FedVTE Course Catalog

	101 Courses - Basic level courses
	NICE Cybersecurity Workforce Framework Category - Analyze
	NICE Cybersecurity Workforce Framework Category - Collect and Operate
	NICE Cybersecurity Workforce Framework Category - Investigate
	NICE Cybersecurity Workforce Framework Category - Operate and Maintain
	NICE Cybersecurity Workforce Framework Category - Oversee and Govern
	NICE Cybersecurity Workforce Framework Category - Protect and Defend
	NICE Cybersecurity Workforce Framework Category - Securely Provision

The NICE Cybersecurity Workforce Framework can be found at: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

Limit to NICE Cybersecurity Workforce Framework Category or subject:
	101 Courses - Basic level courses	Analyze	Collect and Operate
	Investigate	Operate and Maintain	Oversee and Govern
	Protect and Defend	Securely Provision
Show All Courses in All Categories Expand/Collapse All

1 Hour

Incident Response Training: Preventing DNS Infrastructure Tampering (IR106)

Skill Level: Beginner

+ Description

This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.

Learning Objectives:

The Domain Name System, commonly known as DNS, is often referred to as the “phone book” of the Internet. Every time we access the Internet to visit our favorite websites, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly useful, it also presents a rich attack surface. Threat actors have the ability to shut down websites and online services, replace legitimate website content with threats or extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal information entered by users. This recorded webinar provides an organizational perspective and is accessible to a general audience including managers, business leaders, and technical specialists.

This webinar includes the following information and more:

Common attacks and vulnerabilities: Learn how to identify a potential attack on DNS infrastructure.
CISA guidance: CISA provides information on best practices to reduce the likelihood and impact of a successful DNS attack.
Case studies: Examine the methods and impacts of real-life cyberattacks, and how the targets responded and recovered.
Knowledge checks: The course provides knowledge checks throughout the presentation to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

Category	Specialty Area	Work Roles
Protect and Defend	Incident Response	Cyber Defense Incident Responder
Protect and Defend	Vulnerability Assessment and Management	Vulnerability Assessment Analyst
Operate and Maintain	Systems Analysis	Systems Security Analyst
Securely Provision	Systems Requirements Planning	System Requirements Planner
Oversee and Govern	Program Management and Acquisition	IT Project Manager

+ Course Modules/Units

Incident Response Training: Preventing DNS Infrastructure Tampering (IR 106) - Video

0.25 Hours

Micro Learn: The Federal Dashboard and Cross Cluster Search

Skill Level: Beginner

+ Description

Micro Learn: The Federal Dashboard and Cross Cluster Search

Description:

Learn about the concepts and features of the CDM Federal Dashboard. This video will describe the Federal Dashboard, use case scenarios, and how Cross Cluster Searching can provide its many benefits to federal agencies.

Learning Objectives:

Learning the new features of the Federal Dashboard and the primary use cases of the dashboard.
Understanding the data trends within the Federal Dashboard
What are the primary user roles of the Federal Dashboard?
Learn about Cross Cluster Searching and how the federal dashboard increases the security of the .GOV domain

Date: April 2023

Length: 13 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category	Specialty Area	Work Roles
Oversee and Govern	Cybersecurity Management	Information Systems Security Manager
Oversee and Govern	Program/Project Management and Acquisition	IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Securely Provision	Risk Management	Authorizing Official/Designating Representative, Security Control Assessor

+ Course Modules/Units

Micro Learn: CDM Agency Dashboard Videos

0.35 Hours

Cyber Defense Analyst: Indicators of Compromise

Skill Level: Beginner

+ Description

The following skills are mapped to the NICE Framework’s Cyber Defense Analyst role. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.

Indicators of Compromise

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cybersecurity Defense Analysis	Cyber Defense Analyst

+ Course Modules/Units

Part 1

Part 2

Part 3

0.3 Hours

Cyber Defense Analyst: Intrusion Detection Systems

Skill Level: Beginner

+ Description

Intrusion Detection Systems

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cybersecurity Defense Analysis	Cyber Defense Analyst

+ Course Modules/Units

Part 1

Part 2

Part 3

0.3 Hours

Cyber Defense Analyst: Incident Response

Skill Level: Beginner

+ Description

Incident Response

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cybersecurity Defense Analysis	Cyber Defense Analyst

+ Course Modules/Units

Part 1

Part 2

0.3 Hours

Cyber Defense Analyst: Packet Level Analysis

Skill Level: Beginner

+ Description

Packet Level Analysis

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cybersecurity Defense Analysis	Cyber Defense Analyst

+ Course Modules/Units

Part 1

Part 2

Part 3

0.3 Hours

Cyber Defense Analyst: Security Information and Event Management (SIEM)

Skill Level: Beginner

+ Description

Security Information and Event Management (SIEM)

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cybersecurity Defense Analysis	Cyber Defense Analyst

+ Course Modules/Units

Part 1

Part 2

0.3 Hours

Cyber Defense Analyst: Vulnerability Assessments

Skill Level: Beginner

+ Description

Vulnerability Assessments

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cybersecurity Defense Analysis	Cyber Defense Analyst

+ Course Modules/Units

Part 1

Part 2

Part 3

0.3 Hours

Cyber Defense Infrastructure Support Specialist: Installing, Configuring, and Troubleshooting

Skill Level: Beginner

+ Description

The following skills are mapped to the NICE Framework’s Cyber Defense Infrastructure Support Specialist. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.

Installing, Configuring, and Troubleshooting

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cyber Defense Infrastructure Support	Cyber Defense Infrastructure Support Specialist

+ Course Modules/Units

Part 1

Part 2

Part 3

0.3 Hours

Cyber Defense Infrastructure Support Specialist: Incident Response

Skill Level: Beginner

+ Description

Incident Response

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cyber Defense Infrastructure Support	Cyber Defense Infrastructure Support Specialist

+ Course Modules/Units

Part 1

Part 2

0.3 Hours

Cyber Defense Infrastructure Support Specialist: Network Access Controls

Skill Level: Beginner

+ Description

Network Access Controls

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cyber Defense Infrastructure Support	Cyber Defense Infrastructure Support Specialist

+ Course Modules/Units

Part 1

Part 2

Part 3

0.3 Hours

Cyber Defense Infrastructure Support Specialist: Network Device Hardening

Skill Level: Beginner

+ Description

Network Device Hardening

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cyber Defense Infrastructure Support	Cyber Defense Infrastructure Support Specialist

+ Course Modules/Units

Part 1

Part 2

Part 3

0.5 Hours

Cyber Defense Infrastructure Support Specialist: Securing Communications

Skill Level: Beginner

+ Description

Securing Communications

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cyber Defense Infrastructure Support	Cyber Defense Infrastructure Support Specialist

+ Course Modules/Units

Part 1

Part 2

0.2 Hours

Cyber Defense Infrastructure Support Specialist: Securing Wifi

Skill Level: Beginner

+ Description

Securing Wifi

This is a basic level course.

Date: 2023

This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:

Category	Specialty Area	Work Roles
Protect and Defend	Cyber Defense Infrastructure Support	Cyber Defense Infrastructure Support Specialist

+ Course Modules/Units

Part 1

Part 2

0.25 Hours

Micro Learn: CDM PMO Matt House speaks about the CDM Agency Dashboard

Skill Level: Basic

+ Description

CDM PMO Matt House provides an update of ES-6 version of the CDM Dashboard and its capabilities

Description:

Learn about the capabilities of the CDM Dashboard version ES-6. This video will describe the Federal Dashboard, use case scenarios, and how Cross Cluster Searching can provide its many benefits to federal agencies.

Learning Objectives:

Understanding the capabilities of the ES-6 version of the CDM Dashboard, with focus on the FISMA directives, Binding Operating Directives (BOD), Database as a Service, cross cluster searching, Known Exploited Vulnerabilities (KEV) catalog, plus much more!

Date: May 2023

Length: 34 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Systems Administration, Systems Analysis

System Administrator, Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

+ Course Modules/Units

CDM PMO speaks about version ES-6 of the CDM Dashboard

0.25 Hours

Micro Learn: CDM PMO speaks about the CDM Agency Dashboard

Skill Level: Basic

+ Description

This video explains the features of the current ES-3 version of the CDM Agency Dashboard.

Date: 2021

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Systems Administration, Systems Analysis

System Administrator, Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

+ Course Modules/Units

CDM PMO speaks about ES-3 of the CDM Agency Dashboard

0.2 Hours

Micro Learn: DBaaS

Skill Level: Basic

+ Description

The next evolution of the CDM Agency Dashboard is being offered in a cloud-based format, which provides agencies with the same functionality but relieves them from having to manage and continue to fund all of the aspects of an “on-prem” security solution. CISA is making this dashboard tool available in a Dashboard as a Service format, or DBaaS. This video will describe DBaaS and its many benefits to federal agencies.

Learning Objectives:

Understand the basic principals of DBaaS and the CDM Agency Dashboard
How DBaaS can help minimize agency vulnerabilities
Provide a demonstration of how DBaaS works

Date: October 2022

Length: 7 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

+ Course Modules/Units

Micro Learn: DBaaS - Using the CDM Dashboard as a Service

0.5 Hours

Micro Learn: AWARE 1.5s and the CDM Dashboard

Skill Level: Basic

+ Description

In this video, the updated AWARE 1.5 supplemental overview is described and how it can benefit the federal agencies. Discussion questions include: What are the changes to the scoring algorithm; what are flipping scores; how are scores prioritized; what benchmarks are being accessed.

Date: March 2023

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Systems Administration, Systems Analysis

System Administrator, Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

+ Course Modules/Units

Micro Learn: AWARE 1.5s and the CDM Dashboard

1 Hour

Introduction to Network Diagramming (IR107)

Skill Level: Beginner

+ Description

Learning Objectives:

To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.

This webinar includes the following information and more:

Importance of network diagrams: Students will learn the importance of creating and maintaining network topology diagrams. Students will also understand the importance of identifying data flows and storage, identifying remote access points and external connections, and network segmentation for security.
Key guidance for organizations: CISA provides guidance on what to include in network diagrams.
Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

Category	Specialty Area	Work Roles
Protect and Defend	Incident Response	Cyber Defense Incident Responder
Protect and Defend	Vulnerability Assessment and Management	Vulnerability Assessment Analyst
Operate and Maintain	Systems Analysis	Systems Security Analyst
Securely Provision	Systems Requirements Planning	System Requirements Planner
Oversee and Govern	Program Management and Acquisition	IT Project Manager

+ Course Modules/Units

Introduction to Network Diagramming (IR107) - Video

0.25 Hours

Micro Learn: CISA’s Binding Operative Directive (BOD) 22-01 and the Known Exploited Vulnerabilities (KEV) catalog

Skill Level: Basic

+ Description

In this video, Mr. Dave Otto, the Risk expert of the CDM program, explains the Binding Operational Directive 22-01, the CISA KEV (Known Exploited Vulnerabilities) Catalog, and how agencies can better protect their assets.

Date: 2022

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Systems Administration, Systems Analysis

System Administrator, Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

+ Course Modules/Units

Micro Learn: CISA’s Binding Operative Directive (BOD) 22-01 and the Known Exploited Vulnerabilities (KEV) catalog

0.25 Hours

Micro Learn: The CDM PMO speaks about CDM Enabled Threat Hunting (CETH) and the CDM Agency Dashboard

Skill Level: Basic

+ Description

In this video, Mr. Richard Grabowski, acting CDM PMO, explains CDM Enabled Threat Hunting (CETH) and how CETH benefits the federal agencies. He also discusses how the CDM Dashboard supports the implementation of Endpoint Detection and Response (EDR).

Date: 2022

Training Proficiency Area: Level 1 - Basic

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Systems Administration, Systems Analysis

System Administrator, Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

+ Course Modules/Units

Micro Learn: The CDM PMO speaks about CDM Enabled Threat Hunting (CETH) and the CDM Agency Dashboard

1 Hour

Defend Against Ransomware Attacks (IR109)

Skill Level: Beginner

+ Description

Learning Objectives:

Ransomware attacks hit a new target every 14 seconds–shutting down digital operations, stealing information and exploiting businesses, essential services, and individuals alike. This one-hour webinar provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to mitigate and respond to the ever-evolving threat of ransomware.

This webinar includes the following information and more:

Common attack methods: Learn the definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time. The webinar will discuss common signs of a ransomware attack and how to respond if an attack is suspected.
Key guidance for organizations: CISA provides guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack.
Case studies: Explore the methods and impacts of real-life cyber-attacks, and how the victims responded and recovered.
Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

Category	Specialty Area	Work Roles
Protect and Defend	Incident Response	Cyber Defense Incident Responder
Protect and Defend	Vulnerability Assessment and Management	Vulnerability Assessment Analyst
Operate and Maintain	Systems Analysis	Systems Security Analyst
Securely Provision	Systems Requirements Planning	System Requirements Planner
Oversee and Govern	Program Management and Acquisition	IT Project Manager

+ Course Modules/Units

Defend Against Ransomware Attacks (IR109) - Video

1 Hour

Introduction to Log Management (IR110)

Skill Level: Beginner

+ Description

Learning Objectives:

Log files provide the data that are the bread and butter of incident response, enabling network analysts and incident responders to investigate and diagnose issues and suspicious activity from network perimeter to epicenter. This webinar introduces the fundamentals of investigating logs for incidents.

This webinar includes the following information and more:

Common attack methods: Understand log analysis, and its importance as a crucial component of incident response and network security.
Key guidance for organizations: Introduce resources and tools that enable organizations and individuals to use log analysis to query for threat activity including SIEM, FPCAP analysis, and using PowerShell and Active Directory to run scripts.
Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

Category	Specialty Area	Work Roles
Protect and Defend	Incident Response	Cyber Defense Incident Responder
Protect and Defend	Vulnerability Assessment and Management	Vulnerability Assessment Analyst
Operate and Maintain	Systems Analysis	Systems Security Analyst
Securely Provision	Systems Requirements Planning	System Requirements Planner
Oversee and Govern	Program Management and Acquisition	IT Project Manager

+ Course Modules/Units

Introduction to Log Management (IR110) - Video

13 Hours

Cisco CCENT Self-Study Prep

Skill Level: Intermediate

+ Description

This course is a self-study resource to help prepare for the Cisco CCENT certification, one of the prerequisites for the Cisco CCNA certification. Installing, operating, configuring, and verifying a basic IPv4 and IPv6 network will be discussed. The course focuses on configuring a local area network (LAN) switch, configuring an internet protocol (IP) router, and identifying basic security threats. It includes several reinforcing video demonstrations of concepts discussed, as well as a quiz.

Learning Objectives:

Review of objectives for the Cisco Certified Entry Networking Technician certification
Supplemental preparation for the Cisco CCENT certification exam

Date: 2016

Training Purpose: Operate and Maintain

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Services Specialist

Operate and Maintain

Systems Administration

Systems Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Operate and Maintain

Customer Service and Technical Support

Technical Support Specialist

+ Course Modules/Units

Switched Networks Part 1 of 2

Switched Networks Part 2 of 2

Collisions and Broadcasts

DEMO: Viewing an ARP Table

Basic Switch Configuration

SSH Operation and Configuration

Configuring Switch Ports

Switch Troubleshooting

Securing a Switch

Best Practices for Switched Networks

DEMO: Making an RJ-45 Cable

VLAN Segmentation Part 1 of 2

VLAN Segmentation Part 2 of 2

VLAN Implementations

VLAN Security and Design

DEMO: Configuring VLANs

DEMO: Demonstrating VLAN Connectivity

Functions of a Router Part 1 of 2

Functions of a Router Demo

Functions of a Router Part 2 of 2

Configuring Basic Router Settings

DEMO: IPv4 and IPv6 Subnetting

Basic Router Settings_IPv6 and Loopback Interfaces

Verifying Connectivity of Directly Connected Networks

Switching Packets Between Networks

Routing Tables and Protocols

DEMO: IPv6 Header Analysis

DEMO: MAC Address Table

DEMO: IPv4 Addresses and Router Interfaces

DEMO: IPv6 Addressing on Router Interfaces

Inter-VLAN Routing Configuration

Layer 3 Switching

Static Routing

Configure Static Routing

Classful Addressing and Routing

Configuring Summary Routes

Troubleshooting Static and Default Routes

DEMO: Static Routing

Dynamic Routing Protocol Operation

Routing Protocol Operating Fundamentals

Types of Routing Protocols

Types of Distance Vector Routing Protocols

Configuring the RIP Protocol

RIPng and Link-State Routing

DEMO: RIP Version 1 and IPv4

DEMO: RIP Version 2 Improvements

DEMO: Setting up RIP for IPv6

Characteristics of OSPF

OSPF Messages

OSPF Router IDs

Configuring and Verifying OSPF

OSPFv2 versus OSPFv3

DEMO: Configuring OSPF

DEMO: Troubleshooting OSPFv2

DEMO: Configuring OSPFv3

DHCPv4 Operation

Configuring and Troubleshooting DHCPv4

DEMO: DHCPv4

SLAAC and DHCPv6

Stateless and Stateful DHCPv6

DEMO: Stateless DHCPv6

NAT Characteristics and Benefits

Types of NAT

Configuring Static and Dynamic NAT

Configuring PAT and Port Forwarding

DEMO: Enabling IPv4 NAT

Configuring and Troubleshooting NAT for IPv6

CCENT Prep Practice Exam

15 Hours

Cisco CCNA Security Self-Study Prep

Skill Level: Intermediate

+ Description

This course is the follow-up to Cisco CCENT and is aimed to prepare learners for the Cisco CCNA Security exam. Content covered in this course includes protocol sniffers, analyzers, TCP/IP, desktop utilities, Cisco IOS, the Cisco VPN, a Cisco simulation program called Packet Tracer, and some web-based resources. The course focuses on a theoretical understanding of network security, knowledge, and skills designed to implement it. This course contains several reinforcing video demonstrations and final exam.

Learning Objectives:

Review of objectives for the Cisco Certified Network Associate certification
Supplemental preparation for the Cisco CCNA certification exam

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

Systems Security Administrator

Operate and Maintain

Systems Analysis

Systems Analyst

Operate and Maintain

Customer Service and Technical Support

Technical Support Specialist

+ Course Modules/Units

Securing Network Devices

Secure Administrative Access Part 1 of 2

Secure Administrative Access Part 2 of 2

DEMO: Securing Router Access Methods

Role-Based CLI Overview

Password Recovery

Management Reporting and Logging Considerations

Implementing Log Messaging for Security

Configuring NTP

Disabling Unused Cisco Router Network Services and Interfaces

AAA Authentication Methods

Implementing Local AAA Authentication

Implementing Server-Based AAA Authentication

Cisco Secure ACS

Configuring Server-Based AAA Authentication

Server-Based Authorization and Accounting

Implementation Firewall Technologies

Access List Controls (ACLs)

Extended ACLs and ACL Caveats

ACL Placement

Complex ACLs

Troubleshooting ACLs

Securing Networks with Firewalls

Zone-Based Policy Firewalls

CCP Firewall Wizard and Manual ZPF using CCP

DEMO: Enabling IOS Firewall

Implementing Intrusion Prevention Intro

IPS Signatures

Signature Trigger and Action for IPS

Managing and Monitoring IPS

Configuring and Verifying IOS IPS

Securing the Local Area Network Intro

Layer 2 Security Part 1 of 2

Layer 2 Security Part 2 of 2

Mitigating MAC Spoofing and MAC Table Overflow Attacks

Mitigating STP Manipulation

Configuring Storm Control

Mitigating VLAN Attacks

Configuring Cisco Switch Port Analyzer

Private VLAN Edge

Advanced Technology Security Considerations

Wireless Networks

VoIP and SAN Networks

DEMO: Enabling STP with Voiceover

Cryptographic Systems and Hashes

Encryption and Confidentiality

Public Key Cryptography and PKI

VPN Terminology and Topologies

IPSec Frameworks and Key Exchange

IPSec Tasks

Configuring IPsec VPN using CCP

Remote-Access VPNs

Managing a Secure Network and Addressing Risks

Operations Security

Network Security Testing

Continuity Planning

SDLC

Security Policy

ASA Models and Features

Basic ASA Configuration and Settings

Introduction to ASDM

ASA Objects and Object Groups

ACLs for ASA

ASA and NAT

ASA and PAT

ASA AAA

Modular Policy Framework

ASDM Service Policies Demo

ASA VPN Features

ASDM AnyConnect VPN Wizard

DEMO: ASA Console Config

DEMO: ASA GUI Config

DEMO: ASA Traffic Management

CCNA Security Prep Practice Exam

2.5 Hours

Cloud Computing Security

Skill Level: Intermediate

+ Description

This course explores the guidance from the Cloud Security Alliance (CSA), National Institute of Standards and Technology (NIST), National Security Agency (NSA), and several Cloud Service Providers (CSPs). Objectives cover cloud security risks and threats, basic operations, incident response considerations, along with application, data and infrastructure security concepts. Where applicable, demonstrations of cloud provider tools and capabilities will be used to reinforce key points.

Learning Objectives:

Define cloud models and components.
Apply CSA security guidance and other best practices to cloud deployments.
Understand cybersecurity requirements within the Shared Responsibilities model.
Prepare for cloud computing governance and compliance challenges.
Relate traditional cybersecurity controls to popular cloud solutions.
Recognize and prepare for cloud computing threats.
Review additional cloud security tools and use cases.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Securely Provision

Systems Architecture

Security Architect

Securely Provision

Systems Development

Secure Software Assessor

+ Course Modules/Units

Cloud Computing Security Course Overview

Cloud Computing Overview

Cloud Computing Overview Knowledge Check

Building a Cloud

Building a Cloud Knowledge Check

Securing Your Cloud

Cloud Security Basics

Review of Multifactor Authentication

Review of Monitoring and Security Configurations

Options for Securing Within the Cloud

VPC Network ACs and CloudWatch Monitoring

Compute Instance in Google's Cloud Platform

Monitoring and Alerting Options in Google Cloud

Web App and Security Configs in Google Cloud

Use of Microsoft's Platform as a Service

Azure Compute Instance Setup

Securing Your Cloud Knowledge Check

Review of Two NIST Publications on Cloud Computing

Guidance for Critical Areas in Cloud Computing

Cloud Computing Risk Assessment by ENISA

Resources Knowledge Check

4.5 Hours

Cloud Computing Concepts

Skill Level: Intermediate

+ Description

The Cloud Computing Concepts course highlights concepts and best practices for cloud architecture, design, security, and operations. Topics include leveraging cloud environments for critical assets or operations, and the impacts on data and application security, as well as legal, risk, and compliance considerations.

Learning Objectives:

Compare cloud service and deployment models and each’s impact on customer control and responsibilities
Identify data security strategies within cloud environments
Explain secure data center design concepts including example risks and security controls
Describe the Secure Software Development Life Cycle (SDLC) and its relation to applications within cloud environments
Summarize concepts for building, operating, and managing physical and logical infrastructure for cloud environments
Outline privacy, legal, and audit requirements with cloud environments, and how it relates to evaluating providers

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Securely Provision

Systems Architecture

Enterprise Architect

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Analysis

Systems Security Analyst

+ Course Modules/Units

Cloud Computing Concepts Course Intro

Introduction to Cloud Computing

Cloud Architecture and Deployment Models

Security in the Cloud (Cloud Security)

Securing Your Cloud

Cloud Threats and Attacks

Data Security Technologies and Classification

Auditing in a Cloud Environment

Building a Cloud

Phys. & Logical Infrastructure for Cloud Environs

Secure Coding for Cloud Deployments

Review of Multifactor Authentication

Anatomy of a Supply Chain Attack

Options for Securing Within the Cloud

VPC Network Access Controls and CloudWatch Monitrg

Compute Instance in Google’s Cloud Platform

Monitrg and Alerting Options in Google Cloud

Web Apps in Google Cloud and Adding Security

Use of Microsoft’s Platform as a Service

Azure Compute Instance Setup

Secure Data Center Design

Review of Monitoring and Security Configurations

Overview of Two NIST Publications on Cloud Comp

Security Guidance for Critical Areas in Cloud Comp

Cloud Security Basics

Implications of Cloud to Enterprise Risk Mgmt

DR/BC and Risks with Cloud Strategy

Evaluating and Legal Requirements for Cloud Services

Cloud Computing Risk Assessment by ENISA

6 Hours

Cloud Monitoring

Skill Level: Beginner

+ Description

This course introduces concepts around Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Multiple Cloud Hosting and Hybrid Cloud Hosting.

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Securely Provision

Risk Management

Authorizing Official/Designating Representative

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Protect and Defend

Incident Response

Cyber Defense Incident Responder

+ Course Modules/Units

Introduction - Lecture 1 of 5

Shared Responsibility Model - Lecture 2 of 5

Use Cases - Lecture 3 of 5

Case Study - Lecture 4 of 5

Cloud Architectures & Summary - Lecture 5 of 5

IaaS Overview - Lecture 1 of 5

IaaS: Monitoring Services and Capabilities - Lecture 2 of 5

IaaS: Best Practices - Lecture 3 of 5

IaaS: Gaps and Considerations - Lecture 4 of 5

IaaS: Use Cases, Reflection and Summary - Lecture 5 of 5

PaaS Overview - Lecture 1 of 6

PaaS: Monitoring Services and Capabilities - Lecture 2 of 6

PaaS: Monitoring Examples - Lecture 3 of 6

PaaS: Best Practices - Lecture 4 of 6

PaaS: Gaps and Considerations - Lecture 5 of 6

PaaS: Reflection and Summary - Lecture 6 of 6

SaaS Overview - Lecture 1 of 5

SaaS: Monitoring Services and Capabilities - Lecture 2 of 5

SaaS: Best Practices - Lecture 3 of 5

SaaS: Gaps and Considerations - Lecture 4 of 5

SaaS: Reflection and Summary - Lecture 5 of 5

What is Multiple Cloud - Lecture 1 of 5

Security Issues - Lecture 2 of 5

Monitoring Capabilities - Lecture 3 of 5

Gaps- Lecture 4 of 5

Multiple Clouds - Lecture 5 of 5

Hybrid Cloud: Security Issues - Lecture 1 of 4

Monitoring Capabilities - Lecture 2 of 4

Gaps - Lecture 3 of 4

Hybrid Clouds in Operation - Lecture 4 of 4

Conclusion - Lecture 1 of 1

1 Hour

Professors in Practice

Skill Level: Beginner

+ Description

This course features National Defense University Professor Robert Richardson who discusses important security and oversight requirements for commercial cloud solutions.

Learning Objectives:

Overview of the cloud physically, logically, and architecturally.
Discuss cloud deployment models and characteristics.
Overview of cloud infrastructure characteristics.
Cloud Supply Chain Risk Management and considerations of commercial cloud as third-party cloud services; senior leaders should "beware of the gaps and seams."
Cloud software components - microservices & APIs.
The driving forces and key technology enablers of commercial cloud services in the Federal Government.
Must-have security requirements and policies for cloud solutions.
The top ten cybersecurity cloud risks such as: loss of service, data breaches, human error. As well as non-cybersecurity risks such as: outsourcing risks, personnel security, and supply chain risk management.
Where Federal Government adoption of commercial cloud is now and predictions for the future.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Special

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer, Cyber Instructor

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

Securely Provision

Systems Requirement Planning

Systems Requirements Planner

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

+ Course Modules/Units

Cloud Security: What Leaders Need to Know – with Professor Robert Richardson

0.5 Hours

CMaaS Overview

Skill Level: Beginner

+ Description

This course is designed for managers, staff, and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). This course explains how Continuous Monitoring as a Service (CMaaS) relates to the Continuous Diagnostics and Mitigation (CDM) program.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 0 - Introduction

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

Lesson 1 - Continuous Diagnostics and Mitigation (Video)

Lesson 2 - The Problem (Infographic)

Lesson 3 - How CDM Phase 1 Capabilities Support CDM Goals (Infographic)

Lesson 4 - How CDM Phase 1 Capabilities Work Together (Infographic)

Lesson 5 - CDM Phase 1 Capabilities Scope (Infographic)

Lesson 6 - Overview of Continuous Monitoring as a Service (Video)

Lesson 7 - How the CDM Capabilities Were Defined

Lesson 8 - ISCM Policy and Guidance Timeline

0.5 Hours

CMaaS Technical Overview Course

Skill Level: Beginner

+ Description

This course is designed for managers, staff, and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the learner better understand how Continuous Monitoring as a Service (CMaaS) will be implemented in DHS Component networks.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Basic

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

Lesson 1: CMaaS Technology Stack Overview (Video)

Lesson 2: Central Management Enclave Firewall Requirements (Infographic)

Lesson 3: Component Management Enclave Firewall Requirements (Infographic)

Lesson 4: Hardware Sensors Firewall Requirements 1 of 2 (Infographic)

Lesson 5: Hardware Sensors Firewall Requirements 2 of 2 (Infographic)

Lesson 6: Software Sensors Firewall Requirements (Infographic)

Lesson 7: Considerations for Initial CMaaS Deployment (Infographic)

Lesson 8: CMaaS Deployment Overview (Infographic)

5 Hours

CMaaS Transition Classroom Sessions

Skill Level: Beginner

+ Description

This course is part of the CMaaS transitional webinar series conducted via WebEx. Each video focuses on a single tool within the CMaaS solution stack and includes two major Use Cases for each tool.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Basic

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

Session 1

Session 2

Session 3

Session 4

5 Hours

Coding 101

Skill Level: Beginner

+ Description

This course focuses on the basics of computer programming and how to give a machine a set of instructions to produce a desired behavior. This course also provides information on the elements of programming and programming languages, frameworks, and models. The course includes an interactive programming game, interactive knowledge checks, and the chance to write a fully functional code.

Learning Objectives:

Define programming.
Describe the structure and purpose of major programming paradigms.
Explain the difference between high-level and low-level languages.
Describe the uses of scripting and compiled languages.
State the elements of programming.
Explain when to use a variable in programming.
List basic data types.
State how operators are used in programming.
Explain why logic and flow are important in programming.
State the purpose of programming frameworks.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Securely Provision

Systems Development

Systems Developer

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Systems Architecture

Security Architect

Securely Provision

Technology R&D

Research & Development Specialist

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Coding 101 - Review

1 Hour

Cover Your Assets: Securing Critical and High-Value Assets

Skill Level: Beginner

+ Description

Think about your organization’s most critical functions: what do others depend on you to provide? Your high-value assets (HVAs), also known as critical assets across many industries, are the information or information systems that have serious impact to your organization’s ability to conduct its mission or business operations if lost, corrupted, or inaccessible. Across sectors and industries, data and information systems that underpin core business and operational functions- or those systems that connect to core functionalities- make highly tempting targets for sophisticated criminal, politically motivated, or state-sponsored actors to exploit directly or compromise to undermine public trust.

The HVA program was established by CISA to help organizations gain a comprehensive understanding of the risks that dynamic threat actors pose and identify the high-value information and systems that are likely targets.

This webinar provides an overview of the following key information:

HVA and critical asset overview: Define high-value assets, and how to assess and prioritize risks.
Common threats: Understand the most likely threats to HVAs and how to mitigate associated vulnerabilities.
CISA guidance: Learn the steps and parameters to identify, categorize, prioritize, and secure your HVAs or critical assets.
Case studies: Explore the impacts of documented critical or high-value asset cyberattacks, and the success of resulting response and recovery efforts.

This course is accessible to a non-technical audience including managers and business leaders and provides an organizational perspective useful to technical specialists.

Date: July 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Customer Service and Technical Support

Technical Support Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operations Specialist

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

+ Course Modules/Units

Cover Your Assets: Securing Critical and High-Value Assets

2 Hours

Critical Infrastructure Protection

Skill Level: Beginner

+ Description

This course discusses the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.

Learning Objectives:

Define and give examples of critical infrastructure.
Identify possible cyber threats to critical infrastructure.
Describe U.S. cybersecurity policies and programs.
Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

Systems Administrator

Operate and Maintain

Systems Analysis

Systems Analyst

Operate and Maintain

Systems Development

Information Systems Security Developer

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Securely Provision

Systems Architecture

Systems Architect

Securely Provision

Technology R&D

Research & Development Specialist

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Systems Development

Systems Developer

+ Course Modules/Units

Critical Infrastructure Protection

3 Hours

Creating a Computer Security Incident Response Team (CSIRT)

Skill Level: Beginner

+ Description

This course was developed for organizations and individuals who are at the beginning of their planning and implementation process for creating a computer security incident response team or an incident management capability. This course begins with definitions and context for defining a CSIRT framework, followed by services that may be provided and building an action plan. An attendee workbook is included with questions and exercises to use in conjunction with the training.

Learning Objectives:

Understand the function of Computer Security Incident Response Teams (CSIRTs) and the philosophy behind them.
Understand the role of CSIRT in the incident management process.
Identify the requirements to establish an effective CSIRT.
Appreciate the key issues and decisions that must be addressed when creating a CSIRT.
Learn to strategically plan the development and implementation of your CSIRT.

Date: 2017

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

All-Source Analyst

Oversee and Govern

Executive Cyber Leadership

+ Course Modules/Units

Create a Computer Security Incident Response Team

Defining Incident Management Part 1 of 2

Defining Incident Management Part 2 of 2

Defining CSIRTs

Types of CSIRTs

Setting the Context

Defining Your Framework Part 1 of 2

Defining Your Framework Part 2 of 2

Capability Strategies

CSIRT Components

CSIRT Components: Organizational Issues

CSIRT Components: Resources

Range and Level of Services

Policy and Procedure Examples

Range and Level of Services Summary

Ideas for Your Action Plan

Taking the Next Steps

CSIRTs Resource Overview

2 Hours

Cryptocurrency for Law Enforcement

Skill Level: Beginner

+ Description

This course covers the history, risks, and legality of cryptocurrency as well as discusses what cryptocurrency items can be seized by law enforcement.

Learning Objectives:

Define cryptocurrency and compare it to traditional currency.
Describe the history of cryptocurrency.
State the elements of a cryptocurrency transaction and their roles.
Describe safety measures taken to protect cryptocurrency.
Identify items that serve as wallets for cryptocurrency and could be seized by law enforcement.
Evaluate apps and websites that could be linked to cryptocurrency.
Compare degrees of anonymity of various cryptocurrencies.
Compare legal and illegal uses of cryptocurrency.
Evaluate the legality of different cryptocurrency scenarios.
Identify notable cases of illegal uses of cryptocurrency found in recent headlines.

Date: 2019

Training Purpose: Investigate

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Investigate

Cyber Investigation

Cyber Crime Investigator

Investigate

Digital Forensics

Cyber Defense Forensics Analyst

+ Course Modules/Units

Introduction to Cryptocurrency for Law Enforcement

1 Hour

Cyber Awareness Challenge 2019

Skill Level: Beginner

+ Description
	This course provides an overview of cybersecurity threats and best practices to keep information and information systems secure. Every year, authorized users of certain information systems must complete the Cyber Awareness Challenge to maintain awareness of and stay current on new cybersecurity threats. The training also reinforces best practices to keep personal information and information systems secure and stay abreast of changes in general cybersecurity policies. Date: 2019 Training Purpose: Skill Development Training Proficiency Area: Level 1 - Beginner

+ Course Modules/Units

Cyber Awareness Challenge

3 Hours

Cyber Dark Arts

Skill Level: Intermediate

+ Description

This course highlights 'dark' or deceptive activities that are employed by malicious users via the Internet. Several legitimate purpose technologies and techniques and how they are leveraged, or manipulated for fraudulent purposes, is discussed. Threats from topics such as zero-day attacks, dark web, alternate OSs, VPN/TOR, weaponized psychology, and anonymous services will be detailed, as well as methods for concealing one’s identity. These methods are taught in order for cybersecurity experts to defend against such attacks. The course includes reinforcing video demonstrations.

Learning Objectives:

Explain several techniques for obfuscating online activities.
List examples of technologies leveraged for deceptive purposes.
Detail best practices for prevention and protection from malicious cyber activities.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Collect and Operate

Cyber Operations

Cyber Operator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

+ Course Modules/Units

Cyber Dark Arts

Weaponized Psychology

DEMO: Password Cracking Using Hydra

Scanning for Vulnerable Devices and Networks

Anonymous Web Hosting, Searching, and Browsing

Alternative Operating Systems

Tails, Whonix, and Qubes

Secure Messaging Services

Blockchain and Cryptocurrency

DEMO: Blockchain and Cryptocurrency

DEMO: Iodine IP over DNS

DEMO: TOR versus Traditional Tunneling

Advanced Persistent Threats

Cyber Dark Arts Exam

1 Hour

CyberEssentials

Skill Level: Beginner

+ Description

This course focuses on how leaders can develop actionable items to start implementing organizational cybersecurity practices and introduces the six essential elements of building a culture of cyber readiness.

Learning Objectives:

Identify actionable items to reduce your organization's cyber risks through a holistic approach.
Identify the six essential elements of building a culture of cyber readiness.
Identify the steppingstones to building a culture of cyber readiness.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

Oversee and Govern

Strategic Planning and Policy

Strategic Planning and Policy Planner

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program/Project Management and Acquisition

Program Manager

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

+ Course Modules/Units

CyberEssentials - 1 Hour

2.5 Hours

CDM 141 – Introduction to the CDM Agency Dashboard

Skill Level: Beginner

+ Description

Description:

This course is a recording of a virtual 3 hour course which provides participants with the essential knowledge of the ES-5 version of the CDM Agency Dashboard. It explains basic features and navigation within the environment, and includes demonstrations using the CDM Agency Dashboard to identify and report on asset vulnerabilities and other key features of the dashboard.

Learning Objectives:

Understand CDM Agency Dashboard basic features and functionality
Instructor demonstrates the CDM Agency Dashboard

Date: April 2023

Length: 3 hours

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category	Specialty Area	Work Roles
Operate and Maintain	Systems Administration, Systems Analysis	Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
Oversee and Govern	Cybersecurity Management	Information Systems Security Manager
Oversee and Govern	Program/Project Management and Acquisition	IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend	Cyber Defense Analysis	Cyber Defense Analyst

+ Course Modules/Units

Introduction to the CDM Agency Dashboard

8 Hours

Cyber Fundamentals for Law Enforcement Investigations

Skill Level: Beginner

+ Description

This course serves as an introduction and overview of several concepts and technologies that may be encountered as part of an investigation with a digital or cyber component. Starting with the basics of how devices communicate, the course continues with technical concepts and applications that may be used to facilitate or investigate incidents. Content includes lab exercises and practical application takeaways to reinforce concepts, and a course exam.

Learning Objectives:

Describe essential computing communication concepts.
Identify digital evidence sources and handling.
Apply techniques to examine applications for target information.

Date: 2017

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Threat Analysis

Threat/Warning Analyst

Investigate

Digital Forensics

Cyber Defense Forensics Analyst

Investigate

Cyber Investigation

Cyber Crime Investigator

+ Course Modules/Units

Cyber Investigation Course Intro

Cyber Crimes versus Traditional Crimes

Cyber Laws Overview

Logical and Physical Addresses

Dissecting a Data Packet

How Computers Connect

IP Addresses and Domain Names

IP Addresses

Domain Naming

NSlookup Dig Google Toolbox

Digital Artifacts Basics

Site Survey and Collection

Determining Sophistication

Time Standardization

Requesting Digital Forensic Artifacts

Footprinting

Handling Untrusted or Unknown Files

Setting Up an Analysis Environment

Examining Images

Intro to Encryption

Detecting Encryption

Malware Awareness

Malware Propagation

Malware History

Remote Access

Understanding Insider Threat

Introduction to Peer-to-Peer

Advanced IP Tunneling Overview

TOR versus Traditional Tunneling

Iodine IP over DNS

Email Analysis

Phishing Message Analysis

Online Auctions

Open Source Searches Using Facebook

Open Source Searches Using Twitter

Google FU

Cyber Investigations Exam

Domain Information Lookup

Examining EXIF Data and Images

Computing and Comparing Hash Values

File Search Techniques

Open Source Twitter Searches

12.5 Hours

Cybersecurity Analyst

Skill Level: Intermediate

+ Description

The Cybersecurity Analyst course is designed to help reinforce concepts for cyber work roles that require monitoring and information analysis to respond to suspicious events. This intermediate-level course focuses on defense techniques leveraging data and tools to identify risks to an organization, and apply effective mitigation strategies to detect and respond to threats.

Learning Objectives:

List common cyber threats and examples of scanning and assessment tools and techniques to identify potential vulnerabilities.
Analyze data from various sources to identify vulnerabilities and recommend strategies for mitigation.
Configure and implement threat detection tools to detect incidents, and effectively respond and recover.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Threat Analysis

Threat Analyst

Protect and Defend

Cybersecurity Defense Analysis

Cyber Defense Analyst

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analysts

+ Course Modules/Units

Reconnaissance

Port Scanning for Active Reconnaissance

Environmental Reconnaissance Tools

Social Engineering for Reconnaissance

Network Mapping for Active Reconnaissance

Syslog

Reviewing Alerts/Detecting Attack Phases

Common Tasks in Environmental Reconnaissance

Environmental Reconnaisannce Variables

Basic Packet Analysis

Methods of Network Traffic Analysis

Network Traffic Analysis

Netflows

Working with Netflows

Netflow Tools

Examining Log Files

Data Correlation and Analytics

Analyzing Device Data

SIEM

DEMO: Wireshark Packet Analyzer

Hardening Network Devices

Network Segmentation and Design

Honeypot

Endpoint Security

Windows Group Policy

Access Control Models

Remote Authentication - Radius and Tacacs+

Hardening Host and Networked Systems

Compensating Controls

Corporate Penetration Testing

Reverse Engineering Purpose and Practice

Team Training and Exercises

Risk Evaluation and Security Controls

Vulnerability Assessment Introduction

Vulnerability Management Requirements

Vulnerability Scanner Configuration

Vulnerability Assessment Tools

Scanning and Enumeration with Nmap

Intro to Vulnerability Scanning with Nessus

Vulnerability Remediation

Scanning and Report Viewing with OpenVAS

Endpoint and Protocol Analysis

Logging Strategies and Sources

Reviewing, Analyzing and Correlating Logs

Network Vulnerabilities

System Vulnerabilities

Web Application Vulnerabilities

Wireless Network Vulnerabilities

Virtual Infrastructure Vulnerabilities

Threats to Mobile Devices

ICS and SCADA Systems Security

Malware and Social Engineering Threats

Preparing for Impact Analysis

Forensics Kit and Incident Response

Forensic Investigation Suite

Setting Up an Analysis Environment

Communication During Incident Response

Common Symptoms of Host Infection

Incident Response and Recovery Part 1 of 2

Incident Response and Recovery Part 2 of 2

Regulatory Compliance and Frameworks

Control Selection Tailoring and Implementation

Verification and Quality Control

Procedures Supporting Policy

Enterprise Network Authentication Part 1 of 2

Enterprise Network Authentication Part 2 of 2

Cross-site Scripting and Other Exploits

Privilege Escalation Exploit

Technical Processes and Controls

Software Development Models and SDLC

Code Review and Testing

Secure Coding Best Practice Resources

Preventative Cyber Tools

Collective Cyber Tools

Analytical Cyber Tools

Exploit Cyber Tools

Forensics Cyber Tools

Course Test

9 Hours

Cyber Security Investigations

Skill Level: Beginner

+ Description

This course discusses the basic concepts of cybersecurity and digital forensics investigation practices. Topics include performing collection and triage of digital evidence in response to an incident, evidence collection methodologies, and forensic best practices. This is an introductory course reviewing the processes, methods, techniques, and tools in support of cyber security investigations.

Learning Objectives:

Understand the process of integrating forensics collection and analysis program into an organization.
Recognize concepts involved in the Forensic Process.
Apply necessary preparation to perform collections and incident response according to best practices.
Understand methods, goals and objectives for digital forensic collection activities.
Apply techniques and tools for conducting evidence collection, triage, and log analysis.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Collect and Operate

Cyber Operations

Cyber Operator

Investigate

Cyber Investigation

Cyber Crime Investigator

Investigate

Digital Forensics

Cyber Defense Forensics Analyst

Protect and Defend

Incident Response

Cyber Defense Incident Responder

+ Course Modules/Units

Purpose of Computer and Network Forensics

Digital Forensics Tools

Forensics Team Staffing Considerations

Digital Forensics Guidelines, Policies, and Procedures

Digital Forensics Life Cycle

Digital Forensics Best Practices

Digital Forensics Concepts

Locard's Exchange Principle

Incident Response Phases Part 1 of 3

Incident Response Phases Part 2 of 3

Incident Response Phases Part 3 of 3

Computer Forensics Process Part 1 of 2

Computer Forensics Process Part 2 of 2

Digital Forensic Planning and Preparation

IR and Digital Forensics Tools

Forensically Prepared Media, Tools and Equipment

Incident Response Information Gathering

Incident Response Acquisition Considerations

Incident Response Notes and Documentation

Auditing Windows Event Logs

Volatile Data Collection

Storage Media Collection

Network Data Collection

Log Collection

Data Carving using FTK

Digital Forensic Triage Overview

Incident Triage Process

Incident Triage Methodology

Attacker Methodology Overview Part 1 of 3

Attacker Methodology Overview Part 2 of 3

Attacker Methodology Overview Part 3 of 3

Triage: Light and General Collections

Triage Analysis

Triage Analysis of Volatile Data

Program Execution

Analyzing Services

Malware Vectors and Detection

Mobile Device Triage Analysis

IR: Following a Trail

Hash and File Signature Analysis

Time Analysis

Registry Analysis

File Analysis Demonstration

Hashing with md5deep

Hash Analysis with Autopsy

Lessons Learned from an Incident

Lessons Learned from Objective and Subjective Data

Evidence Retention and Information Sharing Post Incident

Cyber Security Investigations Exam

17.5 Hours

Cybersecurity for Technical Staff

Skill Level: Beginner

+ Description

This course highlights best practices applicable to a wide variety cybersecurity job roles. Topics include risk management, architecture and design, and tools and technologies. This course also covers key concepts for detecting, protecting, and defending from security threats.

Learning Objectives:

List common cyber threats and how scanning and assessment tools and techniques identify potential vulnerabilities.
Explain how various tools and technologies are configured or deployed to support an organization's security posture.
Detail risk management best practices and mitigation strategies.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

Systems Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

Malware: Viruses

Malware: Rootkits, Trojans, Botnets

MITM, DoS, Packet Flooding and Other Attacks

Backdoor, Spoofing, Replay and Other Attacks

Password, Birthday, Crypto and Application Attacks

Social Engineering Techniques

Wireless Attacks

Application Attacks

Threat Actors

Assessment Tools and Techniques

Active and Passive Reconnaissance

Security Testing and Assessment

Firewall Implementations

Proxy Server Implementations

Hubs and Switches

Routers and Routing Protocols

Remote Access and VPNs Part 1 of 2

Remote Access and VPNs Part 2 of 2

Network Intrusion Detection Systems

Host-Based Intrusion Detection Systems

Password Cracking Categories and Tools

Password Cracking Techniques

DEMO: Local Information Gathering Tools

DEMO: Network Connectivity Testing Tools

DEMO: Remote Information Gathering Tools

Mobile Device Security

Mobile Device Deployment

Network Security Protocols

Network Services and Protocols

Frameworks and Reference Architectures

Network Zones

Demilitarized Zones (DMZ) Implementations

Security Device and Technology Placement

Host Security: OS Hardening and Firewalls

Host Security: Anti Virus, Malware and Spam

Host Security: Pop Ups and Patch Management

Secure Static Environment

Secure Staging Deployment Concepts

Cloud and Virtualization Concepts

Cloud Architectures

Host Security: Virtualization

Resiliency and Automation to Reduce Risk

Physical Security and Environmental Controls

Access Control Categories

Authentication Services

Access Control Models

Authentication and Authorization Concepts

Biometric Authentication

Account Management

Identity Management

Security Awareness and Training

Risk and Related Concepts

Risk and Asset Identification

Threat and Risk Calculation

Risk Control Types

Security Control Types and Categories

Basic Forensics Procedures

Incident Handling and Forensics

Incident Response Preparation

Risk Management: Business Continuity

Risk Management: Redundancy and Fault Tolerance

Risk Management: Disaster Recovery

Risk Mitigation Strategies

Data Security

Data Destruction and Disposal Methods

Data Sensitivity and Handling

Mitigation and Deterrence: Logging

Mitigation and Deterrence: Hardening

Mitigation and Deterrence: Network Security

Mitigation and Deterrence: Attack Countermeasures

Cryptography Part 1 of 2

Cryptography Part 2 of 2

Wireless Security Evolution

Wireless Security Best Practices

Cryptographic Keys and PKI

Course Test

2 Hours

Cyber Supply Chain Risk Management

Skill Level: Beginner

+ Description

This course focuses on cyber supply chain risk management, also known as C-SCRM, and the role it plays within our society today. This course will explain how to securely provision, analyze, oversee and govern, protect and defend a supply chain.

Learning Objectives:

Describe product supply chains and life cycles.
Identify the role of adversaries in supply chain risk management.
Define the risks associated with supply chains.
State the principles of supply chain management.
Identify security measures taken to protect a supply chain.
Apply suggested tools to address supply chain vulnerabilities.
Explain how knowledge of the 'internet of things' (IoT) is used to evaluate products as IoT devices.
Recognize potential dangers posed by various devices brought to work.
Identify the threats outlined for acquisitions personnel through the Federal Acquisition Regulation (FAR).
Define how to personally safeguard your organization's cybersecurity.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

All-Source Analyst

Analyze

Exploitation Analysis

Exploitation Analyst

Analyze

Threat Analysis

Threat/Warning Analysis

Analyze

Targets

Target Developer, Target Network Analyst

Oversee and Govern

Program/Project Management and Acquisition

Program Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

Securely Provision

Software Development

Software Developer

Securely Provision

Systems Development

Systems Developer

+ Course Modules/Units

Supply Chain Risk Management

1 Hour

CyberStat Workshops – Zero Trust Pillar 1: Identity (Part 1)

Skill Level: Beginner

+ Description
	On Wednesday, April 20, 2022, the CyberStat Program, along with Subject Matter Experts from the OMB Office of the Federal Chief Information Officer, General Services Administration(GSA), and CISA’s Office of the Technical Director, hosted the CyberStat Workshop “Zero Trust Pillar 1: Identity (Part 1).” Attending agency representatives had the opportunity to learn more about Zero Trust Implementation Tasks, Multi Factor Authentication, including phishing resistant MFA for Public Facing Systems, the new password policy, and how the new policy can be implemented. Date: April 20, 2022 Length: 57 minutes Training Proficiency Area: Level 1 - Beginner Training Purpose: Improving the management of policy changes required by EO14028. Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support

+ Course Modules/Units

Zero Trust Pillar 1: Identity (Part 1)

1 Hour

CyberStat Workshops

Skill Level: Beginner

+ Description
	On Wednesday, May 4, 2022, the CyberStat Program, along with Subject Matter Experts from CISA and OMB, hosted the CyberStat Workshop “Zero Trust Pillar 1: Identity (Part 2).” Attending agency representatives had the opportunity to learn more about the role of centralized identity management within their agencies’ structures and gain assistance in how to incorporate device-level signals alongside identity information in authentication. Date: May 4, 2022 Length: 42:53 Training Proficiency Area: Level 1 - Beginner Training Purpose: Improving the management of policy changes required by EO 14028. Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support

+ Course Modules/Units

Zero Trust Pillar 1: Identity (Part 2)

1 Hour

CyberStat Workshops

Skill Level: Beginner

+ Description
	On Tuesday, June 28, 2022, the CyberStat Program, along with subject matter experts from CISA and OMB, hosted the CyberStat Workshop Zero Trust Pillar 3: Networks. Agency participants learned about the four tasks in Pillar 3 of M-22-09 and engaged with SMEs to discuss obstacles and challenges in implementing these required tasks. Date: June 28, 2022 Length: 1:05:26 Training Proficiency Area: Level 1 - Beginner Training Purpose: Improving the management of policy changes required by EO 14028. Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support

+ Course Modules/Units

Zero Trust Pillar 3: Networks

1 Hour

CyberStat Workshops

Skill Level: Beginner

+ Description
	On Thursday, August 25, 2022, the CyberStat Program, along with subject matter experts from CISA and USDS, hosted the CyberStat Workshop Zero Trust Pillar 4: Applications and Workloads. Agency participants learned about the five tasks in Pillar 4 of M-22-09 and engaged with SMEs to discuss obstacles and challenges in implementing these required tasks. Date: August 25, 2022 Length: 59:59 Training Proficiency Area: Level 1 - Beginner Training Purpose: Improving the management of policy changes required by EO 14028. Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support

+ Course Modules/Units

Zero Trust Pillar 4: Applications and Workloads

1 Hour

CyberStat Workshops

Skill Level: Beginner

+ Description
	On Thursday, October 13, 2022, the CyberStat Program, along with subject matter experts from CISA, NIST, the Department of Transportation, the Department of State, the Department of Education, and the General services Administration, hosted the CyberStat Workshop Zero Trust Pillar 4: Applications and Workloads. Agency participants learned about the four tasks in Pillar 4 of M-22-09 and engaged with SMEs to discuss obstacles and challenges in implementing these required tasks. Date: October 13, 2022 Length: 51:14 Training Proficiency Area: Level 1 - Beginner Training Purpose: Improving the management of policy changes required by EO 14028. Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support

+ Course Modules/Units

Zero Trust Pillar 5: Data

1.5 Hours

DB Evaluations using AppDetectivePro and dbProtect

Skill Level: Beginner

+ Description

This course focuses on basic database security concepts and methodology. This course demonstrates how tools such as AppDetectivePRO and DbProtect can be used to scan databases in order to uncover configuration mistakes, identification and access control issues, missing patches or any toxic combination of settings that could lead to escalation-of-privilege or denial-of-service attacks, data leakage, or unauthorized modification of data.

Learning Objectives:

Understand importance of database security.
Understand how tools such as AppDetectivePRO and db-Protect can be used to evaluate a database's security posture.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Securely Provision

Systems Development

Systems Developer

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Importance of Databases Security

Databases Security Methodology

AppDetectivePRO Overview

DbProtect Overview

DbProtect Deployment Model

DbProtect Features

DbProtect Demonstration

6 Hours

Deep DNS

Skill Level: Beginner

+ Description
	This course is an introduction to the Domain Name System, or DNS. DNS is a core infrastructure protocol of the internet, and one of the oldest internet application protocols still in use. In this course, you will learn why DNS was created; the main purposes it currently serves; and how it works. This course is intended for security operations professionals.

+ Course Modules/Units

Deep DNS: Purpose, History, and Structure of DNS - Module 1.1

Deep DNS: DNS Applications - Module 1.2

Deep DNS: DNS Analysis Tools - Module 1.3

Deep DNS: DNS Transport Mechanisms - Module 2.1

Deep DNS: DNS as a Transport Mechanism - Module 2.2

Deep DNS: Subverting DNS Integrity - Module 2.3

9 Hours

Demilitarized Zone (DMZ) with IDS/IPS

Skill Level: Intermediate

+ Description

This course introduces the concept of a network Demilitarized Zone (DMZ) and the security benefits it can provide. This course focuses on best practices for designing and implementing a DMZ and includes a section on Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS) that provides an in-depth look at SNORT for network monitoring. The course concludes with log analysis and management best practices.

Learning Objectives:

Present an overview of the DMZ security model and key components.
Discuss DMZ structure, purpose, and operation.
Present different models for implementation to meet network requirements.
Discuss the network threats that a DMZ can detect and mitigate.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Analysis

Systems Security Analyst

Operate and Maintain

Systems Administration

Systems Administrator

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

+ Course Modules/Units

Demilitarized Zone (DMZ) Introduction

DMZ Architecture

DMZ Components: Firewalls Part 1 of 2

DMZ Components: Firewalls Part 2 of 2

Setting up a DMZ using IPTables Demo

DMZ Components: IDS

DMZ Components: IDS/IPS Placement

DMZ Components: Proxy Servers

DMZ Components: Network Servers

DMZ Architectures

Attacking the DMZ Part 1 of 2

Attacking the DMZ Part 2 of 2

DMZ Attack Types Part 1 of 2

DMZ Attack Types Part 2 of 2

DMZ: Open Source vs Commercial Implementations

DMZ: Software Subscription Services

Open Source DMZ Tools Part 1 of 2

Open Source DMZ Tools Part 2 of 2

Proxy Concepts

DNS Concepts

Web Server Concepts

E-mail Relay and VPN Concepts

DMZ and Commercial Software - Part 1

DMZ and Commercial Software - Part 2

Security Capabilities in a DMZ

Security Capabilities in Procmail Demo

Network Security Appliances IDS

Snort Intro and Overview

Using BASE w Snort DB

Snort Demo

Log Mgmt and Analysis Concepts

SYSLOG Basics

Using Swatch Overview

Log Management Best Practices

Proxy and DNS Log File Concepts

Analyzing Proxy and DNS Log Files

DMZ with IDS/IPS Course Quiz

4 Hours

Develop and Publish a Vulnerability Disclosure Policy for Federal Agencies (CISA BOD 20-01)

Skill Level: Beginner

+ Description

This 1/2-day course is a joint collaboration of the Cybersecurity & Infrastructure Security Agency (CISA) and the CERT Division of the Software Engineering Institute at Carnegie Mellon University. The purpose of this training is to help federal civilian agencies meet required actions of BOD 20-01, the Binding Operational Directive to Develop and Publish a Vulnerability Disclosure Policy (VDP) by covering the knowledge of and providing resources for:

Vulnerability report receipt and intake
Developing and publishing a vulnerability disclosure policy
Developing vulnerability disclosure handling procedures
Developing a vulnerability disclosure capability development
Reporting metrics

After completing this course, participants should be able to

Describe agency requirements for developing and publishing a vulnerability disclosure policy (VDP).
Describe the minimum capacity needed to support your vulnerability disclosure handling process.
Explain how vulnerability disclosure and handling is dependent on successful human interaction.
Explain the importance of establishing trust and good relationships with reporters and stakeholders.
List the key resources that can help your agency build your VDP and supporting processes.
Meet the requirements to develop and publish a VDP and supporting handling process.
Understand how and when to work with CISA for assistance and escalation.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Protect and Defend

Vulnerability Management

Vulnerability Manager

+ Course Modules/Units

Develop and Publish a Vulnerability Disclosure Policy

Module 2: Overview of CISA BOD 20-01

Module 3: Essentials of VDP

Module 4: Developing A Vulnerability Disclosure Handling Capability

Module 5: Reporting and Metrics

Module 6: Challenges and Additional Considerations

Module 7: Summary and Wrap-up

2 Hours

DNSSEC Training Workshop

Skill Level: Advanced

+ Description

This course covers the basics of Domain Name System Security Extensions (DNSSEC), how it integrates into the existing global DNS and provides a step-by-step process to deploying DNSSEC on existing DNS zones.

Learning Objectives:

Discuss DNSSEC and supporting mechanisms.
Sign a DNS zone.
Configure Delegation Signer (DS) resource records.
Set up a Secure Resolver.
Discuss server operational considerations.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Securely Provision

Systems Architecture

Security Architect

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

Systems Administrator

+ Course Modules/Units

DNSSEC Introduction

DNS Resolution Steps

DNS Vulnerabilities and Security Controls

DNSSEC Mechanisms

DNS Resource Records (RR)

Special DNS Resource Records

DNS Zone Signing

Secure DNS Zone Configuration-DNSSEC Key Generation

Prepare the DNS Zone File for Signing

Signing the DNS Zone file

Publishing a signed zone

Testing a signed zone

Testing a signed zone through a validator

DNSSEC Chain of Trust

Setting Up A Secure Resolver

Adding a trusted key

Securing the last hop

ZSK Rollover

Using pre-published keys

KSK Rollover

Conclusions

1 Hour

Don't Wake Up to a Ransomware Attack

Skill Level: Beginner

+ Description

Ransomware attacks hit a new target every 14 seconds: shutting down digital operations, stealing information and exploiting businesses, essential services and individuals alike. "Don't Wake Up to a Ransomware Attack" provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to prevent, mitigate, and respond to the ever-evolving threat of ransomware.

This webinar includes the following information and more:

Definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time
Common signs of a ransomware attack and how to respond if an attack is suspected
Guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack
Case studies demonstrating the impacts of ransomware attacks
A concluding Knowledge Check to reinforce understanding and key takeaways

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from ransomware cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

Define ransomware
Be able to identify signs of a ransomware attack
Learn mitigation steps of ransomware attacks
Understand how to recover from a ransomware attack
Understand impacts of ransomware attacks though case studies

Date: 2020

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

Mission Assessment Specialist

Analyze

Exploitation Analysis

Exploitation Analyst

Analyze

Threat Analysis

Threat/ warning analyst

Collect and Operate

Collection Operations

All-Source Collection Manager, All-Source Collection Requirements Manager

Investigate

Digital Forensics

Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst

Operate and Maintain

Customer Service and Technical Support

Technical Support Specialist

Operate and Maintain

Data Administration

Data analyst, database administrator

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support specialist

Protect and Defend

Incident Response

Cyber defense incident responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability assessment analyst

Securely Provision

Risk Management

Authorizing official; security control assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Don’t Wake Up to a Ransomware Attack

1.5 Hours

Dynamic Testing using HPE WebInspect

Skill Level: Beginner

+ Description

This course introduces learners to dynamic testing tools for web applications and demonstrates how they can be used to identify, evaluate, and mitigate a web application’s potential security vulnerabilities. The focus is on using HPE WebInspect to perform and manage dynamic security vulnerability testing and address results from a developer’s perspective/cybersecurity professional's perspective.

Learning Objectives:

Understand how dynamic testing tools work on web-based applications.
Utilize dynamic testing tools to find common Weakness Enumeration.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Securely Provision

Systems Development

Systems Developer

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Application Security

WebInspect Dynamic Analysis

Installing WebInspect

Run a WebInspect Scan

WebInspect Demonstration

Policy Manager Demonstration

Default Settings Demonstration

Reports

Application Settings and Tools

Comparing Scans

Testing in a Closed versus Open Network

WebInspect Agent, Web Services

3.5 Hours

Elections and IT – Embrace your role as a Manager

Skill Level: Beginner

+ Description

This course is a collaboration between the U.S. Election Assistance Commission (EAC) and the U.S. Department of Homeland Security (DHS) and provides an opportunity to learn why election officials must view themselves as IT managers. The course serves as an overview of information technology and how to ensure security is included in the planning, procuring, designing, implementing, and maintaining of interconnected electronic election systems, including public-facing websites. The content introduces the key concepts of identifying vulnerabilities and how to protect election systems from internal and external threats and provides information on cybersecurity resources available from the EAC and DHS.

Date: 2018

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Securely Provision

Risk Management

Authorizing Official/Designating Representative

+ Course Modules/Units

Professionalizing Election Admin Intro

Being an IT Manager

Election Systems

Procuring IT

Testing and Audits

Election Security

Principles of Information Security

Cybersecurity and Elections

Risk Management and Elections

Phishing and Elections

Election Infrastructure Security

DHS Cyber Security Tools and Services

EAC Resources

4 Hours

The Election Official as IT Manager

Skill Level: Beginner

+ Description

This course focuses on why Election Officials must view themselves as IT systems managers and introduces the knowledge and skills necessary to effectively function as an IT manager. The course includes a review of Election Systems, Election Night Reporting, and Interconnected Election Systems vulnerabilities and liabilities. The content also covers Social Media and Website best practices, vulnerabilities, and liabilities, and addresses Procuring IT, Vendor Selection, Testing and Audits, Security Measures, and Risk Assessments. In addition, this course includes a review of resources available to the election community from the Department of Homeland Security.

Date: 2018

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Securely Provision

Risk Management

Authorizing Official/Designating Representative

+ Course Modules/Units

Professionalizing Election Admin Intro

Being an IT Manager

Election Systems

Technology and the Election Office

Procuring IT

Testing and Audits

Election Security

Principles of Information Security

Physical Security

Cybersecurity and Elections

Human Security

Risk Management and Elections

Incident Response Scenarios and Exercises

Phishing and Elections

DDOS Attacks and Elections

Website Defacing

Election Infrastructure Security

DHS Cyber Security Tools and Services

EAC Resources

12 Hours

Emerging Cyber Security Threats

Skill Level: Intermediate

+ Description

This course covers a broad range of cybersecurity elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. It will cover what the policies are, the roles it plays in cybersecurity, how they are implemented. The course will also look at cybersecurity laws, standards, and initiatives. Topics include policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Threat Analysis

Threat/Warning Analysis

Operate and Maintain

Systems Administration

Systems Administrator

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

Introduction to Cybersecurity Policy

Types of Security Policy

Policy Education and Implementation

Cybersecurity Laws

Proposed Legislation

NIST Cybersecurity Standards

Other Cybersecurity Standards

Comprehensive National Cybersecurity Initiatives (CNCI)

Other Federal Cybersecurity Initiatives

Implementing Cybersecurity Initiatives

SPAM

Malware Trends

Botnets

Monetization

Cyber Attack Profiles

Cyber Crime

Cyberwarfare

Cyber Attack Attribution

Cyber Threat Mitigation

Mobile Device Trends

Mobile Device Threats

Mobile Device Countermeasures

Exploited Threats

What is Cloud Computing?

Technical Risks

Operational Risks

Risk Mitigation Strategies

DISA Cloud Solutions

RFID Introduction

RFID Threats

RFID Countermeasures

Exploited Threats

Introduction and MAC Address Monitoring

MAC Address Spoofing

Managing Traffic Flows

VLANs and Security

802.1x Port Authentication

Network Admission Control

Securing STP

Securing VLANs and VTP

Introduction and Edge Security Traffic Design

Blocking DoS and DDoS Traffic

Specialized Access Control Lists

Routers with Firewalls

Beyond Firewalls: Inspecting Layer 4 and Above

Securing Routing Protocols and Traffic Prioritization

Securing Against Single Point of Failures

Physical and Operating System Security

Management Traffic Security

Device Service Hardening

Securing Management Services

Device Access Hardening

Device Access Privileges

Name Resolution Introduction

Name Resolution and Security

DNS Cache

DNS Security Standards and TSIG

DNSSEC

Migrating to DNSSEC

Issues with Implementing DNSSEC 1

Issues with Implementing DNSSEC 2

IPv6 Concepts

IPv6 Threats

IPv6 Network Reconnaissance

DEMO: IPv6 Network Reconnaissance

IPv6 Network Recon Mitigation Strategies

IPv6 Network Mapping

DEMO: IPv6 Network Mapping

IPv6 Network Mapping Mitigation Strategies

IPv6 Neighbor Discovery

DEMO: IPv6 Address Assignment

IPv6 Attacks

DEMO: IPv6 Alive Hosts

DEMO: IPv6 Duplicate Address Detection (DAD)

DEMO: IPv6 DAD Denial of Services (DOS)

DEMO: IPv6 Fake Router Advertisement

DEMO: IPv6 Man-in-the-middle

IPv6 Attack Mitigation Strategies

IPv6 Tunneling

IPv6 Windows Teredo Tunneling

IPv6 Tunneling Mitigation Strategies

IPv6 Best Practices

24 Hours

Enterprise Cybersecurity Operations

Skill Level: Intermediate

+ Description

This course highlights technical knowledge and skills required for implementing secure solutions in the enterprise. A broad spectrum of disciplines is covered to aid practitioners in applying frameworks and controls to improve the security posture while supporting the business mission.

Learning Objectives:

Describe risk management's role in the enterprise and mitigation strategies for specific threats.
Detail implementing network security strategies and controls for connected devices.
Explain how cloud technologies are leveraged and can support a secure enterprise architecture.
List sources and methods to help stay current with cybersecurity best practices and threat trends and analyzing potential impact to the enterprise.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

All-Source Analyst

Collect and Operate

Cyber Operations Planning

Cyber Ops Planner

Operate and Maintain

Systems Analysis

Systems Security Analyst

Securely Provision

Risk Management

Security Control Assessor

Securely Provision

Systems Architecture

Enterprise Architect

+ Course Modules/Units

Configuration Strategies w/ Spec Compon

Cryptographic Terms and Implementations

Cryptographic Tools and Techniques Part 1 of 2

Cryptographic Tools and Techniques Part 2 of 2

Hybrid Encryption in SSL Demo

Encryption Limitations and Key Length Part 1 of 2

Encryption Limitations and Key Length Part 2 of 2

DEMO: Volume and File Encryption

Hash Functions and Algorithms

Digital Signatures

Digital Certificate Elements

CAs and Public Key Infrastructure

Origins For Cryptographic Standards

Virtual Networking

Intro to Virtualized Computing Part 1 of 2

Intro to Virtualized Computing Part 2 of 2

VLANs and Switching

Storage Types and Considerations

Enterprise Storage

Enterprise Storage Connection Terms

Enterprise Storage and RAID

Securing iSCSI and FCoE and Managing Storage

Network Security Concepts

Network Zones and Remote Access

NW Components Routers and Firewalls Part 1 of 2

NW Components Routers and Firewalls Part 2 of 2

NW Components Intrusion Detection Systems

Networked-based IDS and IPS Deployment

Securing Wireless Part 1 of 2

Securing Wireless Part 2 of 2

DMZ Components

Web Services Concepts

Web Servers and DNS

Securing DNS Best Practices

Proxy Servers and SMTP Relay

NAT and PAT

Infra Design : Firewalls and Proxies

Infra Design : IDS and IPS

Infra Design : Syslog and SIEMs

Infra Design : Switch and Router Security

Infra Design : VPNs and SNMP

SCADA Environments

Application Security : VTC and VoIP

Application Security : Databases and Web Services

Application Security : IPv6

Physical Security Concerns and Controls

Host Security Controls Part 1 of 2

Host Security Controls Part 2 of 2

Web Application Security Design

DEMO: Whitelisting and Blacklisting

Specific Application Issues

Client side vs Server side Processing

Analyzing Business Risk

Risk Management in New Business Models

Risk Mitigation Strategies and Controls

Security Impact of Inter Organizational Change

Calculating Risk Exposure

Incident Response Concepts

Incident Response and Recovery Process

Assessment Tools

Assessment Methods

Assessment Methodologies

Cybersecurity Benchmarks

Security Metrics

Situational Awareness

Analyzing Industry Trends Part 1 of 3

Analyzing Industry Trends Part 2 of 3

Analyzing Industry Trends Part 3 of 3

Applying Analysis to Improve Enterprise Security Part 1 of 4

Applying Analysis to Improve Enterprise Security Part 2 of 4

Applying Analysis to Improve Enterprise Security Part 3 of 4

Applying Analysis to Improve Enterprise Security Part 4 of 4

Integrating Enterprise Disciplines Part 1 of 2

Integrating Enterprise Disciplines Part 2 of 2

Security Controls for Communication and Collaboration

Adv Authentication Tools and Techniques

Software Development Models

System Dev Life Cycle and CS

IT Governance

Cloud based Deploy Models

Cloud Security

Identity Management

Securing Virtual Environments Part 1 of 3

Securing Virtual Environments Part 2 of 3

Securing Virtual Environments Part 3 of 3

Enterprise Storage Advantages and Security Measures

Enterprise Network Authentication Part 1 of 2

Enterprise Network Authentication Part 2 of 2

Practice Exam

1 Hour

Professors in Practice

Skill Level: Beginner

+ Description

In this hour-long webinar National Defense University Professor Roxanne Everetts discusses some key leadership decisions around using Federal Risk and Authorization Management Program (FedRAMP) solutions. FedRAMP is a unique government cloud - it is a combination of cloud security, cybersecurity, and risk management.

Learning Objectives:

Explain FedRAMP and why Federal agencies use FedRAMP. (Hint: It's the law!)
Discuss knowledge key leaders need for cloud solutions, including: FedRAMP structure, how it helps, and how agencies can leverage it.
Describe the FedRAMP governing bodies.
Examine the roles of Cloud Service Providers (CSPs) and Third-Party Assessment Organizations (3PAOs) as FedRAMP participants.
Identify agency responsibilities, which include ensuring they have an Authority to Operate (ATO) letter on file with the FedRAMP Program Management Office (PMO).
Explore the FedRAMP Security Framework (SAF), based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37.
Use the FedRAMP Marketplace to find services that meet agency needs. Any service listed in the Marketplace meets federal security requirements and has already been authorized.

Date: 2020

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer, Cyber Instructor

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

Systems Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

Securely Provision

Systems Requirement Planning

Systems Requirements Planner

+ Course Modules/Units

FedRAMP: A Leaders Dashboard for Compliance – with Professor Roxanne Everetts

2 Hours

Foundations of Cybersecurity for Managers

Skill Level: Beginner

+ Description

This course is designed for managers and other stakeholders who may be involved in decision making that would include considerations for security in a cyber environment but do not have a strong technical background. Discussions focus on cybersecurity concepts and methodologies that are part of building a resilient cyber enterprise. This course explains how people and technology work together to protect mission-critical assets, and the frameworks leveraged to assess and apply security controls. Beginning with governance, laws, and regulations, the course progresses into threats to the environment and identifying corresponding controls and countermeasures, concluding with strategies for business continuity.

Learning Objectives:

Know key concepts of cybersecurity and its relation to the business mission.
Recall risk management strategies and related frameworks.
Identify how cloud services are leveraged and pros and cons of doing so.
Describe common threats, threat actor types, and mitigation techniques.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Collect and Operate

Cyber Operational Planning

Cyber Ops Planner

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

Program Manager

+ Course Modules/Units

Cybersecurity Introduction

Cybersecurity Workforce

Cybersecurity Governance

Cybersecurity Guidance Resources

Laws and Cybersecurity

Common Cyber Threats

Threat Actors

Cybersecurity and Mobile Devices

Security Controls

Security Tools and Measures

Introduction to Cloud Computing

Cloud Architectures and Deployment Models

Cloud Threats and Attacks

Cloud Security

Risk Management Overview

Incident Response and Digital Evidence Types

Risk and Planning Strategies

Foundations of Cybersecurity for Managers Exam

10.5 Hours

Foundations of Incident Management

Skill Level: Beginner

+ Description

This course introduces basic concepts and functions of incident management. This includes where incident management activities fit in the information assurance or information security ecosystem and covers the key steps in the incident handling lifecycle with practices to enable a resilient incident management capability.

Learning Objectives:

Explain the role of incident management.
Distinguish between incident management and incident handling.
Outline the incident handling lifecycle.
Identify key preparations to be established to facilitate incident handling.
Distinguish between triage and analysis.
Identify the basic steps in response.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Threat Analysis

Threat/Warning Analyst

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Incident Response

Cyber Defense Incident Responder

+ Course Modules/Units

Foundations of Incident Management Course Intro

Framing The Need For Incident Management

Incident Management Terms and Processes

Institutionalizing Incident Management Capabilities

Stakeholders in Incident Management

CERT and Other’s Perspective on Threats and Trends

Incident Management Terminology

Incident Management Attack Classes and Actors

Incident Management Malware and DoS Examples

Incident Management Prevention, Detection, and Response

Incident Handling Lifecycle - Prepare

Incident Handling Information

Analyzing Attack Information

Incident Management Monitoring Tools

Incident Management Detection Process

Process to Support Incident Detection and Reporting

What is Situational Awareness?

Non Technical Elements of Situational Awareness

Technical Elements of Situational Awareness

Using Sensors for Requirements Gathering

Incident Handling Lifecycle: Analysis

Incident Handling Lifecycle: Triage

Questions Addressed in Triage

Objectives of Incident Analysis

Tasks of Incident Analysis Part 1 of 2

Tasks of Incident Analysis Part 2 of 2

Data Sources for Analysis

Examples of Data Sources for Analysis

Incident Analysis Exercise Scenario

Preparing For Impact Analysis

Conducting Impact Analysis

Response and Recovery Part 1 of 2

Response and Recovery Part 2 of 2

Mission of the Response Process

Coordinating Response Part 1 of 2

Coordinating Response Part 2 of 2

Sample Attack Mitigations

Benefits and Motivations of Information Sharing

Methods of Information Sharing

Data Models for Information Sharing

STIX/TAXII Protocol

Foundations of Incident Handling Course Summary

Foundations of Incident Management Course Exam

6 Hours

Fundamentals of Cyber Risk Management

Skill Level: Beginner

+ Description

This course focuses on key concepts, issues, and considerations for managing risk. Discussions include identifying critical assets and operations, risk assessment and analysis methodologies, risk management frameworks, and how to determine threats to your business function, mitigation strategies, and response and recovery.

Learning Objectives:

Describe key concepts related to cyber risk management.
Detail risk assessment and analysis methodologies and frameworks.
Identify security controls and countermeasures to mitigate risks and support response and recovery.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Securely Provision

Risk Management

Security Control Assessor

+ Course Modules/Units

Fundamentals of Cyber Risk Management Course Introduction

Risk Management Overview

Standards for Risk Management

OCTAVE

CERT Resilience Management Model Overview

Critical Assets and Operations

Threat Overview

Vulnerabilities

Threat Scenarios

Risk and Impact Analysis

Considerations for Responding to Risks

Risk Mitigation Strategies

Control Methods and Types of Security Controls

Administrative Controls

Selecting Security Controls

Security Control Assessment

Mitigation Strategy and Maintenance

Security Testing and Assessments

Incident Response Terms and Life Cycle

Incident Response Phase 1 of 6 - Preparation

Incident Response Phase 2 of 6 – Detection and Analysis

Incident Response Phase 3 of 6 – Containment

Incident Response Phases 4-5 of 6 – Eradication and Recovery

Incident Response Phase 6 of 6 – Lessons Learned

Business Continuity Plans and Procedures

Disaster Recovery Plans and Procedures

Fundamentals of Cyber Risk Management Exam

1 Hour

Incident Response 101

Skill Level: Beginner

+ Description

This course focuses on cyberattacks, specifically compromises via ransomware. Implementing strategies to defend against attacks as well as preparations for response and recovery in the event of an incident is critical to an organization’s resilience. This course reviews malware types and vectors for compromise, common issues hindering an effective response, best practices for preparing and responding to an infection incident, and defensive measures to strengthen the cybersecurity posture.

Learning Objectives:

Identify the various types of disruptionware, vectors for compromise, and the impact of an infection on business operations.
Recognize the common problems that can hinder effective incident response and prevention activities.
Know the ordered steps in following documented incident reporting procedures including immediate actions and communication.
Explain the importance of defense-in-depth layered strategy for protecting the enterprise with examples of implementation.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Protect and Defend

Incident Response

Cyber Defense Incident Responder

+ Course Modules/Units

Malware Attacks and Vectors of Compromise

Incident Response - Common Problems/Issues

Ransomware Immediate Infection Response

Incident Response Backups

Cyberattack Defensive Strategies

IR Course Exam

6 Hours

Insider Threat Analysis

Skill Level: Advanced

+ Description

This course focuses on helping insider threat analysts understand the nature and structure of data that can be used to prevent, detect, and respond to insider threats. This course focuses on how to work with data from multiple sources to develop indicators of potential insider activity, as well as strategies for developing and implementing an insider threat analysis and response. This course explains the workflow that incorporates expertise and capabilities from across an organization.

Learning Objectives:

Work with raw data to identify concerning behaviors and activity of potential insiders.
Identify the technical requirements for accessing data for insider threat analysis.
Develop insider threat indicators that fuse data from multiple sources.
Apply advanced analytics for identifying insider anomalies.
Measure the effectiveness of insider threat indicators and anomaly detection methods.
Navigate the insider threat tool landscape.
Describe the policies, practices, and procedures needed for an insider threat analysis process.
Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Threat Analysis

Threat/Warning Analyst

Protect and Defend

Vulnerability and Assessment Management

Vulnerability Assessment Analyst

+ Course Modules/Units

Insider Threat Analysis Introduction

Insider Threat Hub Overview

Hub Roles and Responsibilities Part 1 of 2

Hub Roles and Responsibilities Part 2 of 2

Hub Management and Operations

Non-Technical Data Sources Part 1 of 2

Non-Technical Data Sources Part 2 of 2

Technical Data Sources

A Closer Look at Logs

Data Source Prioritization

Indicator Development

Example Analytics

Sequence and Model Development

Insider Threat Anomaly Detection Part 1 of 2

Insider Threat Anomaly Detection Part 2 of 2

Data Correlation and Entity Resolution Part 1 of 2

Data Correlation and Entity Resolution Part 2 of 2

Insider Threat Tools

Insider Threat Mitigation Tools

Meas. Insider Threat Control Efficacy Part 1 of 2

Meas. Insider Threat Control Efficacy Part 2 of 2

Incident Threat Analysis Process

Analyst Workflow

Conducting Analysis

Cognitive Bias

Incident Response

Where Incident Response Fits

Incident Response Options

InTP Incident Response Plans

Insider Threat Ansys Wrap-Up

7 Hours

Insider Threat Program Manager: Implementation and Operations

Skill Level: Intermediate

+ Description

This course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods to develop, implement, and operate program components. The content covered supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance.

Learning Objectives:

Identify critical assets and protection schemes.
Coordinate a cross-organizational team to help develop and implement the Insider Threat Program.
Develop a framework for the Insider Threat Program.
Identify methods to gain management support and sponsorship.
Plan the implementation for their Insider Threat Program.
Identify organizational policies and processes that require enhancement to accommodate insider threat components.
Identify data sources and priorities for data collection.
Identify infrastructure changes and enhancements necessary for implementing and supporting an Insider Threat Program.
Outline operational considerations and requirements needed to implement the program.
Build policies and processes to help hire the right staff and develop an organizational culture of security.
Improve organizational security awareness training.
Identify training competencies for insider threat team staff.

Date: 2020

Training Purpose: Management Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Threat Analysis

Threat/Warning Analyst

Operate and Maintain

Knowledge Management

Knowledge Manager

+ Course Modules/Units

Insider Threat Program Manager Intro

Principles of Insider Risk Management

Activities of an Enterprise Risk Mgmt Process

Controls and Safeguards of Insider Risk Management

Mitigation Strategies for Insider Risk Management

Concepts of Initial Planning for an InTP

Stakeholder Planning and Engagement

Identify Your Starting Point

Insider Threat Program Governance

Roles and Responsibilities in InTP Governance

Insider Threat Program Governance Challenges

Building the Insider Threat Program Plan

Developing a Phased Implementation

Implementation Options for Insider Threat Program

Building Your Program with Compliance in Mind

InTP Placement in Organization

Naming the InTP

Developing an InTP in a Classified Environment

Building the InTP Team

InTP Team Size

Key Roles Within the InTP Team

Insider Threat Hub Operations

Insider Threat Hub Staffing

Data Sources Part 1 of 2

Data Sources Part 2 of 2

Selecting Data Sources

Using Data Sources

Protecting Data Sources

Tools for InTP Teams

Hub Building Considerations

Managing Insider Investigations and Incidents

Considerations: Investigations and Incidents

Insider Threat Incidents

Insider Threat Training and Awareness

General Employee Training and Awareness

InTP Team and Working Group Training

Customized Role-Based Training

Classified Systems and Data Training

Management and Supervisor Training

Problems and Considerations

Measuring Insider Threat Program Effectiveness

Different Metrics for Different Audiences

Return on Investment (ROI)

Making Measurements: Assessments and Evaluations

Unintended Consequences of InTPs

Potential Negative Impacts from InTP Activities

Achieving Balance Using Positive Incentives

Creating the Proper Culture: Policy and Practice

InTP Maintenance Part 1 of 3

InTP Maintenance Part 2 of 3

InTP Maintenance Part 3 of 3

Insider Threat Program Manager Wrap-Up

1.5 Hours

Introduction to Computer Forensics

Skill Level: Beginner

+ Description

This course introduces the tasks, processes, and technologies to identify, collect and preserve, and analyze data so that it can be used in a judiciary setting. This course begins with obtaining and imaging data and then describes each step in following the forensic process.

Learning Objectives:

Explain the importance and the processes necessary to handle data to ensure its admissibility in a court of law.
List steps in the computer forensics process and goals for each step.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Exploitation Analysis

Exploitation Analyst

Investigate

Digital Forensics

Cyber Defense Forensics Analyst

+ Course Modules/Units

Computer Forensics - Introduction

Computer Forensics - The Process

Computer Forensics - Following the Process – On-Site

Computer Forensics - Following the Process – On-Site - Encryption

Computer Forensics - Following the Process – On-Site - Memory

Computer Forensics - Following the Process – On-Site - Verification

Computer Forensics - Following the Process – Analysis

Computer Forensics - Following the Process – Report Findings

Computer Forensics - Following the Process – Data Preservation

Computer Forensics - Laws

Computer Forensics - Summary

Computer Forensics - Questions

2 Hours

Introduction to Cyber Intelligence

Skill Level: Beginner

+ Description

This course focuses on what cyber intelligence is and how to acquire, process, analyze, and disseminate information that identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making. The course explains the current threat landscape and the importance of cyber intelligence, describes how cyber intelligence differs from cyber security and cyber threat intelligence, and explores intelligence tradecraft fundamentals. The content covers analytical techniques, estimative writing, and briefing within a cyber intelligence construct.

Learning Objectives:

Discuss the threat and data landscape.
Apply traditional intelligence tradecraft to the Cyber Domain.
Define and describe a Cyber Intelligence Framework involving Human-Machine Teaming.
Describe structured analytical techniques and biases.
Communicate analytic findings effectively and recommend courses of action to practitioners and decision makers.

Date: 2020

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

All-Source Analyst

Analyze

Threat Analysis

Threat/Warning Analyst

Investigate

Cyber Investigation

Cyber Crime Investigator

+ Course Modules/Units

What is Cyber Intelligence?

Cyber Intelligence - Why Should You Care?

Cyber Intelligence - Skills, Traits, Competencies

Cyber Intelligence - Conceptual Framework

Environmental Context

Data Gathering

Threat Analysis

Strategic Analysis

Reporting and Feedback

Human and Machine Teaming

The Art and Science of Cyber Intelligence

Cognitive Biases

Logical Fallacies

Analytical Acumen - The Science

Analytic Methodologies - Diagnostic Technique

DC Sniper: Beltway Attacks

Analytical Methodologies - Contrarian Technique

Analytical Methodologies - Imaginative Technique

Analytical Methodologies - Network Analysis

Analytical Methodologies - ACH

Analytical Methodology – Systems Dynamics Modeling

Intelligence Writing - Why It Matters

Estimative Language

Briefing Tips

Intro to Cyber Intelligence Quiz

5 Hours

Introduction to Data Packet Analysis

Skill Level: Intermediate

+ Description
	This course orients analysts to the various types of information that can be found in packets, uses Wireshark as the packet capture and analysis tool, and explains why data available in packets can be affected by the location of the packet capture in the network environment.

+ Course Modules/Units

Introduction to Data Packet Analysis

Module 1.2: Wireshark Operation

Module 1.3: Analyzing Packets with Wireshark

Module 1.4: The Effect of Location on Packet Capture and Analysis

Module 1.5: What Wireshark Packet Analysis Can Reveal and What It Can't

4 Hours

Introduction to Investigation of Digital Assets

Skill Level: Beginner

+ Description

This course is designed for technical staff who are new to the area of Digital Media Analysis and Investigations. It provides an overview of the digital investigation process and key activities performed throughout the process.

Date: 2012

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Investigate

Digital Forensics

Cyber Defense Forensics Analyst

Investigate

Cyber Investigation

Cyber Crime Investigator

+ Course Modules/Units

Investigations of Digital Assets

Exercise Setup

Exercise Debrief

What is an Investigation with Digital Assets?

Digital Investigation Process

Preparation Phase

Data Collection Phase

Data Analysis Phase

Findings Presentation Phase

Incident Closure Phase

Digital Investigation Process Summary

Introduction to Artifact Analysis

Artifact Analysis Capabilities

Artifact Analysis Process

Surface and Comparative Analysis Process

Surface and Comparative Analysis Process-Continued

Runtime Analysis Process

Static Analysis Process

Sample Analysis: Runtime

Sample Analysis: Static

Malware Analysis Summary

Analysis Exercise

1.5 Hours

Introduction to Threat Hunting Teams

Skill Level: Beginner

+ Description

This course provides basic definitions, activities, and examples of teams hunting threats in the cyber domain. The course addresses the differences between hunting team activities and those of incident management teams or penetration testing teams. The content covers how hunting teams establish goals, methods used by threat hunting teams, and sources available to help read and interpret the threat landscape.

Learning Objectives:

Define threat hunting, what it means to hunt and how to hunt as a team.
Differentiate between hunting teams and other types of cyber security teams.
Describe how goals influence the method and success of hunting teams.
Recognize the types of threat analysis information available and how to interpret the facts presented.
Understand the three types of threat models and explain one in detail.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Threat Analysis

Threat/Warning Analyst

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

Defining Threat Hunting

Examples and Goals of Threat Hunting

Differences Between Hunt Teams and Other Cyber Teams

Threat Landscape

Types of Threat Modeling

Hunting Methods on Networks

Teaming and Automation Example

Threat Hunting Teams Course Exam

4 Hours

Introduction to Windows Scripting

Skill Level: Beginner

+ Description

This course focuses on writing scripts for the Microsoft Windows operating system. It covers fundamentals and syntax for automating administrative and security monitoring tasks. The course presents the basics of Windows BATCH scripting syntax and structure, along with several Windows command line utilities to harness the powerful capabilities built into Windows.

Learning Objectives:

Understand fundamentals of Windows BATCH scripting, including syntax and structure.
Perform redirection, piping, standard input / output, error handling, conditional statements, jumps, and command line parameters.
Apply built-in commands like net, netsh, xcopy, and findstr to perform more complex functions.
Understand best practices for writing and debugging Windows scripts.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

Systems Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

+ Course Modules/Units

Scripting Basics Overview

Windows BATCH Scripting Basics

Windows BATCH Scripting_Variables

Windows BATCH Scripting_Loops

Windows BATCH Scripting_Functions

Windows Script Error Handling and Troubleshooting

Windows Script Best Practices and Examples

Windows Scripting Demo

Scripting for Penetration Testing

Windows Scripting Utilities_xcopy

Windows Scripting Utilities_findstr

Windows Scripting Utilities_net Commands

xcopy Examples Demo

WMI and WMIC

PowerShell Commands

PSExec

Windows Management Instrumentation Demo

Intro to Windows BATCH Quiz

5 Hours

IPv6 Security Essentials Course

Skill Level: Advanced

+ Description

This course begins with a primer of IPv6 addressing and its current deployment state, discusses Internet Control Manager Protocol version 6 (ICMPv6), Dynamic Host Configuration Protocol version 6 (DHCPv6), and Domain Name System version 6 (DNSv6), and concludes with IPv6 Transition Mechanisms, security concerns, and management strategies. This course includes several reinforcing video demonstrations, as well as a final knowledge assessment.

Learning Objectives:

Primer of IPv6 addressing
Describe current deployment state
Explain ICMPv6, DHCPv6, and DNSv6
Explore IPv6 Transition mechanisms
Identify security concerns
Incorporate management strategies

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

Operate and Maintain

Systems Analysis

Systems Security Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

Securely Provision

Systems Architecture

Systems Architect

+ Course Modules/Units

IPv6 Introduction

IPv6 Adoption

DEMO: IPv6 Network Reconnaissance

IPv6 Addressing Part 1 of 2

IPv6 Addressing Part 2 of 2

IPv6 Packet Header

DEMO: IPv6 Header Analysis

ICMPv6

IPv6 Address Assignment

DEMO: IPv6 Address Assignment

IPv6 Web Browsing

IPv6 Transition Mechanisms Part 1 of 2

IPv6 Transition Mechanisms Part 2 of 2

DEMO: IPv6 Tunneling

IPv6 Security Concerns

DEMO: IPv6 Network Mapping

IPv6 Security Mitigation Strategies

DEMO: IPv6 Network Monitoring Tools

IPv6 Ready

IPv6 Security Essentials Key Takeaways

DEMO: IPv4 and IPv6 Subnetting

DEMO: IPv6 Addressing on Router Interfaces

DEMO: Setting up RIP for IPv6

DEMO: Configuring OSPFv3

DEMO: IPv6 Alive Hosts

DEMO: IPv6 Duplicate Address Detection (DAD)

DEMO: IPv6 DAD Denial of Services (DOS)

DEMO: IPv6 Fake Router Advertisement

DEMO: IPv6 Man-in-the-middle

IPv6 Security Essentials Quiz

11 Hours

ISACA Certified Information Security Manager (CISM) Prep

Skill Level: Intermediate

+ Description

The self-study resource prepares learners for the CISM exam. This course focuses on information security management expertise through in-depth lecture topics, reinforcing demonstrations, and a practice exam. This course includes concepts from the four job practice areas: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.

Learning Objectives:

Explain how information security governance and supporting processes are used to align security strategy with organizational goals and objectives.
Detail strategies to manage risk to an acceptable level in support of organization goals and objectives.
Describe the information security program's role in the organization's security posture by managing and protecting assets while supporting goals.
Detail means to minimize the impact to operations in the event of a security incident through establishing detection, response, and recovery capabilities.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

Program Manager

Operate and Maintain

Systems Analysis

Systems Security Analyst

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

CISM Course Introduction

IS Governance Domain Overview

Information Security (IS) Management

Importance of IS Governance Part 1 of 2

Importance of IS Governance Part 2 of 2

IS Management Metrics

ISM Strategy Part 1 of 2

ISM Strategy Part 2 of 2

Elements of IS Strategy

IS Action Plan for Strategy

DEMO: Key Goal, Risk, Performance Indicator

Risk Management Overview and Concepts

Risk Management Implementation

Risk Assessment: Models and Analysis

DEMO: Calculating Total Cost of Ownership

DEMO: Recovery Time Objective (RTO)

Compliance Enforcement

Risk Analysis: Threat Analysis

IS Controls and Countermeasures

Other Risk Management Considerations Part 1 of 2

Other Risk Management Considerations Part 2 of 2

DEMO: Cost Benefit Analysis

Information Security Program Development

Information Security Program Management

Outcomes of Effective Management

IS Security Program Development Concepts

Scope and Charter of IS Program Development

IS Management Framework

IS Framework Components

IS Program Roadmap

Organizational Roles and Responsibilities

Information Security Manager Responsibilities

Other Roles and Responsibilities in IS

Information Security Program Resources

IS Personnel Roles and Responsibilities

IS Program Implementation Part 1 of 2

IS Program Implementation Part 2 of 2

Implementing IS Security Management Part 1 of 2

Implementing IS Security Management Part 2 of 2

Measuring IS Management Performance

Common Challenges to IS Management

Determining the State of IS Management

Incident Management and Response

Incident Management Part 1 of 2

Incident Management Part 2 of 2

IMT IRT Members

Incident Response Planning Part 1 of 2

Incident Response Planning Part 2 of 2

DEMO: Phishing Emails

DEMO: Incident Management Workflow

Recovery Planning Part 1 of 2

Recovery Planning Part 2 of 2

DEMO: RTIR Incident Response Tool Part 1 of 2

DEMO: RTIR Incident Response Tool Part 2 of 2

CISM Practice Exam

11 Hours

(ISC)2 (TM) CAP Certification Prep Self Study 2014

Skill Level: Intermediate

+ Description

This course prepares learners for the Information Security Certification (ISC)2 Certified Authorization Professional (CAP) certification exam. This course focuses on the process of authorizing and maintaining information systems. Topics include understanding the Risk Management Framework (RMF), selection, implementation, and monitoring of security controls as well as the categorization of information systems. A practice exam is included.

Learning Objectives:

Provide a review of the 7 (ISC)2 CAP domains.
Supplemental preparation for the (ISC)2 CAP certification exam.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

CAP Course Introduction

Risk Management Approach to Security Authorization

Risk Management Framework Steps

Risk Management Framework Phases

RMF Roles and Responsibilities

Organization Wide Risk Management

Managing Risk

Assessor Independence and External Environments

System Development Life Cycle

Alignment of RMF with SDLC Review

RMF Legal and Regulatory Requirements

NIST Publications

Continuous Monitoring Strategies

RMF Guidance Review

Defining Categorization

Categorization Examples

Categorization Process

Security Plans and Registration

Categorize

Selection Step Tasks

Selection Step Definitions

Security Controls Guidance

Privacy and Security Controls

Control Selection and Supplemental Guidance

Tailoring Security Controls

Control Assurance and Monitoring

Control Assurance and Monitoring - Continued

Select

Implementing Security Controls Overview

Integrating Implementation

Implement

Preparing for Control Assessments

Conducting Control Assessments

Security Assessment Report

Remediation Actions and Process Review

Assess

Authorization Documentation

Risk Determination and Acceptance Part 1 of 3

Risk Determination and Acceptance Part 2 of 3

Risk Determination and Acceptance Part 3 of 3

Authorization Decisions

Prioritized Risk Mitigation and Authorization Review

Authorize

Assessments and Configuration Management

Ongoing Security Control Assessments

Monitor

CAP Certification Prep Practice Exam

2 Hours

CDM 142 – Asset Management with the CDM Agency Dashboard

Skill Level: Beginner

+ Description

This course is a recording of a virtual 2.5 hour course and presents an ES-5 overview of how the dashboard provides visibility into the metrics and measurements needed for a continuous monitoring program. It explains how to create queries for hardware (HW) and software (SW) assets and introduces a framework for using data reports to inform risk-based decision-making. Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.

Learning Objectives:

Understand CDM agency dashboard functionalities around asset management
Learn how to create asset management queries
Learn how to create reports

Date: April 2023

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category	Specialty Area	Work Roles
Operate and Maintain	Systems Administration, Systems Analysis	System Administrator, Systems Security Analyst
Oversee and Govern	Cybersecurity Management	Information Systems Security Manager
Oversee and Govern	Program/Project Management and Acquisition	IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
Protect and Defend	Cyber Defense Analysis	Cyber Defense Analyst

+ Course Modules/Units

Asset Management with the CDM Agency Dashboard

0.25 Hours

Micro Learn: CDM Dashboard Interface ES-5 Overview

Skill Level: Beginner

+ Description

This CDM Agency Dashboard video will provide a foundation level of knowledge and background that will help end users of the dashboard better understanding the functionality of ES-5 of the CDM Agency Dashboard.

Learning Objectives:

Understand the Header Section of the CDM Agency Dashboard ES-5
Utilize the Tool Bar feature the dashboard
Provide an overview of the Query Bar
Become familiar with the Time Filter of the dashboard
Understand the Navigation Panel and Navigation Drawer features of the dashboard

Date: May 2022

Length: 10 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

+ Course Modules/Units

CDM Agency Dashboard Interface - Video

22.5 Hours

(ISC)2 (TM) CISSP (R) Certification Prep 2018

Skill Level: Advanced

+ Description

This course prepares learners for the CISSP certification exam. This course focuses on the information security field, exam objectives, and the eight domains upon which the exam is based. This course includes reinforcing video demonstrations and a final practice exam.

Learning Objectives:

Explain and apply concepts to design, implement, and manage secure cyber operations.
Develop, document, and implement security policy, standards, procedures, and guidelines.
Apply risk management concepts.

Date: 2019

Training Purpose: Management Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner

Securely Provision

Systems Architecture

Enterprise Architecture

+ Course Modules/Units

CISSP Course Introduction

Security and Risk Management Concepts

Regulatory Compliance and Frameworks

Organizational Privacy Responsibilities

Acquisition Strategies

Computer Crime and Incident Response

International Laws Pertaining to Security

Legal Regulations and Privacy

(ISC)2 Code of Ethics and Ethic Bases

Legal Regulations and Ethics

Policy and Components Overview

BC and DR Initiation and Management

BCP Business Impact Analysis

Vendor Management

System Threats and Countermeasures

Risk Assessment and Countermeasures

Access Control Types

RMF Security Control Assessment Process

Conducting Security Control Assessments

Security Assessment Report

Asset Valuation

Threat Modeling and Reduction Analysis

Security Awareness and Training

DEMO: Security Policy Review

Data Classification

Data Ownership and Retention

Privacy Protection and Data Governance

Security Control Application and Tailoring

Security Control Selection

Data Protection Method (DLP)

Secure Design Principles

Secure Design Standards and Models

Database System

Key Crypto Concepts and Definitions

Securing ICS and SCADA Systems

Industrial Control System Security

DEMO: SCADA Honeynet

Cloud Computing

Cloud Computing Security Issues

Distributed Systems

Parallel and Distributed Systems Security Issues

Internet of Things

Assess and Mitigate Vulnerabilities in Mobile Systems

Cryptographic Lifecycle

Cryptographic Methods

Symmetric Ciphers

Asymmetric Ciphers

Public Key Infrastructure (PKI)

Key Management Practices

Digital Signatures

Hashes and Other Integrity Controls

Salting Hashes

Methods of Cryptanalytic Attacks

Digital Rights Management

Site and Facility Design Criteria

Physical Security Controls

Physical and Environmental Threats

OSI and TCP/IP Models

Telecom and NW Security Layer 1

Telecom and NW Security Layer 2

Telecom and NW Security Layer 3

Telecom and NW Security Layer 4 and 5

Telecom and NW Security Layer 6 and 7

Multilayer and Converged Protocols

Mobile and Wireless Security

Content Distribution Networks

Implementing and Using Remote Access

Virtualization

Access Control Technologies

Access Control Types

Access Control System Strategies

Building Access Control

Operations Area Access Control

Credential Management Systems

Third-Party Identification Service

Cloud Identity

Data Authorization Mechanisms

Rule-Based Access Control

Audit and Assurance Mechanisms

Synthetic Transactions

Code Review and Testing

Misuse Case Testing

Test Coverage Analysis

Interface Testing

Security Audits and Agreements

Digital Investigation and Evidence Analysis

Legal System Investigation Types

Electronic Discovery

Intrusion Detection and Prevention

Continuous Monitoring

Egress Monitoring

Security Operations Concepts

Security Operations Incident Management

Managing Security Services Effectively

DEMO: Whitelisting and Blacklisting

Security Operations Resource Protection

Disaster Recovery Strategy

Maintaining Operational Resilience

Managing Recovery Communications

Test Disaster Recovery Plans (DRP)

Security Education Training and Awareness

Perimeter Security

Perimeter Intrusion Detection

Biometrics and Authentication Accountability

Personnel Privacy and Safety

DEMO: Intro to Dshell Toolkit

SDLC Phases

Software Development Models

System Security Protections and Controls

Agile Development Models

Maturity Models

Integrated Product Teams

Security Environment and Controls

SW Development Security and Malware

Impact of Acquired Software

DEMO: Automated Code Review

CISSP Practice Exam

7 Hours

(ISC)2 (TM) CISSP Concentration: ISSEP Prep

Skill Level: Advanced

+ Description

This course is focused on applying security and systems engineering principles into business functions. This self-study prep course is designed to help learners prepare for the specialized Information Systems Security Engineering Professional (ISSEP) certification exam. The topics in the course cover the five domain areas of the CISSP-ISSEP.

Learning Objectives:

Incorporate security into business processes and information systems.
Demonstrate subject matter expertise in security engineering.
Apply engineering principles into business functions.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Collect and Operate

Cyber Operational Planning

Cyber Ops Planner

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

+ Course Modules/Units

ISSEP Course Introduction

ISSE Responsibilities and Principles

ISSE and IATF

Security Design Principles

Elements of Defense in Depth

RMF Characteristics

Maintaining Operational Resilience

Risk Management Overview

Assessing Risk Part 1 of 2

Assessing Risk Part 2 of 2

Determining Risks

Categorizing Information Systems

Stakeholder Roles and Responsibilities

Requirements Analysis

Using Common and Tailored Controls

Assessing Security Controls

Implementing Security Controls

Authorizing Information Systems

Systems Verification and Validation

Monitor, Manage, and Decommissioning

Defense Acquisition System Overview

Acquisitions Process

System Development Process Models

Project Processes

Project Management

ISSEP Practice Exam

12.5 Hours

(ISC)2 (TM) CISSP:ISSMP Prep 2018

Skill Level: Advanced

+ Description

This course is intended for individuals with strong management and leadership skills and interested in focusing on establishing, presenting, and governing information security programs. This self-study prep course reviews the six common body of knowledge domains for the Information Security System Management Professional (CISSP-ISSMP) certification exam.

Learning Objectives:

Demonstrate ability to apply leadership and management skills to manage an organization information security program.
Apply the security lifecycle management processes and principles into the system Development lifecycles.
Apply contingency management practices to plan and implement processes to reduce the impact of adverse events.

Date: 2018

Training Purpose: Management Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner

+ Course Modules/Units

ISSMP Course Introduction

Security’s Role - Culture, Vision and Mission

Security’s Role – Management, Support and Commitment

Security’s Role – Board of Dir, Steering Committee

Security Role – IT, HR and Legal

Security’s Role – Strategic Alignment

IS Governance Defined

IS Governance Goals Part 1 of 2

IS Governance Goals Part 2 of 2

Importance of IS Governance

Information Security Strategies

Data Classification and Privacy

Threats to Data Privacy

Data Classification and Privacy Implementations

Security Policy Framework and Lifecycle

Security Requirements in Contracts and Agreements

Security Awareness and Training Programs

Managing the Security Organization

Security Metrics

Security Metrics Indicators

Integrating Project Management with SDLC

System Development Life Cycle (SDLC)

Systems Engineering (CMM)

Vulnerability Management and Security Controls

Service Oriented Architecture Controls

Oversee System Security Testing

Managing Change Control

Risk Management

Risk Management – Threats and Vulnerabilities

Risk Management – Risk Assessments

Calculating Risks

Mitigating Risks

Cyber Threat Intelligence

Detection of Attack Sources

Discovery Challenges and Escalation

DEMO: Escalating Event to Incident

Common Attack Vectors

Root Cause and Investigation

Incident Management Concepts

Incident Management Process

Incident Management Classification

Financial Impact of Incidents

Investigation and Forensic Evidence

Investigations, IH and Response

DEMO: Ditigal Forensics Investigation

Security Compliance Frameworks

Auditing Introduction and Preparation

Evidence Reporting and Auditors

Exception Management

Continuity and Disaster Recovery Planning

Understanding the Business

Insurance

Critical Processes Recovery Objectives

Recovery Obligation Considerations

BCM Site and IT Strategies

Personnel and Recommended Strategies

Design and Testing BCP and COOP

Implementing Continuity and Recovery Plans

Intellectual Property and Licensing

(ISC)2 Code of Ethics

DEMO: Verification and Quality Control

Audit Planning Process

ISSMP Self Study Practice Exam

12 Hours

(ISC)2(TM) Systems Security Certified Practitioner

Skill Level: Beginner

+ Description

This course serves as a preparation for the Systems Security Certified Practitioner (SSCP) certification exam, by demonstrating advanced technical skills and knowledge required to implement and administer infrastructure using security best practices, policies, and procedures.

Learning Objectives:

Demonstrate knowledge of security operations and administration.
Implement risk monitoring, analysis, and mitigation strategies.
Develop and implement incident response and recovery plans.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Systems Analysis

Systems Security Analyst

Operate and Maintain

Systems Administration

Systems Administrator

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

+ Course Modules/Units

SSCP Introduction

Authentication Methods

Single Sign-On and Federated Access

Attribute Based Access Control

Device Authentication

Trust Architectures

Identity Management Lifecycle

Implementing Access Controls

(ISC)2 Code of Ethics

Security Concepts and Controls

Asset Management

Security Control Implementation

Assessing Physical Security

Physical Security Defenses

Administrative Controls

Auditing

System Development and Change Cycle

Change Control and Patch Management

Security Awareness and Training

Risk Management

Risk and Security Assessment

Security Testing and Assessment

Monitoring and Analysis

Monitoring Employees

Log Management

Integrity Checking

Testing and Analysis

Auditing Methodologies

Communicate Findings

Continuous Monitoring and CAESARS

Introduction to Continuous Monitoring

Incident Handling, Response and Recovery

Incident Handling Knowledge Areas Part 1 of 2

Incident Handling Knowledge Areas Part 2 of 2

Incident Handling Response

Incident Handling Countermeasures

DEMO: OpenVAS

Forensics

Business Continuity Planning

Business Impact Analysis

Backup and Recovery Strategies

Redundancy and Storage

Cryptography Terms

Requirements for Cryptography Part 1 of 2

Requirements for Cryptography Part 2 of 2

Steganography

Hashes, Parity and Checksum

Secure Protocols and Cryptographic Methods

Symmetric Cryptosystems

Symmetric and Asymmetric Cryptosystems

Public Key Infrastructure (PKI)

Key Management

Web of Trust

Secure Protocols

OSI and TCP/IP Models

Network Topology

Transmission Media

TCP, UDP and Common Protocols

ARP, DHCP and ICMP

Routers and Routing Protocols

Network Security Protocols

SSCP Exam

2 Hours

LAN Security Using Switch Features

Skill Level: Intermediate

+ Description

This course focuses on different methods of how to secure Local Area Networks (LANs) at the connectivity level. Topics include monitoring media access control (MAC) addresses and port security, limiting MAC & IP spoofing, controlling traffic flows, implementing and enhancing security in virtual local area networks (VLANs), enabling authentication on connection points, and determining host security health. Examples are used throughout to reinforce concepts.

Learning Objectives:

Identify the vulnerabilities and best practices in securing LAN connections.
Understand the management and decision-making processes within the NAC Framework.
Discuss methods of defending against attacks to STP, VLAN, and VTP switch configurations.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Systems Administration

Systems Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

+ Course Modules/Units

Introduction and MAC Address Monitoring

MAC Address Spoofing

Managing Traffic Flows

VLANs and Security

802.1x Port Authentication

Network Admission Control

Securing STP

Securing VLANs and VTP

1 Hour

Professors in Practice

Skill Level: Beginner

+ Description

This hour-long webinar recorded on July 31, 2020 features National Defense University Professor Mark Duke discussing some key leadership decisions when assessing and authorizing systems. The Assessment & Authorization (A&A) process is a comprehensive assessment of policies, technical and non-technical security components, and a system's technical controls followed by leadership agreement that the system meets adequate risk levels before the system is authorized to go into full production.

Learning Objectives:

Explain why we have to do Assessment & Authorization.
Explain Roles & Responsibilities of Assessment & Authorization.
Introduce seven major components of Assessment & Authorization.
Establish Authorization Boundaries.
Introduce Assessment Scanning Tools.
Explain the Role of Security Technical Implementation Guides (STIGs) as potential criteria for Assessment activities.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer, Cyber Instructor

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

Securely Provision

Systems Requirement Planning

Systems Requirements Planner

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

+ Course Modules/Units

A Leader's Approach to Assessment an Authorization (A&A) – with Professor Mark Duke

9 Hours

Linux Operating System Security

Skill Level: Advanced

+ Description

This course focuses on the security features and tools available in Linux as well as the considerations, advantages, and disadvantages of using those features. This course is based on Red Hat Linux and is designed for IT and security managers, and system administrators who want to increase their knowledge on configuring and hardening Linux from a security perspective.

Learning Objectives:

Describe the basic architecture of a Linux system (e.g. kernel, file system formats, permissions, etc.).
Characterize a Linux system (identify distribution, installed packages, active accounts, etc.).
List and explain how to use common command line utilities on a Linux system for analysis purposes.
Operate a Linux system, including patching, modifying services, and other administration tasks.
Use a Linux system to perform analysis work such as malware and incident response analysis.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Systems Analysis

Systems Security Analyst

Operate and Maintain

Systems Administration

Systems Administrator

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

Linux OS Security Introduction

Booting Linux

Linux Recovery

Linux Startup Scripts

Linux Startup Processes

Linux Runlevels Demo

Chkconfig_and_Upstart Demo

Linux Processes and Signals

Linux Process Monitoring

PS_and_Netstat Demo

Linux PS and TOP Demo

Working with Linux PIDs

Linux File System Overview

Linux File Security

Linux File Access Controls

File Integrity Demo

Linux Kernel Tuning

Linux Host Access Controls

Linux User and Group Definition

User Management

Linux Privilege Escalation

Sudoers Demo

Linux Authentication Methods

Linux Viruses and Worms

Linux Trojan Horses

Linux Rootkits

Linux Misconfigurations

Linux Software Vulnerabilities

Linux Social Engineering

Linux Automated Installation

Managing Linux Packages

Package Management Tools Demo

Repositories and System Management

Custom Repository Demo

Linux IPv4 and IPv6

Linux Network Configuration

Linux Tunneling

Kernel Tuning Demo

Linux X11 Forwarding

Linux File Sharing

Linux Grand Unified Bootloader (GRUB)

Configuring GRUB Demo

Security Enhanced Linux

Introduction to IPTables

IPTables Rules

IPFilter

Linux Packet Sniffers

Linux NIDS

Linux HIDS

Linux Antivirus

Linux Secure Shell

Linux Log Management

Linux Scripting Basics

BASH Scripting Demo

IF Statements

Pipes and Redirection

Variables and Regular Expressions

Custom Scripting

Linux Hardening

NSA Hardening Guides

National Vulnerability Database (NVD)

Common Vulnerabilities and Exposures (CVE)

Vulnerability Scanning

Linux Operating System Security Quiz

8.5 Hours

Managing Computer Security Incident Response Teams (CSIRTs)

Skill Level: Intermediate

+ Description

This course focuses on the type and nature of work the CSIRTs may be expected to handle. It provides an overview of the incident response field, including the nature of incident response activities and an overview of the incident handling processes. The course focuses on foundation material, staffing issues, incident management processes, and other issues such as working with law enforcement, insider threat, and publishing information.

Learning Objectives:

Provide an overview of the incident response arena, the nature of incident response activities, and incident handling processes.
Guide learners to understand technical issues from a management perspective, problems and pitfalls to avoid, and best practices where applicable.
Emphasize the importance of CSIRT management predefined policies and procedures.
Discuss what is needed to operate an effective CSIRT.

Date: 2020

Training Purpose: Management Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

All-Source Analyst

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

+ Course Modules/Units

Managing CSIRTS Introduction

CSIRT Management Issues

CSIRT Environment Introduction Part 1 of 2

CSIRT Environment Introduction Part 2 of 2

Formalization of Incident Management

The Incident Handling Process

CSIRT Environment Terms

The Incident Handling Roles and Responsibilities

CSIRT Environment Summary

CSIRT Environment Resources and Summary

CSIRT Staffing

How to Grow & Retain Staff

CSIRT Code of Conduct Part 1 of 2

CSIRT Code of Conduct Part 2 of 2

Media Issues Part 1 of 2

Media Issues Part 2 of 2

Managing the CSIRT Infrastructure Components

Data Security

Physical Security

Equipment for CSIRT Staff

Network and Systems for CSIRT Staff

CSIRT Tools

Incident Management Processes Introduction

IM Processes: Prepare, Sustain, and Improve

IM Processes: Protect Infrastructure

IM Processes: Detect

Situational Awareness

Network and System Monitoring

Critical Information

IM Process: Triage

Triage Activities

IM Process: Response

Response Actions

Response Process Issues

Handling Major Events Part 1 of 2

Handling Major Events Part 2 of 2

Building a Crisis Communication Plan

Publishing Information

Publishing Document Types

Information Sharing

Publishing Information Summary

General Guidance for Measuring and Evaluating

Types of Evaluations

Building a Quality Assurance Framework

Issues to Consider in Your Framework

Resources for Building an Assurance Framework

What Is Insider Threat?

Types of Insider Threat Activities

Malicious Insider Activity Examples

How Bad Is Insider Threat?

CERT Insider Threat Research

Insider Threat Mitigation

Mitigation Security Controls and Practices

Insider Threat Summary

Working with Law Enforcement Part 1 of 2

Working with Law Enforcement Part 2 of 2

Managing CSIRTs Wrap-Up

Video [CSIRTs Resource Overview] (required)

1.5 Hours

Measuring What Matters: Security Metrics Workshop

Skill Level: Beginner

+ Description

This workshop focuses on how to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty, and doubt (FUD), and the latest attack. The Measuring What Matters: Security Metrics Workshop, the learner will learn how to refine a strategic or business objective that meets that S.M.A.R.T.E.R. criteria: Specific, Measurable, Achievable, Relevant, Time-bound, Evaluated, Reviewed, and can be used to initiate the Goal - Question - Indicator - Metric (GQIM) process.

Learning Objectives:

Identify a core set of business goals, based on the business objective, to which the cybersecurity risk measurement program will be applied.
Formulate one or more key questions for each business goal, and use them to help determine the extent to which the goal is being achieved.
Identify one or more indicators for each business goal key question.
Identify one or more metrics for each indicator that most directly inform the answer to one or more questions.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Collect and Operate

Cyber Operational Planning

Cyber Ops Planner

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Securely Provision

Risk Management

Security Control Assessor

+ Course Modules/Units

Measuring What Matters Course Introduction

Why Measure?

Measurement Defined

GQIM Overview

Selecting Business Objectives

Objectives to Goals

Goals to Question

Questions to Indicators

Indicators to Metrics

The Big Picture: Putting It All in Context

Validate Current Questions or Metrics

Getting Started with GQIM

Appendix Cybersecurity Metrics Template

GQIM Process Template

1 Hour

Migration and Security Strategies for FedRAMP Cloud Computing

Skill Level: Intermediate

+ Description

The Migration and Security Strategies for FedRAMP Cloud Computing course is designed to introduce students to the structure and employment of cloud computing using the Federal Risk and Authorization Management Program, or FedRAMP. Topics include cloud computing architecture, FedRAMP structure and roles, FedRAMP security implementations, and FedRAMP-approved cloud deployment options.

Learning Objectives:

Describe the three major deployment models for cloud computing
Discuss cybersecurity issues related to cloud computing
Explain the authority, structure, and roles of major parties that make up FedRAMP
Explain how Cloud Service Providers (CSPs) and FedRAMP processes work to meet federal security requirements
Describe how the FedRAMP framework of "do once, use many times" allows government agencies to reuse previously-approved security documents and structures to simplify data deployments to the cloud
Describe how FedRAMP processes enable a second agency to use a previously approved CSP.
Identify how FedRAMP processes map to and are designed to assure compliance with applicable standards outlined by the National Institute for Standards and Technology (NIST) in its Special Publications 800 series of documents.

Date: 2021

Training Purpose: Management Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Securely Provision

Risk Management

Authorizing Official/Designating Representative

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Protect and Defend

Incident Response

Cyber Defense Incident Responder

+ Course Modules/Units

Cloud Security Through FedRAMP

The FedRAMP Authorization Process

FedRAMP Security Assessment Framework (SAF)

22 Hours

Mobile and Device Security (2015)

Skill Level: Beginner

+ Description

This course focuses on mobile devices, how they operate, and their security implications. This course includes topics such as signaling types, application stores, managing mobile devices, and emerging trends and security and privacy concerns with social media.

Learning Objectives:

Discover mobile device technology components and architectures and how to properly secure them.
Examine historical and current threats to mobile devices and methods for remediating against them.
Establish best practices and procedures for performing mobile device forensic investigations.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Investigate

Digital Forensics

Cyber Defense Forensics Analyst

Operate and Maintain

Customer Service and Technical Support

Technical Support Specialist

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Legal Advice and Advocacy

Privacy Officer/Privacy Compliance Manager

+ Course Modules/Units

Mobile Security Course Introduction

Cellular Network Generations

Network Standards Introduction

CDMA TDMA and GSM Introduction

GPRS Edge and UMTS Introduction

Additional Network Standards

Bluetooth and Wi-Fi

Cellular Network Components

Mobile Switching Center Database

Authentication and Government Standards

4G LTE

Mobile Device Components

Mobile Device Operating Systems

Android Customization

Wireless Technology Introduction

WiFi Standards

Wi-Fi Standards : 802.11ac

WiFi Types

Wireless Fidelity Part 2

WiFi Channels and SSIDs

WiFi Signals and Hardware

Bluetooth

WiMAX

Additional Standards

Near Field Communication

Introduction to Threats

Lost and Stolen Devices

Additional Device-Level Threats

Near Field Communications and Mobile Threats

Application-Level Threats

Rogue Applications

Network-Level Threats

Pineapple Router

Malicious Hotspot

Malicious Use Threats

Mobile Hacking Tools

Mobile Device Security Introduction

Mobile Device Security Introduction Cont.

Android Introduction

Android Security

Android Application Security

Google Android OS Features

Installing Antivirus

iOS Security Model and Platform

iOS Application Security

Jailbreaking iOS

iOS Application Security Cont.

Apple iOS Update Part 1 of 2

Apple iOS Update Part 2 of 2

Windows Phone Security Model and Platform

Windows Implementation and Application Security

Windows Phone Update

WiFi Security

WiMax and Bluetooth

Bluetooth Attack

Protecting Data

Encryption

Android Encryption

iOS Encryption

Email Security

Android and iOS Email Security

Windows Email Security

iOS Hardening

iOS Hardening Cont

Blackberry Hardening

Android Hardening

Android Hardening Cont.

Windows Phone Hardening

Windows Phone Password and Cookies

Windows Phone Wi-Fi

Windows Phone - Find, Wipe, and Backup

Device Security Policies

Exchange and BES

Mobile Device Management

Mobile Device Management Cont.

McAfee Mobility Management

Forensics Overview

Forensics Role and Framework

Device Identification

Device Identification Cont.

Network Data

Network Data Cont.

Preservation

Preservation Cont.

Acquisition

Acquisition Cont.

Device Specific Acquisition

Hashing

Hashing Cont.

Analysis

Archiving and Reporting

Cellebrite

Forensics Demonstration

XRY/XACT

Oxygen and CellXtract

Paraben and MOBILedit!

Additional Methods

Subscriber Data

Benefits of Social Media

Risks of Social Media

Liabilities Associated with Social Media

Social Media Controls

Emerging Trends

Emerging Trends Cont.

New Technologies in Mobile Devices

Mobile Devices and the Cloud

Mobile Security Course Quiz

4 Hours

Mobile Forensics

Skill Level: Advanced

+ Description

This course provides an overview of mobile forensics, the branch of digital forensics that focuses on forensically sound extraction and analysis of evidence from mobile devices. Cell phone investigations have grown exponentially with data from mobile devices becoming crucial evidence in a wide array of incidents. The course begins with highlighting details of the field and then focuses on the iOS architecture, concluding with data acquisition and analysis.

Learning Objectives:

Describe the impact of mobile devices on investigations.
Identify iOS device filesystem, operating system, and security architecture basics.
Explain acquisition and analysis tools and techniques for iOS devices.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Investigate

Digital Forensics

Cyber Defense Forensics Analyst

Investigate

Cyber Investigation

Cyber Crime Investigator

+ Course Modules/Units

Introduction to Mobile Forensics

Importance of Mobile Forensics

Challenges of Mobile Forensics

Handling and Preserving Evidence

File System for iOS Devices

Understanding the Basics of iOS

Understanding iOS Security Architecture

Mobile Forensics Tool Classification

Data Acquisition Types

iOS Jailbreaking

Idenifying an iOS Device

Physical Acquisition of iOS Devices

iTunes Backup Acquisition

Apple File Conduit Acquisition

iTunes Backup Analysis

iCloud Data Acquisition and Analysis

Analyzing Data on iOS Devices

Mobile Forensics Quiz

5 Hours

Mothra 101

Skill Level: Beginner

+ Description
	At the end of this course, participants will be able to list the characteristics that distinguish Mothra from SiLK, identify the major architectural features of Mothra, describe how analysis can be performed in Mothra, and discuss the advantages of using a Jupyter Notebook for collaborative analysis.

+ Course Modules/Units

Module 1: Mothra 101 - Introduction

Module 2: Mothra Architecture and Design

Module 3: Analysis with Mothra

Module 4: Demo of Spark with Mothra

3 Hours

Network Layer 1 & 2 Troubleshooting

Skill Level: Beginner

+ Description

This course reviews troubleshooting methods used in Layer 1 and Layer 2 of the Open Systems Interconnection (OSI) Model. This course covers how to detect, trace, identify, and fix network connectivity issues at the Physical and Data Link layers of the OSI stack. The basics of the Physical and Data Link layers will be covered along with a review of the devices, signaling, and cabling which operate at these layers. Learners will be presented with methods for tracing connectivity issues back to the source and identifying mitigation solutions.

Learning Objectives:

Understand basic overview of components of the first two layers of the OSI model.
Recognize common issues associated with Layer 1 & 2 of the OSI model.
Apply troubleshooting methods associated with the Physical and Data Link Layer.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

Systems Administrator

Operate and Maintain

Customer Service and Technical Support

Technical Support Specialist

Securely Provision

Systems Architecture

Security Architect

+ Course Modules/Units

Network Layer 1 and 2 Troubleshooting Introduction

OSI Physical Layer 1 Overview

Data Transmission Medium Cables and Connectors

Patch Panels

Fiber Optic Cables

Encoding and Signaling Functions

Network Components

Physical Network Design/Topology

Network Troubleshooting Methodology

Common Layer 1 Issues Part 1 of 2

Common Layer 1 Issues Part 2 of 2

Layer 2 Data Link Layer Components Overview

MAC Addresses/Logical Link Control

Layer 2 Protocols

Physical Network Design/Topology

Network Troubleshooting Methodology Review

Common Layer 2 Issues

Layer 2 Troubleshooting Tools

NW Layer 1 and 2 Troubleshooting exam

18 Hours

Network Security

Skill Level: Beginner

+ Description

This self-study resource is designed to help learners prepare for the Networking certification exams. This course is focused on IT infrastructure and networking concepts for junior to mid-level IT professionals in the cyber workforce. Objectives include network operations, security, troubleshooting and tools, as well as infrastructure support.

Learning Objectives:

Design and implement a functional network.
Configure, manage, and maintain network security, standards, and protocols.
Troubleshoot network issues.
Create and support virtualized networks.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

Systems Administrator

Operate and Maintain

Customer Service and Technical Support

Technical Support Specialist

+ Course Modules/Units

Ports and Protocols Part 1 of 2

Ports and Protocols Part 2 of 2

OSI Layers

Properties of Network Traffic

VLANs and VTP

Routers and Routing Protocols

Routing Tables and Types

IP Addressing – IPv6

Traffic Filtering and Port Mirroring

Network Performance Optimization

IP Addressing Components

Subnetting

Network Topologies

Technologies that Facilitate IOT

Wireless Standards Part 1 of 2

Wireless Standards Part 2 of 2

DEMO: Wireless Architecture

Introduction to Cloud Computing

Cloud Security

DNS Service

Dynamic Host Configuration Protocol (DHCP)

Ethernet Standards

Cables and Wires

Cable Termination and Fiber Optic

DEMO: Cables and Connectors

Firewall Implementations

Network Components – Hubs and Switches

DEMO: Contrasting Hubs, Switches,VLANS

Router Setup and MAC Filtering

Installing and Configuring Wireless Networks

SOHO Network

Telephony, VoIP

Network Security Appliances IDS

Advanced Security Devices

Virtual Environments

Network Storage Connection Types

Network Storage and Jumbo Frames

Wide Area Network Technologies

Configuration Management Documentation

Business Continuity and Disaster Recovery

Fault Tolerance and Availability Concepts

Maintainability: MTTR and MTBF

Security Device and Technology Placement

DEMO: Introduction to SNMP

Network Access Security

Remote Access Methods

Operations Policies and Best Practices

Mobile Device Deployment Models

Physical Security Devices

Authentication Services

PKI Public Key Infrastructure

Examples of PKI Use

Network Access Control

Wireless Encryption and Authentication

DoS and MITM Attacks

Wireless Threats and Mitigation

Understanding Insider Threat

DEMO: Malware and Social Engineering Threats

Hardening Network Devices

Switch Loop Protocol

Network Segmentation and Design

Honeypot

Corporate Penetration Testing

Network Troubleshooting Methodology

Hardware Tools for Connectivity Issues

Software Tools for Connectivity Issues

DEMO: NSlookup Dig Google Toolbox

Physical Connectivity Problems

Cable Troubleshooting

Wireless Troubleshooting

Troubleshooting Routers and Switches

Technologies that Facilitate IOT

Practice Exam

13 Hours

Offensive and Defensive Network Operations

Skill Level: Beginner

+ Description

This course focuses on fundamental concepts for offensive and defensive network operations. It covers how offensive and defensive cyber operations are conducted and details U.S. government doctrine for network operations. Topics include network attack planning, methodologies, and tactics and techniques used to plan for, detect, and defend against network attacks.

Learning Objectives:

Apply U.S. government network operations background and doctrine.
Describe offensive and defensive network operations.
Determine offensive network operation missions, planning, and exploitation phases and methodologies.
Derive defensive network operation missions, planning, and methods to detect and defend against network attacks and attackers' methods.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Collect and Operate

Cyber Operations

Cyber Operator

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

+ Course Modules/Units

Cyberspace As A Domain

Joint Publication 3-12(R), Cyberspace Operations Overview Part 1 of 3

Joint Publication 3-12(R), Cyberspace Operations Overview Part 2 of 3

Joint Publication 3-12(R), Cyberspace Operations Overview Part 3 of 3

Joint Communications Overview and Information Environment

Joint Force Communication, System Operations, and Management Planning

Legal Considerations for Cyber Operations Part 1 of 2

Legal Considerations for Cyber Operations Part 2 of 2

Adversaries in Cyberspace Part 1 of 3

Adversaries in Cyberspace Part 2 of 3

Adversaries in Cyberspace Part 3 of 3

Offensive Cyber Operations Background

Offensive Cyberspace Operations Definitions

Offensive Cyberspace Operations Planning and Legal Considerations

Offensive Methodology Planning Examples 1 of 2

Offensive Methodology Planning Examples 2 of 2

Reconnaissance Methodology Overview

Social Engineering for Reconnaissance

Reconn with Automated Correlation Tools and Search Engines Part 1 of 2

Reconn with Automated Correlation Tools and Search Engines Part 2 of 2

Network Mapping for Active Reconnaissance

Port Scanning for Active Reconnaissance

Windows Enumeration Basics

Linux Enumeration Basics

Scanning and Enumerating with Nmap

Exploitation using Direct Exploits and System Misconfiguration

Exploitation with SET Example

Exploitation

Entrenchment

Exploitation Basics

Post-Exploitation

Abuse and Attacks

Defensive Cyberspace Operations (DCO)

DCO Types of Operations

DCO Operational Goals

DCO Best Practices

Defensive Methodology: Understanding the Threat

Defensive Methodology: Tactics

Defensive Methodology: Defense-in-Depth

Incident Management Overview

Incident Management Policies, Plans and Procedures

Incident Management Team Configuration

Incident Response Lifecycle

Defending the Domain

Perimeter and Host Defenses

IDS/IPS Defined Including Advantages and Disadvantages

IDS/IPS Types and Functions

IDS/IPS Location Placements

Intrusion Detection using Snort

Reviewing Alerts and Detecting Attack Phases

Network Traffic Analysis

Methods of Network Traffic Analysis

Wireshark

Log Analysis Methods and Techniques Part 1 of 2

Log Analysis Methods and Techniques Part 2 of 2

Detecting Offensive Operations using Log Analysis

Digital Forensics Overview and Tools

Digital Forensics Methods and Techniques Part 1 of 2

Digital Forensics Methods and Techniques Part 2 of 2

Identifying Phases of Attack Using Digital Forensics

Incident Data: Profile and Analysis

Incident Reporting

Offensive and Defensive Network Operations Exam

4 Hours

Overview of Creating and Managing Computer Security Incident Response Teams (CSIRTs)

Skill Level: Beginner

+ Description

This course focuses on what is needed to create and operate a Computer Security Incident Response Team (CSIRT). The intended audience is individuals tasked with creating a CSIRT and those who may be new to CSIRT issues and processes. Objectives within the course include the benefits and limitations of a CSIRT, CSIRT requirements, services, common policies and procedures, and operational best practices. Previous incident handling experience is not required to partake in this course.

Learning Objectives:

Identify managerial, organizational, procedural, and operational issues regarding the CSIRT role and function.
Describe the issues involved with creating and operating a CSIRT.
Discuss specific topics regarding CSIRT benefits and limitations, requirements and framework, services, policies and procedures, and operational best practices.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Threat Analysis

Threat/Warning Analyst

Oversee and Govern

Cybersecurity Management

Communications Security Manager

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

+ Course Modules/Units

Creating and Managing CSIRTS Introduction

Defining the Problem

Defining Incident Management

Effective Incident Management Processes

Defining Terms Used Throughout the Course

Institutionalizing IM Capabilities

Incident Handling Terms Used Throughout the Course

Defining CSIRTs

Creating an Effective CSIRT

Building a CSIRT: Action Plan Part 1 of 2

Building a CSIRT: Action Plan Part 2 of 2

Building a CSIRT: Where to Begin

Lessons Learned and Team Maturity

CSIRT Components

CSIRT Organizational Models Part 1 of 2

CSIRT Organizational Models Part 2 of 2

CSIRT Policies and Procedures

CSIRT Staffing and Hiring

CSIRT Facilities and Infrastructure

Incident Management Processes Overview

IM Process: Prepare, Sustain, and Improve

IM Process: Protect Infrastructure

IM Process: Detect Events

IM Process: Triage Events

IM Process: Triage Best Practices

IM Process: Respond

IM Process: Respond Issues

IM Process: Best Practices

Creating and Managing CSIRTs Summary

Creating and Managing CSIRTs Resources

5 Hours

Pure Data for Traffic Analysts

Skill Level: Beginner

+ Description
	This course covers tables, basic search methods, tips, scripting, working across tables and queries.

+ Course Modules/Units

Module 1: Introduction

Module 2: Tables

Module 3: Basic Search

Module 4: Tips

Module 5: Scripting

Module 6: Working Across Databases

Module 7: Comp Queries and Temp. Tables

2.5 Hours

Pre-Post Assessment Training

Skill Level: Beginner

+ Description
	Pre-Assessment and Post-Assessment Training (P2T) Description The P2T training supports CISA strategies that are designed to provide more consistent and effective outcome-based cyber risk management support for its customers. The course provides information that includes: Overview of the CISA assessment process, the Pre-Assessment Questionnaire, and suggested post-assessment support enhancements How to utilize the Pre-Assessment Questionnaire and the post assessment materials to facilitate an improved customer experience with DHS assessments Tips and strategies for the effective delivery of an assessment engagement Audience DHS Cybersecurity Advisors (CSA), and regional/state cyber support teams Users of DHS assessments such as the CRR, CRE, and EDM Objectives Provide training on the use of the Pre-Assessment Questionnaire and the PostAssessment Process Facilitate making the assessment engagement more customer relevant Provide an understanding of techniques that can help CSAs leverage assessments to assist customers with managing cyber risk Improve cyber risk outcomes for organizations Materials This course is comprised of a three-hour virtual delivery of targeted content presented by an expert from Carnegie Mellon’s SEI\|CERT Division, supplemented by materials developed by the SEI to support CISA. The course materials include a variety of references to resources related to the course topics, resilience management, risk, and the cyber assessment process Downloadable* materials include: Course content slides Pre-Assessment Questionnaire Guide Post-Assessment-Enhancing Post-Assessment Activities *Available for download on the FedVTE P2T course content Lesson selection page

+ Course Modules/Units

Course Objectives & Background: Lecture 1 of 4

Pre-Assessment Questionnaire: Lecture 2 of 4

Post-Assessment Questionnaire: Lecture 3 of 4

Course Summary: Lecture 4 of 4

Supplementary PDF Files

1 Hour

Radio Frequency Identification (RFID) Security

Skill Level: Beginner

+ Description

This course focuses on securing radio frequency identification (RFID), different components of RFID, how it works, applications in which it is being used, benefits and weaknesses, and the communication range over which it works will be reviewed. Topics include specific concerns with RFID, recommendations for RFID, and security issues that have come to light.

Learning Objectives:

Explain the components, operation, and application of RFID technology.
Understand the privacy implications with using RFID-embedded items.
Differentiate across threat categories.
Describe different security recommendations to secure RFID.
Familiarity with real-world examples of how RFID has been exploited.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Systems Analysis

Systems Security Analyst

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

RFID Introduction

RFID Threats

RFID Countermeasures

Exploited Threats

1 Hour

Professors in Practice – Policy, Barriers, and Modernization

Skill Level: Beginner

+ Description

In May, President Biden signed Executive Order Improving the Nation’s Cybersecurity as a first step toward modernizing cybersecurity defenses by protecting federal networks, improving information-sharing between the U.S. government and the private sector on cyber issues, and strengthening the United States’ ability to respond to incidents when they occur. Join Professor Duke as he kicks off our four-part series on the Executive Order during four webinars in August. He will discuss key leadership decisions on E.O. 14028 Sections 1 -3, Implementing Policy, Removing Barriers, and Modernizing Systems.

Key topics to be covered:

Improving Federal Government cybersecurity policies.
Removing barriers to sharing cybersecurity event information.
Modernizing federal government systems - cloud, zero trust architecture, multi-factor authentication and training.

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer, Cyber Instructor

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirement Planning

Systems Requirements Planner

+ Course Modules/Units

Professors in Practice: Policy, Barriers, and Modernization

1 Hour

Professors in Practice – Software Supply Chain Security

Skill Level: Beginner

+ Description

Professor Richardson will discuss the important security and oversight requirements discussed in Section 4 and 5 of the EO. Join Professor Richardson for a discussion on the role the federal government will play in creating a baseline of security standards for secure software including building in software assurances. He will also discuss the creation of a National Cyber Incident Review Board which will analyze incidents and make recommendations for the future. Join Professor Richardson as he explores session 2 off our four-part series on the Executive Order. He will discuss key leadership decisions on E.O. 14028 Sections 4-5.

Key topics to be covered:

Delivering Secure Software
Creating a Baseline of Security Standards for Secure Software
Creating a National Cyber Incident Review Board

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer, Cyber Instructor

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirement Planning

Systems Requirements Planner

+ Course Modules/Units

Professors in Practice: Software Supply Chain Security

1 Hour

Professors in Practice – Improved Detection and Response

Skill Level: Beginner

+ Description

Professor Trawick will discuss the establishment of standard operational procedures for conducting vulnerability and incident response activities. He will also focus on how the federal government can improve its’ ability to detect malicious cyber activity on federal networks by enabling a government-wide endpoint detection and response system and improving information sharing within the Federal government. Professor Trawick will also discuss the relevancy of creating and maintaining a federal cybersecurity event log. Join Professor Trawick as he explores session 3 off our four-part series on the Executive Order. He will discuss key leadership decisions on E.O. 14028 Sections 6-7.

Key topics to be covered:

Developing a standard set of operational procedures (playbook) for planning and conducting cybersecurity vulnerability and incident response activities.
Enabling federal government-wide endpoint detection and response system.
Improving information sharing.

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer, Cyber Instructor

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirement Planning

Systems Requirements Planner

+ Course Modules/Units

Professors in Practice: Improved Detection and Response

0.75 Hours

Professors in Practice – Improving Federal Investigative and Remediation Capabilities

Skill Level: Beginner

+ Description

Professor Everetts will discuss the importance of cybersecurity event log requirements for federal departments and agencies. Poor logging practices hampers an organization’s ability to detect intrusions, mitigate those in progress, and determine the extent of an incident after the fact. Professor Everetts will also discuss the relevancy of creating and maintaining a federal cybersecurity event log. She will also briefly discuss the required memorandum to establish cybersecurity requirements for National Security Systems. Join Professor Everetts as she explores session 4 off our four-part series on the Executive Order. He will discuss key leadership decisions on E.O. 14028 Sections 8-9.

Key topics to be covered:

Improving federal government’s investigative and remediation capabilities through a robust and consistent logging practices
Maintaining a federal cybersecurity event log
Adopt National Security Systems Requirements

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer, Cyber Instructor

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirement Planning

Systems Requirements Planner

+ Course Modules/Units

Professors in Practice: Improving Federal Investigative and Remediation Capabilities

1 Hour

Professors in Practice – Zero Trust Architecture: How to Choose the Right Model(s) for Your Organization

Skill Level: Beginner

+ Description
	Professor Richardson discusses Mr. Twist’s paper on Zero Trust Implementation and review the range of options available for Departments and Agencies seeking to implement Zero Trust Architecture strategies. They will explore the modular Zero Trust implementation strategy and how leaders can implement a similar approach. Join Professor Richardson as he explores session 3 of our four-part series on Cyber Threat Intelligence and Zero Trust Architecture. Key topics to be covered: Central tenets of Zero Trust security Analysis of various Zero Trust models proposed and utilized Zero Trust model comparisons Recommendations for Zero Trust planning and selection

+ Course Modules/Units

Zero Trust Architecture: How to Choose the Right Model(s) for Your Organization

1 Hour

Professors in Practice – Zero Trust Architecture: Choosing a Model Based on the Task

Skill Level: Beginner

+ Description
	Professor Richardson is joined by special guest Bryan Hall, and together, they will discuss the United States Department of Agriculture (USDA) Information Security Center’s (ISC) efforts to consolidate security and standardize practices. They will provide an in-depth analysis of three case studies where Zero Trust was implemented, the reasons behind the decisions, and lessons learned. Join Professor Richardson as closes out the Professors in Practice series with the fourth and final session. Key topics to be covered: ISC mission and goals Google Beyond Corp, an exploration with recommendations Forrester Research Microcore and Perimeter, an exploration with recommendations VMWare NSX, an exploration with recommendations

+ Course Modules/Units

Zero Trust Architecture: Choosing a Model Based on the Task

1 Hour

Professors in Practice – Cyber Threat Intelligence: Practical Applications and Impact of Information Sharing

Skill Level: Beginner

+ Description
	Professor Work will discuss cyber intelligence communities of practice, exploring their capabilities, production and the various dimensions to be considered when evaluating new reporting. He will look at how traditional tradecraft is sustained and adapted, and how new work practices change in contemporary distributed environments, as well as the risks that such changes can introduce across the intelligence enterprise. Explore the tensions between different incentives underpinning various business models for intelligence as an activity, and the challenges of cyber threat information sharing that can arise in session 2 off our four-part series on Cyber Threat Intelligence and Zero Trust Architecture. Key topics to be covered: Understanding sources of cyber intelligence visibility Evaluating private sector cyber intelligence production based on differing business models and incentives The complications of cyber intelligence providers operating in a global market Changing tradecraft and emerging pathologies Implications of intelligence made public during crisis

+ Course Modules/Units

Cyber Threat Intelligence: From Legislation to Regulation

0.75 Hours

Professors in Practice – Cyber Threat Intelligence: From Legislation to Regulation

Skill Level: Beginner

+ Description
	Professor David Thaw will discuss key leadership decisions on Cyber Threat Intelligence and Zero Trust Architecture. He will discuss how the industry is modernizing federal government systems in relation to cloud, Zero Trust Architecture, multi-factor authentication and training. Kick off the Professors in Practice series with Professor Thaw by joining session 1. Key topics to be covered: Understanding the framework of authorities, resources and institutions relevant to cybersecurity Understanding the frameworks for public-private partnerships and other efforts addressing private-sector cybersecurity Improving federal government cybersecurity policies Removing barriers to sharing cybersecurity event information

+ Course Modules/Units

Cyber Threat Intelligence: Practical Applications and Impact of Information Sharing

2 Hours

Reverse Engineering

Skill Level: Beginner

+ Description

This course focuses on the basics of reverse engineering, the process of analyzing a technology to determine how it was designed or how it operates. By starting with a finished product, in this case computer software, and working backwards to determine its component parts.

Learning Objectives:

Identify common uses for reverse engineering.
Explain the process and methodology of reverse engineering.
Understand some of the legal questions involved in reverse engineering.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Securely Provision

Systems Development

Systems Developer

Securely Provision

Technology R&D

Research & Development Specialist

+ Course Modules/Units

Reverse Engineering

1 Hour

Professors in Practice

Skill Level: Beginner

+ Description

This webinar recorded on July 10, 2020 features National Defense University Professor Mark Duke discussing key leadership decisions to implement the NIST Risk Management Framework (RMF). The RMF is a risk-based approach to implement security within an existing enterprise - it is leadership’s responsibility to ensure adequate and effective system security.

Learning Objectives:

How to prepare your component or organization to initiate the RMF.
How to define, understand, and manage risk to your Information Systems by identifying your threats and vulnerabilities.
Understand the link to the RMF with Supply Chain Risk Management (SCRM) and the Software Development Life Cycle (SDLC).
Understand the new "Prepare" step of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 v2 RMF.
Explain managers’ roles and involvement in each step of the RMF.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer, Cyber Instructor

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirement Planning

Systems Requirements Planner

+ Course Modules/Units

Risk Management Framework for Leaders – with Professor Mark Duke

1 Hour

Root Cause Analysis

Skill Level: Beginner

+ Description

This course explains the root cause analysis for cybersecurity incidents and provides an overview of two different root cause analysis models (and approaches used in these models). This course also describes how root cause analysis can benefit other incident management processes (response, prevention, and detection), and details general root cause analysis techniques that can be adopted as methods for analysis of cyber incidents.

Learning Objectives:

Explain the benefits and challenges of reverse engineering.
Perform basic tasks with reverse engineering tools.
Understand basics of Intel x86 assembly code.
Describe the Microsoft Windows executable file format and understand the basics of the Windows API.
Extract actionable information from ta malicious binary file that can be used in analysis reports.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Threat Analysis

Threat/Warning Analyst

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Incident Response

Cyber Defense Incident Responder

+ Course Modules/Units

Root Cause Analysis Fundamentals

Root Cause Analysis Methods

Cyber Kill Chain Model for Root Cause Analysis

Sample Incident Cause Analysis Workflow

Root Cause Analysis Course Exam

1 Hour

Securing Infrastructure Devices

Skill Level: Intermediate

+ Description

This course focuses on physical security, operating system security, management traffic security, device service hardening, securing management services, and device access privileges.

Learning Objectives:

Understand considerations for securing physical assets, patch management and change management.
Apply methods for securing network management traffic.
Understanding of securing management services such as NTP, SNMP, Syslog.
Understand hardware device hardening.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

Systems Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

Securely Provision

Systems Architecture

Security Architect

+ Course Modules/Units

Physical and Operating System Security

Management Traffic Security

Device Service Hardening

Securing Management Services

Device Access Hardening

Device Access Privileges

1 Hour

Securing Internet- Accessible Systems

Skill Level: Beginner

+ Description

This course focuses on Internet-accessible systems or "Internet of Things" (IoT). Each of these systems and devices can be targeted by threat actors and used to conduct malicious activity if they are unsecured, or worse, these systems can leave vulnerabilities and sensitive information open to exploitation if not properly configured and maintained. This course explains the vulnerabilities of internet-accessible systems and how to prepare for, mitigate, and respond to a potential attack. This course provides key knowledge to inform organizational awareness of internet-accessible system attacks as well as best practices that minimize the likelihood of a successful attack and enable effective response and recovery if an attack occurs.

This webinar is accessible to non-technical learners including managers and business leaders and offers an organizational perspective useful to technical specialists.

Learning Objectives
Enable learners to better defend their internet-accessible systems through awareness of common vulnerabilities, best practices, CISA guidance, and resources:

Define Internet-Accessible Systems and common vulnerabilities
Explain cyber hygiene best practices that prevent attacks.
Understand the impacts of real-life cyberattacks and what an effective organizational response looks like.
Learn steps to identify, mitigate, and recover from Internet-Accessible System attacks.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Data Administration

Data Analyst, Database Administrator

Operate and Maintain

Systems Administration

Systems Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Communications Security Manager; Information Systems Security Manager

Oversee and Govern

Program Management and Acquisition

IT Investment Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Oversee and Govern

Strategic Planning and Policy

Cyber Policy and Strategy Planner; Cyber Workforce Developer and Manager

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

Securely Provision

Risk Management

Authorizing Official/Designating Representative; Security Control Assessor

Securely Provision

System Requirements Planning

System Requirements Planner

+ Course Modules/Units

Securing Internet- Accessible Systems

1 Hour

Securing the Network Perimeter

Skill Level: Intermediate

+ Description

This course focuses on edge security traffic design, blocking Denial of Service / Distributed Denial of Service (DoS/DDoS) traffic, specialized access control lists, routers and firewalls, securing routing protocols, securing traffic prioritization, and securing against Single Point of Failure (SPOF).

Learning Objectives:

Identify perimeter and the approach to protecting that perimeter.
Understand methods to consider for blocking DoS and DDos traffic.
Apply specialized Access Control List considerations.
Implement firewalls and differentiate types to protect the perimeter.
Understand routing protocols and traffic prioritization for networks.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Investigate

Digital Forensics

Cyber Defense Forensics Analyst

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Analysis

Systems Security Analyst

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Incident Response

Cyber Defense Incident Responder

+ Course Modules/Units

Introduction and Edge Security Traffic Design

Blocking DoS and DDoS Traffic

Specialized Access Control Lists

Routers with Firewalls

Beyond Firewalls: Inspecting Layer 4 and Above

Securing Routing Protocols and Traffic Prioritization

Securing Against Single Point of Failures

0.5 Hours

Ransomware Overview

Skill Level: Beginner

+ Description

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This training course focuses on basic Ransomware concepts and methodology. This course will explain what ransomware is, preventative measures that can be used to prevent a ransomware attack, and ransomware incident response and recovery.

Learning Objectives:

Present an overview of ransomware attacks
Identify preventative measures to block ransomware attacks
Discuss incident response best practices for ransomware attacks
Detail ways to implement recovery measure after a ransomware attack
Learn to strategically plan the development and implementation of your CSIRT.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

Mission Assessment Specialist

Analyze

Exploitation Analysis

Exploitation Analyst

Analyze

Threat Analysis

Threat/ warning analyst

Collect and Operate

Collection Operations

All-Source Collection Manager, All-Source Collection Requirements Manager

Investigate

Digital Forensics

Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support specialist

Protect and Defend

Incident Response

Cyber defense incident responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability assessment analyst

Securely Provision

Risk Management

Authorizing official; security control assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Defend Against Ransomware - Video

0.5 Hours

Securing Systems: How to Block Malicious IPs

Skill Level: Beginner

+ Description

This interactive training module provides mitigation strategies and techniques as it relates to firewall rules. This module will explain what firewalls are, present the importance of implementing firewall rules and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Block Malicious IPs Demo provides a walkthrough of the tasks you'll need to complete, the Block Malicious IPs Try allows you the opportunity to test out the tasks presented in the Block Malicious IPs Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

Identify the purpose of firewalls
Present the importance of implementing firewall rules
Identify specific firewall rules to apply

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

Mission Assessment Specialist

Analyze

Exploitation Analysis

Exploitation Analyst

Analyze

Threat Analysis

Threat/ warning analyst

Collect and Operate

Collection Operations

All-Source Collection Manager, All-Source Collection Requirements Manager

Investigate

Digital Forensics

Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support specialist

Protect and Defend

Incident Response

Cyber defense incident responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability assessment analyst

Securely Provision

Risk Management

Authorizing official; security control assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Block Malicious IPs - Video

Block Malicious IPs - Demo

Block Malicious IPs - Try

0.25 Hours

Securing Systems: How to Sinkhole a Malicious Domain

Skill Level: Beginner

+ Description

This interactive training module focuses on sinkholing as a mitigation technique. This module will explain what Domain Name Service (DNS) sinkholes are, present the importance of implementing sinkholes, and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Sinkhole Demo provides a walkthrough of the tasks you'll need to complete, the Sinkhole Try allows you the opportunity to test out the tasks presented in the Sinkhole Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

Present the definition of a DNS Sinkhole
Identify key terms related to the Sinkholing process
Explain the importance of implementing a DNS Sinkhole

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

Mission Assessment Specialist

Analyze

Exploitation Analysis

Exploitation Analyst

Analyze

Threat Analysis

Threat/ warning analyst

Collect and Operate

Collection Operations

All-Source Collection Manager, All-Source Collection Requirements Manager

Investigate

Digital Forensics

Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support specialist

Protect and Defend

Incident Response

Cyber defense incident responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability assessment analyst

Securely Provision

Risk Management

Authorizing official; security control assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Sinkhole - Video

Sinkhole - Demo

Sinkhole - Try

0.25 Hours

How to Disable SMBv1

Skill Level: Beginner

+ Description

This interactive training module provides information on how to disable SMBv1 using the group policy mitigation technique. This module will explain Server Message Block (SMB), provide an overview of the versions of SMB, present the importance of blocking SMBv1, and provide an opportunity for you to practice applying group policies that disable SMBv1 in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The SMBv1 Demo provides a walkthrough of the tasks you'll need to complete, the SMBv1 Try allows you the opportunity to test out the tasks presented in the SMBv1 Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

Define Server Message Block
Identify the three versions of SMB
Present the importance of disabling SMBv1

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

Mission Assessment Specialist

Analyze

Exploitation Analysis

Exploitation Analyst

Analyze

Threat Analysis

Threat/ warning analyst

Collect and Operate

Collection Operations

All-Source Collection Manager, All-Source Collection Requirements Manager

Investigate

Digital Forensics

Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support specialist

Protect and Defend

Incident Response

Cyber defense incident responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability assessment analyst

Securely Provision

Risk Management

Authorizing official; security control assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

SMBv1 - Video

SMBv1 - Demo

SMBv1- Try

0.5 Hours

Securing Systems: How to Create Application Allowlisting Policies

Skill Level: Beginner

+ Description

Application Allowlisting is a controlled list of applications and components such as libraries, configuration files, etc. that are authorized to be present or active on a host according to a well-defined baseline. It is a highly effective security strategy that acts as a preventative file execution policy to allow only certain programs to run and prevents others from executing. Every organization must verify and trust each and every application they allow on their network. They do this by adapting allowlisting to help block the execution of malware, unlicensed software, and other unauthorized software.

This interactive training module focuses on basic Application Allowlisting concepts and methodologies. This module will explain what Application Allowlisting is, present the importance of implementing Application Allowlisting, and provide an opportunity for you to practice applying specific Application Allowlisting rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Application Allowlisting Demo provides a walkthrough of the tasks you'll need to complete, the Application Allowlisting Try allows you the opportunity to test out the tasks presented in the Application Allowlisting Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

Create Windows Defender Application Control (WDAC) allowlisting policies with PowerShell

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

Mission Assessment Specialist

Analyze

Exploitation Analysis

Exploitation Analyst

Analyze

Threat Analysis

Threat/ warning analyst

Collect and Operate

Collection Operations

All-Source Collection Manager, All-Source Collection Requirements Manager

Investigate

Digital Forensics

Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support specialist

Protect and Defend

Incident Response

Cyber defense incident responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability assessment analyst

Securely Provision

Risk Management

Authorizing official; security control assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Application Allowlisting - Video

Application Allowlisting - Demo

Application Allowlisting- Try

0.5 Hours

How to Backup and Restore Active Directories

Skill Level: Beginner

+ Description

Active Directory (AD) is one of the most vital components in a Windows network. Cybercriminals today are targeting AD, performing reconnaissance to discover users, servers, and computers in an enterprise network, and then moving laterally to carry out multi-stage attacks to gain access and abuse organization resources and data. An AD backup and restoration disaster recovery strategy is vital for operation continuity. Backing up AD regularly is important, sometimes the backup is the only way for an organization to recover its data after a cyberattack.

This interactive training module focuses on basic AD concepts and methodologies. This module will explain how to identify the Primary Domain Controller (PDC) of the domain, explain how to make changes to AD without backing up again, and provide an opportunity for you to practice confirming the changes made after the backup are replaced with the information in the backup file.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The AD Backup Restore Demo provides a walkthrough of the tasks you'll need to complete, the AD Backup Restore Try allows you the opportunity to test out the tasks presented in the AD Backup Restore Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

Backup Active Directory on a Domain Controller
Restore Active Directory on a Domain Controller

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

Mission Assessment Specialist

Analyze

Exploitation Analysis

Exploitation Analyst

Analyze

Threat Analysis

Threat/ warning analyst

Collect and Operate

Collection Operations

All-Source Collection Manager, All-Source Collection Requirements Manager

Investigate

Digital Forensics

Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support specialist

Protect and Defend

Incident Response

Cyber defense incident responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability assessment analyst

Securely Provision

Risk Management

Authorizing official; security control assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

AD Backup Restore - Video

AD Backup Restore - Demo

AD Backup Restore - Try

0.25 Hours

How to Reset a KRBTGT Account Password

Skill Level: Beginner

+ Description

Kerberos Ticket Granting Ticket (KRBTGT) is a local default account used for Microsoft’s implementation of Kerberos, the default Microsoft Windows authentication protocol for granting access to network applications and services. KRBTGT acts as a service account for the Key Distribution Center (KDC) service. KRBTGT account in Active Directory (AD) plays a key role that encrypts and signs all Kerberos tickets for the domain.

This interactive training module focuses on basic KRBTGT concepts and methodology. This module will explain how to reset the KRBTGT account password using the Active Directory Users and Computers app in the Administrative tools in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Reset KRBTGT Account Password Demo provides a walkthrough of the tasks you'll need to complete, the Reset KRBTGT Try allows you the opportunity to test out the tasks presented in the Reset KRBTGT Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

Reset the KRBTGT Account password

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

Mission Assessment Specialist

Analyze

Exploitation Analysis

Exploitation Analyst

Analyze

Threat Analysis

Threat/ warning analyst

Collect and Operate

Collection Operations

All-Source Collection Manager, All-Source Collection Requirements Manager

Investigate

Digital Forensics

Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Executive Cyber Leadership

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support specialist

Protect and Defend

Incident Response

Cyber defense incident responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability assessment analyst

Securely Provision

Risk Management

Authorizing official; security control assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Reset KRBTGT Account Password - Video

Reset KRBTGT Account Password - Demo

Reset KRBTGT Account Password - Try

1 Hour

Security and DNS

Skill Level: Advanced

+ Description

This course discusses name resolution principles, name resolution and security, DNS security standards, securing zone transfers with Transaction Signature (TSIG), and DNS Security Extension (DNSSEC) principles, implementation, and resources.

Learning Objectives:

Understand DNS (Domain Name System) and its purpose.
Familiarity with DNS Standards documents, DNS deployment best practices and TSIG.
Explain DNSSEC and its origins, role and implementation.
Understand migrating to DNSSEC and its challenges.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analyst

Systems Security Analyst

Securely Provision

Systems Architecture

Security Architect

+ Course Modules/Units

Name Resolution Introduction

Name Resolution and Security

DNS Cache

DNS Security Standards and TSIG

DNSSEC

Migrating to DNSSEC

Issues with Implementing DNSSEC 1

Issues with Implementing DNSSEC 2

7 Hours

Sensors 101 for Traffic Analysts

Skill Level: Beginner

+ Description
	At the end of this course, participants will be able to: List several types of sensors in use on modern computer networks Identify what fields and information are available in the data from each type of sensor Characterize some of the analysis of data from each type of sensor Discuss potential issues with the use of data from each type of sensor, and how to deal with the issues in analysis

+ Course Modules/Units

Sensors 101 for Traffic Analysts - Introduction

Sensors 101 for Traffic Analysts - Module 2: Packet Sensors

Sensors 101 for Traffic Analysts - Module 3: Alert Sensors

Sensors 101 for Traffic Analysts - Module 4: Flow Sensors

Sensors 101 for Traffic Analysts - Module 5: Enhanced Flow Sensors

Sensors 101 for Traffic Analysts - Module 6: Application-Level Sensors

Sensors 101 for Traffic Analysts - Module 7: Other Sensors

7 Hours

SiLK Traffic Analysis

Skill Level: Intermediate

+ Description

This course is designed for analysts involved in daily response to potential cybersecurity incidents, and who have access to the Einstein environment. The course begins with an overview of network flow and how the SiLK tools collect and store data. The next session focuses specifically on the Einstein environment. The basic SiLK tools are covered next, giving the analyst the ability to create simple analyses of network flow. Advanced SiLK tools follow and cover how to create efficient and complex queries. The course culminates with a lab where learners use their new skills to profile a network.

Learning Objectives:

Use of the SiLK network flow analysis tool suite to perform tasks such as querying for records related to a specific incident or indicator, creating sets of indicators for batch analysis, and leveraging network flow to provide basic network situational awareness.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

+ Course Modules/Units

Introduction to SiLK

iSiLK

What is Network Flow?

Interpreting SiLK Network Flow

SiLK Flows

SiLK Traffic Analysis Quiz 1

The SiLK Repository

Basic SiLK Tools

SiLK Traffic Analysis Quiz 2

rwfilter

rwfilter Examples

rwfilter Demo

rwfilter Continued

SiLK Traffic Analysis Quiz 3

rwcount

rwcount Demo

rwstats

rwstats Demo 1

rwstats Continued 1

rwstats Demo 2

rwstats Continued 2

rwuniq

SiLK Traffic Analysis Quiz 4

PySiLK

Python Expressions and SilkPython

SiLK Traffic Analysis Quiz 5

IP Sets

Bags

SiLK Traffic Analysis Quiz 6

Prefix Maps

Tupples

SiLK Traffic Analysis Quiz 7

rwgroup

rwmatch

SiLK File Utilities

IPv6 in SiLK

SiLK Traffic Analysis Quiz 8

Network Profiling Introduction

10 Hours

Software Assurance Executive Course (SAE)

Skill Level: Intermediate

+ Description

This course is designed for executives and managers who wish to learn more about software assurance as it relates to acquisition and development. The purpose of this course is to expose participants to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.

Learning Objectives:

Understanding of software assurance practices and challenges.
Advice for organizations and the future of software assurance.
Understanding of software supply chain risk management.
Awareness of agile methods and adopting software trustworthiness.

Date: 2013

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Cybersecurity Manager

Oversee and Govern

Executive Cyber Leadership

Executive Cyber Leader

Securely Provision

Software Development

Software Developer

+ Course Modules/Units

Interview with William Scherlis: Introduction and Background

Software Assurance Challenges

Encouraging Adoption of Software Assurance Practices Through People and Incentives

The Path Toward Software Assurance: Advice for Organizations

Learning from Failure

The Future of Software Assurance

Introduction, Current Software Assurance Activities by DHS, and Current SW Assurance Environment

Managing Risks in a Connected World

A Need for Diagnostic Capabilities and Standards

Changing Behavior: Resources

Establishing a Foundation for Software Assurance

Conclusion: The Rugged Manifesto and Challenge

Introduction to Software Assurance

Software Assurance Landscape

Software Assurance Principles

Current Software Realities

Introduction to Software Assurance, Part 2

Building Security In

Microsoft Secure Development Lifecycle (MS SDL)

Requirements Engineering

Security Requirements Methods

Threat Modeling: STRIDE (used by Microsoft)

Industry Case Study in Threat Modeling: Ford Motor Company

Topic Summary

Creating and Selling the Security Development Lifecycle (SDL)

Managing the Process

Making a Difference

Introduction and Key Components of Agile Development

Traditional & Agile Acquisition Life Cycles

Common Agile Methods and Scrum - the Most Adopted Agile Method

Challenges to Agile Adoption

Suggestions for Successful Use of Agile Methods in DHS Acquisition

Agile Summary

Software Assurance, Introduction to Part 3: Mission Assurance

What Does Mission Failure Look Like?

Mission Thread Analysis for Assurance

Applying Mission Thread Analysis Example 1

Applying Mission Thread Analysis Example 2

Applying Mission Thread Analysis

Software Assurance, Introduction to Part 4: SwA for Acquisition

Software Supply Chain Challenges

Supply Chain Risk Mitigations for Products

System Supply Chains

SCRM Standards

Summary

Software Assurance in the Software Development Process and Supply Chain: Introduction

Scope of the Problem

Governance for System and Software Assurance

Strategy Solutions: System Security Engineering, Software Sustainment

Process Solutions

Introduction, History, and Current State of Software

Trustworthy Software

The UK Trustworthy Software Initiative (TSI)

Trustworthy Software Framework

Current Focus and Future Direction of UK TSI

Questions and Answers

7 Hours

SQL for Traffic Analysts

Skill Level: Beginner

+ Description
	SQL for Traffic Analysis covers basic SQL topics such as selecting data from a table, ordering results, using multiple tables, grouping results, calculating aggregate values, and creating new tables.

+ Course Modules/Units

SQL for Traffic Analysts: Module 1

Selecting Data From A Table: Module 2

Ordering Results: Module 3

Multiple Tables: Module 4

Calculating Aggregate Values: Module 5

Grouping Query Results: Module 6

Generating New Tables: Module 7

2 Hours

Static Code Analysis using HPE Fortify

Skill Level: Beginner

+ Description

This course focuses on integrating static code analysis tools into the software development process from a developer's/cybersecurity professional's perspective. The course demonstrates how Fortify is used to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available.

Learning Objectives:

Understand how static code analysis tools work.
Utilize integrated development environment (IDE) plugins in order to find CWE in source code during the development phase.
Apply visualization tools available to developers and security professionals.
Participate in accreditation reporting.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Legal Advice and Advocacy

Privacy Officer/Privacy Compliance Manager

Securely Provision

Systems Development

Systems Developer

+ Course Modules/Units

AppSec with HPE Product Overview and Workflow

HPE Fortify Static Code Analyzer Suite Overview

HPE Static Code Analyzer Command Line Demo

Audit Workbench Demo

Fortify SCA Process Flow

Audit Workbench Demo Continued

STIG Reporting with Audit Workbench

IDE Plugin

Questions and Answers

Fortify Priority

Software Security Center

1.5 Hours

Static Code Analysis using Synopsis Coverity

Skill Level: Beginner

+ Description

This course focuses on integrating static code analysis tools into the software development process. This course explains how developers can use tools such as Coverity to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available, prior to deployment.

Learning Objectives:

Understand how static code analysis tools work.
The use of integrated development environment (IDE) plugins in order to find CWE in source code during the development phase.
Visualization tools available to developers and security.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Legal Advice and Advocacy

Privacy Officer/Privacy Compliance Manager

Securely Provision

Systems Development

Systems Developer

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Overview of Synopsis Software Integrity Platform

Demonstration

Questions and Answers

Closing

2.5 Hours

Supply Chain Assurance using Sonatype Nexus

Skill Level: Beginner

+ Description

This course focuses on integrating static code analysis tools into the software development process from both a developer's and a security professional's perspective. This course demonstrates how tools such as Sonatype can be used to evaluate the software supply chain in order to identify and remove components with known Common Vulnerabilities and Exposures (CVE) from applications in which the source code is available.

Learning Objectives:

Understand why software supply chain is important.
Utilize integrated development environment (IDE) plugins in order to identify and avoid the use of libraries, applications, tools, etc. with known CVE used by an application.
Apply tools to enforce organizational security policies and governance.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Legal Advice and Advocacy

Privacy Officer/Privacy Compliance Manager

Securely Provision

Systems Development

Systems Developer

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Overview of Sonatype Success Engineering

Developer Perspective

Policies

Dashboard

Repository Manager

Questions and Answers

Success from the Start

Preparing for Deployment - Overview

Preparing for Deployment - Licenses

Preparing for Deployment - Architectural Risk

Preparing for Deployment - Evaluation

Preparing for Deployment - Policy Elements

Preparing for Deployment - Default Policy Demo

Preparing for Deployment - Policy Demo

5 Hours

Advanced Computer Forensics

Skill Level: Advanced

+ Description

This course focuses on building skills to improve the ability to piece together the various components of the digital investigation. The course begins with acquisition planning and preparation, progresses through the investigative process, and concludes with analysis techniques and methods for more manageable investigations.

Learning Objectives:

Develop an investigative process for the digital forensic investigation.
Explain methods of focusing investigations through analysis of multiple evidence sources.
Effectively prepare for incident response of both victim and suspect systems.
Identify sources of evidentiary value in various evidence sources including network logs, network traffic, volatile data and through disk forensics.
Identify common areas of malicious software activity and characteristics of various types of malicious software files.
Confidently perform live response in intrusion investigation scenarios.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

Exploitation Analysis

Exploitation Analyst

Investigate

Digital Forensics

Cyber Defense Forensics Analyst

+ Course Modules/Units

Course Objectives

Introduction to Acquisition Preparation

The Preparation Phase

Known Executables

Collection Strategies

Once an Incident Has Occurred

Making Adjustments

Response

Acquisition Summary

Incident Information Gathering

Live Acquisitions

Acquisition Considerations and Risks

Acquisition Preparation and Identification

Using Live Disks, Bootable USBs, and Evidence Storage

Volatile Data Collection

Memory Collection

Memory Collection Tools

WinDD

Hard Drive Collection

Disk Encryption

Network Log Analysis

Log Analysis Tools and Wireshark

Fundamentals of Memory Analysis

Why Should You Care About Memory

Volatile System Information

Virtual Memory

Memory Acquisition Considerations and Tools

Benefits and Limitations of Memory Analysis

Mandiant Redline

Volatility

Using Volatility

Using Strings

Demo of Volatility 1_Using Volatility

Memory Analysis Flow and Techniques

Demo of Volatility 2_Comparing Memory and Volatile System Information

Advanced Memory Analysis

Understanding Attacks and Incidents

Anatomy of an Attack of Infection

Benefits of Malware Analysis

Using Antivirus

Introduction to Windows Artifacts

Prefetch Files

User Assist Entries

Recent, Link, and Shortcut Files

Most Recently Used Files

Shell Bags Entries

Page, Hibernation, and Autorun Files

Persistence

Hash Analysis

Registry Decoder

Timeline Analysis

Forensic Analysis of Timelines

Victim System Analysis

User Level Vs Kernel Level Rootkits

Correlating Incident Response with Forensics

Advanced Analysis Topics 1

Malware Versus Tools

Advanced Analysis Topics 2

Identifying a Suspect

Scanning and Fingerprinting the Suspect

5 Hours

Survival SiLK Series

Skill Level: Intermediate

+ Description
	This series of videos presents topics of interest to analysts with a working knowledge of SilK who wish to learn more. Each video covers one area of NetFlow analysis. The topics are: Displaying NetFlow Records in SiLK (tips for using rwcut) Host Profiling (what can you learn about a host and its activity from NetFlow?) Protocol Profiling: ICMP (here is how analysis of ICMP can be different from TCP and UDP) Rwmatch (for those who need to work with both sides of a network connection) The SiLK Application Label (The App Label uses Deep Packet Inspection to make an educated guess as to what service the flow supports)

+ Course Modules/Units

Survival SiLK Series - Module 1

Host Profiling - Module 2

Protocol Profiling: ICMP - Module 3

Using rwmatch - Module 4

Using the SiLK Application Label - Module 5

6 Hours

TCP/IP Fundamentals for Network Traffic Analysts

Skill Level: Beginner

+ Description
	In this course you will learn about: Describe how the history of TCP/IP has led to security issues Describe the layered architecture of TCP/IP Describe characteristics of Address Resolution Protocol (ARP) Internet Protocol (IP) User Datagram Protocol (UDP) Service Ports Transmission Control Protocol (TCP) Internet Control Messages Protocol (ICMP) Fragmentation Explain how common services operate with network protocols Forecast how IPv6 affects network traffic analysis

+ Course Modules/Units

TCP/IP Fundamentals for Network Traffic Analysts

TCP/IP Module 2: Internet Protocol

TCP/IP Module 3: IP Addresses

TCP/IP Module 4: Transport Protocols

TCP/IP Module 5: Common Services

TCP/IP Module 6: IPv6

1 Hour

Understanding DNS Attacks

Skill Level: Beginner

+ Description

The Domain Name System, commonly known as DNS, is often referred to as the "phone book" of the Internet. Every time we access the Internet to visit our favorite websites, shop and pay bills online, or access online portals for healthcare or banking, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly powerful and useful, it also presents a rich attack surface for threat actors: allowing them to shut down websites and online services, replace legitimate website content with threats and extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal any information entered by users intending to conduct business as usual. "Understanding DNS Attacks" provides key information you need to know to protect yourself and your organization from DNS infrastructure tampering including common vulnerabilities, how to identify a potential attack, and guidance and best practices to mitigate the likelihood and impact of a successful DNS attack.

This webinar is accessible to non-technical learners including managers and business leaders, and offers an organizational perspective useful to technical specialists.

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from DNS infrastructure attacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

Define DNS Tampering and explain common attack methods
Identify signs of a DNS attack
Learn mitigation steps for DNS attacks
Understand the process to recover from a DNS attack
Explore impacts of DNS attacks through case studies

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

Mission Assessment Specialist

Collect and Operate

Collection Operations

All-Source Collection Manager, All-Source Collection Requirements Manager

Operate and Maintain

Customer Service and Technical Support

Technical Support Specialist

Operate and Maintain

Data Administration

Data analyst, database administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operation Specialist

Operate and Maintain

Systems Administration

System Administrator

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Strategic Planning and Policy

Cyber policy and strategy planner; cyber workforce developer and manager

Oversee and Govern

Training, Education, and Awareness

Cyber Instructional Curriculum Developer

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support Specialist

Protect and Defend

Incident Response

Cyber Defense Incident Responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability Assessment Analyst

Securely Provision

Risk Management

Authorizing official; security control assessor

Securely Provision

Systems Architecture

Enterprise Architect, Security Architect

Securely Provision

Systems Requirements Planning

Systems Requirements Planner

Securely Provision

Test and Evaluation

System Testing and Evaluation Specialist

+ Course Modules/Units

Understanding DNS Attacks

1 Hour

Preventing Web and Email Server Attacks

Skill Level: Beginner

+ Description

Web and email servers are the workhorses of the Internet: we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers. Participants can request 1 CPE credit for completing this course.

This webinar includes the following information and more:

Attack methods: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed, or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.
Key Guidance for Organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.
Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
Incident Response overview: Key steps to identify a potential attack, mitigate damage through proper preparation and response, and recover after an attack occurs.

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from web and email server cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

Define web and email server infrastructure, and explain common attack methods
Identify signs of a potential attack
Learn mitigation steps for web and email server attacks
Understand the process to recover from a web or email server attack
Explore impacts of web and email server attacks through case studies

Date: 2020

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Analyze

All-Source Analysis

All-source analysis

Analyze

Threat Analysis

Threat/ warning analyst

Collect and Operate

Collection Operations

All Source Collection Manager; All Source Collection Requirements Manager

Collect and Operate

Cyber Operational Planning

Cyber Intel Planner; Cyber Ops Planner; Partner Integration Planner

Operate and Maintain

Data Administration

Data analyst, database administrator

Operate and Maintain

Knowledge Management

Knowledge Manager

Operate and Maintain

Network Services

Network Operations Specialist

Operate and Maintain

Systems Administration

System Administrator

Operate and Maintain

Systems Analysis

Systems Security Analyst

Oversee and Govern

Cybersecurity Management

Communications security manager; information systems security manager

Oversee and Govern

Program Management and Acquisition

IT investment manager, IT program auditor, IT project manager, product support manager, program manager

Oversee and Govern

Strategic Planning and Policy

Cyber policy and strategy planner; cyber workforce developer and manager

Protect and Defend

Cyber Defense Analysis

Cyber Defense Analyst

Protect and Defend

Cyber Defense Infrastructure Support

Cyber Defense Infrastructure Support specialist

Protect and Defend

Incident Response

Cyber defense incident responder

Protect and Defend

Vulnerability Assessment and Management

Vulnerability assessment analyst

Securely Provision

Risk Management

Authorizing official; security control assessor

Securely Provision

Systems Architecture

Enterprise Architect; Security Architect

Securely Provision

System Requirements Planning

System requirements planner

+ Course Modules/Units

Preventing Web and Email Server Attacks

1 Hour

Incident Response Training: Defending Internet Accessible Systems (IR 104)

Skill Level: Beginner

+ Description

Learning Objectives:

Internet-accessible systems have become the backbone of modern business and communication infrastructure, from smartphones to web applications, to the explosive growth of the “Internet of Things” (IoT). Each of these systems and devices, however, can be targeted by threat actors and used to conduct malicious activity if they are unsecured. Worse, these systems can leave vulnerabilities and sensitive information freely available to exploit if not properly configured and maintained.

This webinar includes the following information and more:

Common attacks and vulnerabilities: Understand common vulnerabilities of internet-accessible systems, how they are exploited by threat actors, and how to mitigate them to prevent attacks from succeeding.
CISA guidance: Learn key guidance, resources, and best practices to address vulnerabilities and prepare effective incident response and recovery.
Case studies: Examine the methods and impacts of real-life cyberattacks, and how the targets responded and recovered.
Knowledge checks: Knowledge check questions will be asked throughout the course to reinforce key concepts and important takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

Category	Specialty Area	Work Roles
Protect and Defend	Incident Response	Cyber Defense Incident Responder
Protect and Defend	Vulnerability Assessment and Management	Vulnerability Assessment Analyst
Operate and Maintain	Systems Analysis	Systems Security Analyst
Securely Provision	Systems Requirements Planning	System Requirements Planner
Oversee and Govern	Program Management and Acquisition	IT Project Manager

+ Course Modules/Units

Incident Response Training: Defending Internet Accessible Systems (IR 104) - Video

1 Hour

Incident Response Training: Preventing Web and Email Server Attacks (IR 105)

Skill Level: Beginner

+ Description

Learning Objectives:

Web and email servers are the workhorses of the Internet — we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers.

This webinar includes the following information and more:

Common attacks and vulnerabilities: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.
Key guidance for organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.
Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
Knowledge checks: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.

This awareness webinar is designed for both technical and non-technical audiences.

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)

Category	Specialty Area	Work Roles
Protect and Defend	Incident Response	Cyber Defense Incident Responder
Protect and Defend	Vulnerability Assessment and Management	Vulnerability Assessment Analyst
Operate and Maintain	Systems Analysis	Systems Security Analyst
Securely Provision	Systems Requirements Planning	System Requirements Planner
Oversee and Govern	Program Management and Acquisition	IT Project Manager

+ Course Modules/Units

Incident Response Training: Preventing Web and Email Server Attacks (IR 105)

0.02 Hours

What is CDM and the DCM Agency Dashboard?

Skill Level: Beginner

+ Description

This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.

Learning Objectives:

Understand what are CDM and the CDM Agency Dashboard
Understand the New CDM Agency Dashboard
Provide an overview on the AWARE Scoring Algorithm 1.0

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

+ Course Modules/Units

What is CDM and the CDM Agency Dashboard?

0.25 Hours

Introduction to the New CDM Agency Dashboard

Skill Level: Beginner

+ Description

Learning Objectives:

Understand the New CDM Agency Dashboard

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

+ Course Modules/Units

Introduction to the New CDM Agency Dashboard

0.02 Hours

Introduction to the AWARE Scoring Algorithm

Skill Level: Beginner

+ Description

Learning Objectives:

Provide an overview on the AWARE Scoring Algorithm 1.0

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

+ Course Modules/Units

Introduction to the AWARE Scoring Algorithm 1.0

0.25 Hours

AWARE Scoring Algorithm Details

Skill Level: Beginner

+ Description

Learning Objectives:

Provide an overview on the AWARE Scoring Algorithm 1.0

Date: 2021

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Category

Specialty Area

Work Roles

Oversee and Govern

Cybersecurity Management

Information Systems Security Manager

Oversee and Govern

Program/Project Management and Acquisition

IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager

Securely Provision

Risk Management

Authorizing Official/Designating Representative, Security Control Assessor

+ Course Modules/Units

AWARE Scoring Algorithm 1.0 Details

0.3 Hours

CAMEO Data Manager Overview

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

CAMEO Data Manager Overview

0.25 Hours

ChemLock SharePoint and Case Management Overview

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

ChemLock SharePoint and Case Management Overview

0.4 Hours

ChemLock Staff Overview Training

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

ChemLock Staff Overview Training

2 Hours

CIR Completion Training and Demo

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

CIR Completion Training and Demo

1.5 Hours

Compliance Inspection System Demo

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

Compliance Inspection System Demo

0.75 Hours

Delivering ChemLock 101

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

Delivering ChemLock 101

1.5 Hours

FASTInfo 101 Refresh Demo

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

FASTInfo 101 Refresh Demo

2.75 Hours

P-CFOI_CA Modules Training Session 1

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

Part 1

Part 2

Part 3

1 Hour

P-CFOI Crosswalk Tool V3 Refresh Training

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

P-CFOI Crosswalk Tool V3 Refresh Training

1 Hour

CFATS Civil Penalties – SOP Review

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

CFATS Civil Penalties – SOP Review

Knowledge Check

1 Hour

CFATS Compliance Assistance – SOP Review

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

CFATS Compliance Assistance – SOP Review

Knowledge Check

1 Hour

CFATS Enforcement – SOP Review

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

CFATS Enforcement – SOP Review

Knowledge Check

1 Hour

CFATS Incident Reporting – SOP Review

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

CFATS Incident Reporting – SOP Review

Knowledge Check

1 Hour

CFATS Violation Reporting (Whistleblower) – SOP Review

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

CFATS Violation Reporting (Whistleblower) – SOP Review

Knowledge Check

1 Hour

CSI Prerequisite Courses

Skill Level: Beginner

+ Description
	(Description coming soon)

+ Course Modules/Units

Badging and Credentialing

CFATS Outreach Strategy

CVI

Cybersecurity 1 for CFATS

Introduction to Authorization Inspections

Introduction to CFATS Appendix A

Introduction to CFATS Enforcement

Introduction to CFATS IT Tools

Introduction to Compliance Assistance Visits

Introduction to Compliance Inspections

Introduction to Guideposts and RBPS

Introduction to Incident Reporting

Introduction to P-CFOI

Introduction to Physical Security

Introduction to Principles of Physical Security

Introduction to Risk Engine

Introduction to SVA, SSP and ASP

Introduction to Top-Screens

1 Hour

Understanding Indicators of Compromise (IR 108)

Skill Level: Beginner

+ Description
	This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training. Learning Objectives: Major cyber-attacks have made headlines for years and the pace of threat activity faced by government and private sector organizations is accelerating. Often, the most damaging attacks reported are traced to Advanced Persistent Threats (APTs): groups of sophisticated hackers who gain entry into an unauthorized system and remain undetected for extended periods of time, allowing them to surveil and gather information, test security, or execute malicious activity without tripping network defenses. Indicators of Compromise (IOCs) are the digital and informational "clues" that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. This webinar provides an overview of IOCs for incident responders and those who work with them, introduces example scenarios and how IOCs can be used to trace activity and piece together a timeline of the threat, and discusses tools and frameworks to help incident responders use IOCs to detect, analyze, respond to, and report cyber threat activity. This webinar includes the following information and more: Define IOCs and why tracking, investigating, and reporting IOCs are crucial to enterprise cybersecurity. Understand how IOCs are used for threat hunting and incident response, different types of indicators, and how to collect different categories of IOCs. Learn about the MITRE ATT&CK® framework and how it supports the analysis of IOCs, potential threat actors related to the activity and their associated strategies and tactics. Introduce free CISA cybersecurity tools, services, and resources to help organizations further advance their cyber

FedVTE Course Catalog

Pre-Assessment and Post-Assessment Training (P2T) Description