used in this course include:  Process Monitor • Process Explorer  Regshot • Wireshark  CFF Explorer • IDA PRO (free version)  Volatility • Yara  JSBeautifier • JD-GUI • • • • • Process Hacker HBGary Flypaper Immunity Debugger Malzilla Peepdf 72 Course Outline  Introduction to Malware Analysis ▬ Define the components of malware and how they work together to compromise a system ▬ Identify common malware vectors ▬ Describe the phases of the intrusion kill chain ▬ Outline the tasks involved in malware analysis ▬ Create a safe environment for investigating malware code and behavior.  Assessing the Existence and Persistence of Malware ▬ Establish Indicators of Compromise ▬ Identify host-based artifacts. ▬ Identify network-based artifacts. ▬ Locate indicators of compromise. ▬ Determine malware’s method of persistence. ▬ Outline the procedure for assessing the presence of malware on a system.  Dynamic Analysis of Malware ▬ Outline process of dynamic analysis ▬ Apply dynamic analysis techniques in order to investigate malware’s behavior in a virtual environment. ▬ Examine malware execution using a debugger. ▬ Identify anti-analysis techniques. ▬ Defend against anti-analysis techniques. ▬ Analyze commonly exploited file formats.  Investigating Command and Control Communications ▬ Define command and control communication as used by malware. ▬ List the types of activities an attacker engages in using C2. ▬ Describe C2 techniques. ▬ Outline the procedure to capture and analyze C2 traffic. ▬ ▬ ▬ ▬ Describe how to set up an environment to investigate C2. Identify the tools critical to C2 investigation. Intercept SSL. Address the issue of C2 Not Responding.  Static Analysis of Malware ▬ Explain the process of static analysis. ▬ List the outcomes of the static analysis process. ▬ Classify sources of data viable for analysis. ▬ Identify packing and obfuscation methods used by malware. ▬ Describe how compressed files are able to avoid detection. ▬ Disassemble malware executable code using IDAPro. ▬ Organize information and data gained from static analysis  Advanced Malware Techniques ▬ Multiple layers of obfuscation ▬ Botnets ▬ Backdoors ▬ Debugging using Ollydbg ▬ Analyze memory for the presence of rootkits using Volatility  Making Recommendations Based upon Actionable Intelligence ▬ Collecting Actionable Intelligence Gained from Malware Analysis ▬ Identify trends and problems to solve ▬ Communicate Actionable Intelligence ▬ Formulate recommendations ▬ Develop Yara rules to classify malware © Copyright 2015 EMC Corporation. All rights reserved. 01/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 73 RSA® SOC Simulation Challenge (“SOCSim”) Offering Description Overview RSA SOCSim, a forensic analysis experience, exposes participants to network and host forensic analysis within a real-world breach scenario using simulated SOC dynamics. Participants are presented with a use case that requires them to analyze data flowing over the network. They are guided through the analysis by challenge questions using a “Jeopardy!” style interface based on the Cyber Kill Chain methodology. Answers are derived through data exploration and investigation of sophisticated "puzzles within puzzles" such as protocol and application analysis, steganography, reverse engineering, encryption/decryption, open source intelligence and much more... AT-A-GLANCE Experience the challenge of competition while responding to questions based on a real-world breach scenario. Industry tools used in this course include:  RSA Security Analytics 10.5  RSA ECAT 4.0.0.5  Other open source tools At the end of the challenge, the RSA facilitator will provide an overview of the breach scenario, including key analytical discoveries for each phase of the Cyber Kill Chain and respond to outstanding questions that participants may have. Audience Security analysts, computer forensic investigators, incident responders who have had exposure to network, log and host forensic analysis, and want to challenge themselves with simulated breach scenarios. REGISTER: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBER: Public: ED ACD TRAIN UNIT (9 units) Onsite: ED ACD SOCSIM 210 Duration Approximately 6 hours. Prerequisite Knowledge/Skills Exposure to network, log and host forensic analysis is beneficial. Some security operations experience would be helpful. Working knowledge of RSA Security Analytics is required. Course Objectives At the end of the challenge, participants will walk away with hands on experience and exposure to:  Network forensics through network protocol and application analysis  Host-based forensics through log analysis  Malware forensics through static and dynamic analysis  Use of open source threat intelligence  Common breach scenarios/tactics  Cyber Kill Chain methodology  Common tools used by network analysts/incident handlers Experience of RSA’s Experts RSA and EMC have a 30-year legacy of working with clients worldwide to deliver security solutions. RSA has leveraged its relationships with industry leaders to give you deep insight into the most current threats and the intelligence-driven techniques and tools to mitigate the risk of disclosure of information. 74 RSA® Cyber Defense Workshop Course Description AT-A-GLANCE The RSA Cyber Defense Workshop is designed to give participants practical experience as security analysts who work in a Security Operations Center (SOC), Critical Incident Response Center (CIRC) or other critical incident response capacity. Overview In this advanced workshop, participants are immersed in a simulated CIRC environment where they assume different roles and manage the security events that take place over the course of a three-day scenario. Day-to-day security incidents will occur alongside potentially catastrophic activity related to the advanced tactics of determined and persistent adversaries. Each member of the CIRC Team will have to utilize skills and tools in order to detect, contain and eradicate the threat as well as document the incidents for executive review. There is virtually no lecture associated with this workshop; participants learn by doing. This is the perfect opportunity for members of security teams to sharpen their skills related to the newest attacks in a controlled environment assisted by experts. The Workshop provides valuable insights for determining the specific skillsets and tools that an organization needs in order to mitigate these most advanced types of attacks against corporate assets. Audience REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 174 Middlesex Turnpike Bedford, Massachusetts 01730 COURSE PART NUMBERS: ED ACD CDW 210 – Onsite Class ED ACD TRAIN UNIT – Training Units Security analysts, computer forensic investigators, incident responders who have had exposure to malware analysis and want to know more about the tools and techniques associated with gathering and responding to actionable intelligence while acting as a member of a critical incident response team. Duration 3 days Prerequisite Knowledge/Skills Participation in the RSA Incident Handling & Response course or commensurate experience. Some exposure to malware analysis, incident response, and risk/compliance are beneficial. Participants should have some security operations experience. Some experience with RSA Security Analytics would be helpful. Experience of RSA’s Experts RSA and EMC have a 30-year legacy of working with clients worldwide to deliver security solutions. RSA has leveraged its relationships with industry leaders to give you deep insight into the most current threats and the techniques and tools to mitigate the risk of disclosure of information. This course will empower attendees with that knowledge and give them the opportunity to prove their current skill set and add to it in a meaningful way. Industry tools used in this course include:  RSA Security Analytics  RSA Security Operations Management (RSA SecOps)  Other open source tools 75 75 Topics covered in the Workshop Scenario Because this workshop will be completely scenario based, a formal course outline is not applicable. Throughout this workshop, participants will engage in:  Malware Analysis  Network Analysis  Network Forensics  Threat Intelligence  Incident Triage  Executive Presentation  Security Operations  Team Management  Legal, Regulations, & Investigations  Open Source and Commercial Tools “… I found the training to be very good. The teamwork, mandatory executive interaction and related reporting were excellent. The training simulated a fast paced real world scenario where we had to work cohesively as a team on a tight analysis schedule. Incident Response Analyst, Leading Technology Vendor 76 © Copyright 2015 EMC Corporation. All rights reserved. 01/2015 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 76 RSA® Security Awareness Program Solution Description Overview AT-A-GLANCE 70% of respondents to a 2013 Deloitte survey rated lack of employee security awareness as an average or high vulnerability. Deloitte TMT Global Security Study February 2013 Deloitte Media Release In 2013 there were nearly 450,000 phishing attacks and record estimated losses of over USD $5.9 billion. Phishing remains an ominous threat to consumers and businesses around the world. 2013 A Year in Review January 2014 RSA Fraud Report Information Security – for any organization – requires a holistic approach that involves and affects every part of the organization. One “open door” is all that is required for an attacker to be successful. It doesn’t matter if that open door belongs to the CEO or the mail room clerk. All are potentially vulnerable and all are equally important to include in protection tactics. Effective protection involves not only products, processes and services – it involves awareness of potential threats and everyday actions that can be taken by every organization member to protect valuable resources and information. RSA’s Security Awareness program offers ways to test and measure vulnerability, then provide essential education to fill any gaps. Our Security Awareness training can target virtually every level of an organization – raising awareness and offering concrete steps to effect change, thus helping to prevent attackers from gaining a foothold through unsuspecting targets. Service Highlights Risk Assessment One of the key components of RSA’s offerings is the ability to assess the risk that an organization’s members pose through lack of knowledge or by unwarily opening an email attachment or browsing to a web site. TO REGISTER: Visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630 RSA’s services can assess users’ knowledge, target specific users or groups, and simulate attacks to appraise and measure response. With such powerful information, appropriate training can be identified and disseminated to users, which helps close the gap between ignorance and intelligence in the realm of information security. Reporting and Metrics RSA Security Awareness services allow Security Management to benchmark, track, and trend user compliance, assessment, training activity, and ultimately, improvement. Reports help show who has been assessed, who has participated in training, score reports - where appropriate, and overall metrics for the organization. Reports can be compiled in a number of ways to show trends by organization segment, geographic region, subject area, and more. In the case where scoring is used – such as in quizzes or surveys – information can be linked through SCORMcompliant data to an organization’s own learning management system. 174 Middlesex Turnpike Bedford, Massachusetts 01730 Delivery Options Much of the training delivered to end users is in the form of eLearning, which allows a high degree of flexibility and acceptance by participants. Some technical subjects may also be delivered as instructor-led sessions. Hosting of elearning material can be arranged by RSA or can be delivered from an organization’s own learning portal. 77 Why Security Awareness programs are so important Security Awareness needs to be an integral and ongoing part of an organization’s operations. Minimal compliance training imparted to employees on an irregular or occasional basis are insufficient to arm a workforce with the acuity and knowledge that they need to recognize potential attacks. Successful attacks, in turn, can do expensive and sometimes irreparable harm to an organization. It is far better to thwart an attack than to remediate it after the fact. Security Awareness services help you evaluate risks through phishing, social engineering and other attack methods – allowing you to manage and educate employees proactively before a breach can occur. RSA’s services take a multi-tiered approach to not only inform an organization’s members of effective security practices but to offer measurements and simulated attack vectors to continuously evaluate your organization’s ability to recognize and repel threats. Organizations today are often faced with resource constraints that limit the amount of internal education that can be directed toward information security. RSA’s services offer a near turn-key solution to help solve these constraints. RSA’s services can be delivered in multiple ways, can be customized for an organization, and can be targeted to specific learning styles and languages of members throughout an organization. Learning modules range from very targeted technical topics through gamification of learning material. All are designed to help engage and capture the attention of individuals so that they can better support an organization’s security posture. Training to fit all organizational segments General Staff Security Awareness training for general employee populations include a variety of eLearning modules covering such subjects as Password security, Phishing and Malware awareness, and Email and Mobile Device security. Modules can be combined into an effective, comprehensive program for the entire organization. IT Staff Role-based Security Awareness training for IT staff targets topics of particular interest and relevance to IT professionals who can build a security mindset into their daily tasks and toils. Whether involved with networking, systems management, or database administration, RSA’s training programs address the security considerations that can make a difference in these day-to-day operations. Development Staff Role-based Security Awareness training for Development Staff is designed to help build security controls and protection into development projects on a variety of platforms. Participants learn the common programming flaws and how to test projects from a security standpoint. In today’s environment, applications secured at the design and development level are essential to minimize the expense and logistics of distributing security patches and to help prevent product denigration through vulnerabilities. Customized to your organization’s needs In addition to the variety of subject matter available, RSA’s services can be customized to include your organization’s design elements – such as corporate branding, can include specific information that relates to your organization’s policies and procedures, and offerings are available in a number of languages. Pricing may vary based on customization so please contact your RSA Education Sales person for specific details and options. ABOUT RSA RSA, The Security Division of EMC, is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.RSA.com and www.EMC.com © Copyright 2014 EMC Corporation. All rights reserved. 06/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 78 RSA® Certified Information Systems Security Professional (CISSP) Certification Boot Camp Course Description AT-A-GLANCE RSA Education Services provides training worldwide on RSA products and advanced security topics. Our mission is to enable the next generation of security professionals to address the latest threats to information and infrastructure security. RSA’s CISSP Boot Camp has been developed and reviewed by security practitioners, thought leaders, and contributing authors to provide the most widely recognized CISSP materials available. GET PREPPED FOR THE CISSP EXAM BY RSA’S SECURITY EXPERTS RSA has developed an effective program to help prepare candidates to become security practitioners and successfully pass the (ISC)2 CISSP certification exam. This Certification Boot Camp involves intensive lectures, demonstrations, and review questions delivered by a security professional with years of experience as a practitioner. Not only will participants become prepared to take the exam but the anecdotes and real world examples from this course are invaluable insight into real world security challenges and approaches to solve them. The modules of this course follow the 10 Domains of the (ISC)2 Common Body of Knowledge. Each module presents the concepts and vocabulary from a technical and management aspect, bridging the gap that is often present in organizations today, a holistic approach to the technical, physical and administrative controls that make up a security program. Each module is also followed by review questions, detailed explanations and exam tips related to the material and how it may be presented on the exam. RSA’s CISSP Boot Camp has been updated to reflect the 2012 Domain Name and content changes. Participants will come away empowered for the exam and beyond. 2012 Common Body of Knowledge Domains REGISTER FOR CLASSES: For an up-to-date schedule of Instructor-led classes and other training options, visit the RSA Training and Certification web site: www.emc.com/rsa-training CONTACT US: Email: [email protected] Phone: 800-995-5095 Int’l: 781-515-7700 Fax: 781- 515-6630           Access Control Telecommunications and Network Security Information Security Governance & Risk Management Software Development Security Cryptography Security Architecture and Design Security Operations Business Continuity and Disaster Recovery Legal, Regulations, Investigations and Compliance Physical (Environmental) Security Added Bonus Module: Security Insights from Senior Executives RSA has a 30-year legacy of working with clients worldwide to deliver security solutions. In this module, we explore the security issues that senior executives from global organizations face as they enable their businesses and implement their security programs. This content is unique to RSA’s CISSP Curriculum and not available elsewhere. 174 Middlesex Turnpike Bedford, Massachusetts 01730 RSA Education Services is not affiliated with ISC2 or its subsidiaries. Participation in this course does not guarantee the successful completion of the ISC2 CISSP Exam. RSA Education Services has COURSE PART NUMBERS: ED CISSP 210 – Onsite Class developed the course content from direct experience in the areas of the Common Body of Knowledge ED STRS TRAIN UNIT – Training Units topics on the exam. Course costs do not include exam fees or facilitate exam registration. Exam and has used the ISC2 CISSP Candidate Information Bulletin as a reference as to technical depth and schedules are available on ISC2.org. © Copyright 2014 EMC Corporation. All rights reserved. 06/2014 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 79 RSA® Learning Assessments Enable faster technology adoption and increase productivity OVERVIEW AT-A-GLANCE  Free to individuals and organizations  Easy online access  Measures knowledge of RSA products and other security-related concepts.  Group assessments can be administered to identify gaps across a team  Customization of assessments & reports WHERE TO GO Individuals can take an online RSA Learning Assessment at: www.emc.com/rsa-training For group assessments, contact us at: [email protected] RSA Education Services Phone: 800-995-5095 International: 781-515-7700 174 Middlesex Turnpike Bedford, Massachusetts 01730 As organizations increasingly depend on technology to manage their businesses, the need for employees to be knowledgeable about security is increasingly evident. Whether they are IT security professionals or general office staff, having the appropriate security knowledge and skills to perform their jobs is a critical business driver. To plan and position your security training initiatives cost-effectively, RSA Learning Assessments are tools to measure your team’s knowledge of RSA products and other security-related concepts. Based on the learning assessment results, we can work with you to identify a learning program that works for you and your team. We provide learning assessments free of charge on the following RSA products and topics:      RSA Adaptive Authentication RSA Archer RSA Security Analytics RSA SecurID Security Awareness KEY BENEFITS RSA Learning Assessments are useful for organizations who recognize a need for training but aren’t quite sure what training their team really needs. By leveraging RSA Learning Assessments, you can better understand the learning gaps and make an informed decision about the most effective individual and group training plans for your team. And, online RSA Learning Assessments are available to you at no charge. An assessment can be completed within 15-20 minutes with immediate results provided to the assessment taker. For a team assessment, management reports can be provided that evaluates individual and group results. You’ll have greater confidence that both the time and financial investment in training will more quickly enable your technology adoption and increase productivity. 80 80 SAMPLE REPORTS ABOUT RSA RSA is the premier provider of security, risk and compliance management solutions for business acceleration. RSA helps the world’s leading organizations succeed by solving their most complex and sensitive security challenges. These challenges include managing organizational risk, safeguarding mobile access and collaboration, proving compliance, and securing virtual and cloud environments. Combining business-critical controls in identity assurance, encryption & key management, SIEM, Data Loss Prevention and Fraud Protection with industry leading eGRC capabilities and robust consulting services, RSA brings visibility and trust to millions of user identities, the transactions that they perform and the data that is generated. For more information, please visit www.emc.com/rsa-training. 81 © Copyright 2013 EMC Corporation. All rights reserved. 08/2013 H12172 EMC2, EMC, RSA, RSA Security, Archer, NetWitness and the RSA logo are registered trademarks of EMC Corporation in the United States and/or other countries. 81