|
|
| 101 Coding - 5 Hours | Skill Level: Basic |  | | + Description | | | 101 Coding
In this course, you will learn the basics of computer programming - how to give a machine a set of instructions to produce a desired behavior. This course provides information on the elements of programming and programming languages, frameworks, and models. The course includes an interactive programming game, interactive knowledge checks, and the chance to write your own fully functional code.
Learning Objectives - Define programming.
- Describe the structure and purpose of major programming paradigms.
- Explain the difference between high-level and low-level languages.
- Describe the uses of scripting and compiled languages.
- State the elements of programming.
- Explain when to use a variable in programming.
- List basic data types.
- State how operators are used in programming.
- Explain why logic and flow are important in programming
- State the purpose of programming frameworks.
Training Purpose: Securely Provision Specialty Areas: Software Assurance and Security Engineering, Systems Development, Systems Requirements Planning, Systems Security Architecture, Technology Research and Development, Test and Evaluation Training Proficiency Area: Level 1 - Basic Course Date: 6/7/2017 |
| |
|
| 101- Critical Infrastructure Protection 2 Hours | Skill Level: Basic | | | + Description | | | 101 - Critical Infrastructure Protection
In this course, you will learn about the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.
Learning Objectives
- Define and give examples of critical infrastructure.
- Identify possible cyber threats to critical infrastructure.
- Describe U.S. cybersecurity policies and programs.
- Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.
Training Purpose: Securely Provision, Operate and Maintain, Oversee and Govern, Protect and Defend
Specialty Areas: Systems Architecture, Technology Research and Development, Systems Requirements Planning, Systems Development, Software Assurance and Security Engineering, Network Services, Systems Administration, Systems Analysis, Information Systems Security Operations, Security Program Management, Strategic Planning and Policy Development, Computer Network Defense Analysis, Computer Network Defense Infrastructure Support
Training Proficiency Area: Level 1 - Basic
Course Date: 5/19/2017 |
| |
|
| 101 Reverse Engineering - 2 Hours | Skill Level: Basic | | | + Description | | | 101 Reverse Engineering
In this course, you will learn the basics of reverse engineering, the process of analyzing a technology specifically to determine how it was designed or how it operates. Instead of working toward building a finished product (like you would in engineering), in reverse engineering you start with a finished product and try to work backwards to determine its component parts. This course focuses on reverse engineering computer software.
Learning Objectives
- Identify common uses for reverse engineering
- Explain the process and methodology of reverse engineering
- Understand some of the legal questions involved in reverse engineering.
Training Purpose: Securely Provision
Specialty Areas: Software Assurance and Security Engineering, Systems Development, Technology Research and Development
Training Proficiency Area: Level 1 - Basic
Course Date: 5/19/2017 |
| |
|
 Advanced Computer Forensics 5 Hours | Skill Level: Advanced |    | | + Description | | | The Advanced Computer Forensics course focuses on building the learner's skills to improve their ability to piece together the various components of the digital investigation. The course begins with acquisition planning and preparation, progresses through the investigative process, and concludes with analysis techniques and methods for more manageable investigations.
Key topics covered:
- Develop an investigative process for the digital forensic investigation
- Explain methods of focusing investigations through analysis of multiple evidence sources
- Effectively prepare for incident response of both victim and suspect systems
- Identify sources of evidentiary value in various evidence sources including network logs, network traffic, volatile data and through disk forensics
- Identify common areas of malicious software activity and characteristics of various types of malicious software files
- Confidently perform live response in intrusion investigation scenarios
Date: 2020
Training Proficiency Area: Level 3 - Advanced
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
|
| | + Course Modules/Units | | | | Course Objectives | | Introduction to Acquisition Preparation | | The Preparation Phase | | Known Executables | | Collection Strategies | | Once an Incident Has Occurred | | Making Adjustments | | Response | | Acquisition Summary | | Incident Information Gathering | | Live Acquisitions | | Acquisition Considerations and Risks | | Acquisition Preparation and Identification | | Using Live Disks, Bootable USBs, and Evidence Storage | | Volatile Data Collection | | Memory Collection | | Memory Collection Tools | | WinDD | | Hard Drive Collection | | Disk Encryption | | Network Log Analysis | | Log Analysis Tools and Wireshark | | Fundamentals of Memory Analysis | | Why Should You Care About Memory | | Volatile System Information | | Virtual Memory | | Memory Acquisition Considerations and Tools | | Benefits and Limitations of Memory Analysis | | Mandiant Redline | | Volatility | | Using Volatility | | Using Strings | | Demo of Volatility 1_Using Volatility | | Memory Analysis Flow and Techniques | | Demo of Volatility 2_Comparing Memory and Volatile System Information | | Advanced Memory Analysis | | Understanding Attacks and Incidents | | Anatomy of an Attack of Infection | | Benefits of Malware Analysis | | Using Antivirus | | Introduction to Windows Artifacts | | Prefetch Files | | User Assist Entries | | Recent, Link, and Shortcut Files | | Most Recently Used Files | | Shell Bags Entries | | Page, Hibernation, and Autorun Files | | Persistence | | Hash Analysis | | Registry Decoder | | Timeline Analysis | | Forensic Analysis of Timelines | | Victim System Analysis | | User Level Vs Kernel Level Rootkits | | Correlating Incident Response with Forensics | | Advanced Analysis Topics 1 | | Malware Versus Tools | | Advanced Analysis Topics 2 | | Identifying a Suspect | | Scanning and Fingerprinting the Suspect |
|
|
|
| Advanced PCAP Analysis and Signature Development (APA) 1 Hour | Skill Level: Intermediate |  | | + Description | | | Advanced PCAP Analysis and Signature Development (APA) The Advanced PCAP Analysis and Signature Development (APA) course takes users through an
introduction to rules, goes over example syntax, protocols and expressions. This course contains several
supporting video demonstrations as well as lab exercises writing and testing basic rules.
Training Purpose: Analyze, Protect and Defend
Specialty Areas: Cyber Defense Analysis, Cyber Defense Infrastructure Support, All Source Analysis, Cyber Operations
Training Proficiency Area: Level 2 - Intermediate |
| | + Course Modules/Units | | | | Advanced Pcap Analysis And Signature Development | | Packet Protocol Dns | | Introduction To Rules | | Examples Of Sourcefire Rules | | Sourcefire Rule Syntax - Protocols | | Sourcefire Rule Syntax - Message And Matching | | Lab Exercise Writing And Testing Basic Rules | | Lab Exercise Writing And Testing Basic Rules Video | | Lab Exercise Writing And Testing Basic Rules Continued | | Lab Exercise Continued | | Regular Expressions | | Editing A Poor Rule | | How To Write An Ipv4 Regular Expression | | Lab Exercise Writing Regular Expression | | Lab Exercise Writing Regular Expression Continued | | Malware Analysis Reports (Mar) | | Demonstration of Mar 131751 Report | | Demonstration Of Mar Report Continued | | Lab Exercise Writing Rules From Malware Analysis Reports | | Lab Exercise Writing Rules From Malware Analysis Reports Continued |
|
|
|
| Advanced Windows Scripting 6 Hours | Skill Level: Basic |  | | + Description | | | This course focusses on advanced concepts for writing scripts for the Microsoft Windows operating system. The course covers how to string multiple commands together in traditional BATCH scripts as well as leverage Visual Basic Scripting (VBS) to perform more complex tasks, and includes reinforcing video demonstrations and final assessment.
Training Purpose: Securely Provision, Operate and Maintain
Specialty Areas: Software Development, Systems Administration, Systems Analysis, Customer Service and Technical Support
Training Proficiency Area: Level 1 - Basic
Capture Date: 2015 |
| | + Course Modules/Units | | | | Advanced Windows Scripting Introduction | | Windows BATCH Scripting Overview | | Windows BATCH Advanced Syntax Part 1 of 2 | | Windows BATCH Advanced Syntax Part 2 of 2 | | Windows Scripting Advanced Uses of FOR | | Windows Scripting Syntax Tips and Tricks | | Windows Scripting CALL and START Demo | | Windows Scripting Subroutine Demo | | Windows Scripting SET Demo | | Windows Scripting PUSHD and POPD Demo | | Manipulating In_Outputs | | Stringing Multiple Commands Together | | FOR Loop Generating List Demo | | FOR Loop Recursive Listing Demo | | Taking Action Based on Content of Output | | Action Based on Content Output Demo | | Scripts in Typical Penetration Testing Tasks Part 1 of 2 | | Scripts in Typical Penetration Testing Tasks Part 2 of 2 | | Visual Basic Scripting Syntax and Usage | | Visual Basic Scripting Merge Demo | | VBS Elements_Structure | | VBS Elements_Variables, Arguments, and Conditionals | | VBS Elements_Loops | | VBS Elements_Functions and Operators | | VBS Windows Scripting Host | | VBS Elements_File I_O | | VBS Windows Scripting Demo | | VBS Error Handling and Troubleshooting | | Visual Basic for Applications | | Visual Basic for Application Elements | | Visual Basic for Applications Working with Applications | | VBA Working with Applications Demo | | VBA Error Handling and Troubleshooting | | VBA Error Handling and Troubleshooting Demo | | Advanced Windows Scripting Quiz |
|
|
|
| Analysis Pipeline 6 Hours | Skill Level: Intermediate |  | | + Description | | | This course is designed for network flow data analysts who use or are considering using Analysis Pipeline (http://tools.netsa.cert.org/analysis-pipeline5/index.html). The course aims to help the student better understand how to incorporate streaming network flow analysis into their toolkit for identifying and alerting on events of interest. The focus will be on applying Analysis Pipeline to operational use cases
Training Purpose - Protect and Defend, Collect and Operate, Operate and Maintain
Specialty Areas - Network Services, Cyber Operations, Cyber Defense Analysis
Training Proficiency Area: Level 2 - Intermediate
|
| | + Course Modules/Units | | | | Introduction | | Configuration Files | | Running Pipeline | | Logical Schematics | | Pipeline and Timing and State | | Alerts | | Configuration File Basics | | Filters | | Filters (Exercises and Solutions) | | Evaluations | | Evaluations (Exercises and Solutions) | | Statistics | | Internal Filters | | List Configurations | | Configuration File Basics (Exercises and Solutions) | | Threshold Examples | | Special Evaluations | | Building an Analytic | | Server Profiling Analytic | | Host Discovery Analytic | | Advanced Configurations | | NTP Anomalies | | Unknown SSH Brute Force | | Choose Your Own Adventure | | ICMP Surveying: Thinking it Through | | ICMP Surveying: Building it Out | | DDoS Detection: Thinking it Through | | DDoS Detection: Building it Out | | SSH Compromise: Thinking it Through | | SSH Compromise: Building it Out | | Analysis Pipeline 5 |
|
|
|
| Artificial Intelligence (AI) and Machine Learning (ML) for Cyber 1.5 Hours | Skill Level: Intermediate | | | + Description | | | The AI/ML for Cyber course provides students with the foundational practices and ethical principles of Artificial Intelligence. Diving into each of the ethical principles along with other technical ethics, is aimed at reducing risk and unwanted bias to create ethical, transparent, and fair artificial intelligence systems.
Learning Objectives:
- Explain the harm with bias in artificial intelligence
- Discuss how to reduce risk and unwanted bias
- Cite several principles of AI and the goals of each
- Describe how principles are applied to create ethical, transparent and fair AI
Date: 2020
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operations Planning |
Cyber Ops Planner |
| Operate and Maintain |
Data Administration |
Data Analyst |
|
| | + Course Modules/Units | | | | AI and ML for Cyber | | Ethical Principles for AI Overview | | Responsible Aspects of Ethics Part 1 of 2 | | Responsible Aspects of Ethics Part 2 of 2 | | Equitable Portion of the Ethics Principles | | Traceable AI | | Reliable AI Part 1 of 2 | | Reliable AI Part 2 of 2 | | How to Make AI Reliable Part 1 of 2 | | How to Make AI Reliable Part 2 of 2 | | Governable AI | | AI and ML for Cyber Review | | Course Test |
|
|
|
|
| New CDM Agency Dashboard Videos (8 Videos) 1 Hours | Skill Level: Intermediate | | | + Description | | | These short videos (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.
Learning Objectives:
- Understand what are CDM and the CDM Agency Dashboard
- Understand the New CDM Agency Dashboard
- Provide an overview on the AWARE Scoring Algorithm 1.0
- Become familiar with the Kibana User Interface
- Understand the general architecture, data flow, and data structure and schema
- Become familiar with JSON Documents
Date: 2020
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| | + Course Modules/Units | | | | What are CDM and the CDM Agency Dashboard | | Introduction to the New CDM Agency Dashboard | | Introduction to the AWARE Scoring Algorithm 1.0 | | AWARE Scoring Algorithm 1.0 Details | | CDM Agency Dashboard - Kibana User Interface | | CDM Agency Dashboard Architecture and Data Flow | | CDM Agency Dashboard Data Structure and Schema | | Understanding JSON Documents |
|
|
|
| CDM 102: Introduction to Creating Queries & Reports Using the Legacy (Archer) CDM Agency Dashboard 2 Hours | Skill Level: Beginner | | | + Description | | | Custom Searches and Reports: View demonstrations of navigating and searching the data within the CDM Agency Dashboard. See how that data can be used to create meaningful and visually appealing custom reports to communicate query results to leadership and stakeholders.
Learning Objectives:
- Learn how to examine the standard operating view (SOV) and iView of the Legacy (Archer) CDM agency dashboard
- Learn how to examine records and containers, browse and filter hardware records and build custom queries
Date: 2019
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| | + Course Modules/Units | | | | CDM 102: Course Introduction | | CDM 102: What is the CDM Agency Dashboard? | | CDM 102: CDM Data Architecture | | CDM 102: Dashboard SOV and iViews | | CDM 102: Revision 5 and Using Risk Scores | | Demo: CDM 121 Lab Review | | Demo: CDM 122 Lab Intro | | Demo: CDM 122 Lab Review/CDM 123 Lab Intro | | Demo: CDM 123 Lab Review | | Demo: CDM 124 Lab Intro | | Demo: CDM 124 Lab Review | | CDM 102: Conclusion | | CDM Agency Dashboard Introduction | | CDM Lab 121: Examine the SOV & iViews | | CDM Lab 121: Examine the SOV & iViews Knowledge check | | CDM Lab 122: Examine Records and Containers | | CDM Lab 122: Examine Records and Containers Knowledge Check | | CDM Lab 123: Browse and Filter Hardware Records | | CDM Lab 123: Browse and Filter Hardware Records Knowledge Check | | CDM Lab 124: Build Custom Queries |
|
|
|
| CDM 103: Using Measurements & Metrics of Hardware & Software Assets with the Legacy (Archer) CDM Agency Dashboard 3 Hours | Skill Level: Beginner | | | + Description | | | Custom Searches and Reports: View demonstrations of navigating and searching the hardware and software data within CDM and create reports.
Learning Objectives:
- Learn how to find hardware by the FISMA container using the Legacy (Archer) CDM Agency Dashboard
- Learn how to conduct a multi-filter query to find legacy software and unauthorized software
- Learn how to create reports and iViews from custom queries
Date: 2019
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| | + Course Modules/Units | | | | CDM 103: Course Introduction | | CDM 103: What is the CDM Agency Dashboard? | | CDM 103: CDM Data Architecture | | CDM 103: Using Queries and Reports | | CDM 103: SOV Overview Demo | | Demo: CDM126 Lab Review | | Demo: CDM 127 Lab Intro | | Demo: CDM 127 Lab Review | | Demo: CDM 128 Lab Intro | | Demo: CDM128 Lab Review | | Demo: CDM 125 Lab Review | | CDM 103: Conclusion | | CDM Agency Dashboard Introduction | | CDM Lab 125: Find Hardware by FISMA Container | | CDM Lab 125: Find Hardware by FISMA Container Knowledge Check | | CDM 126: Create Multi-Filter Query to find Legacy Software | | CDM 126: Create Multi-Filter Query to Find Legacy Software Knowledge Check | | CDM Lab 127: Find Unauthorized Software | | CDM Lab 127: Find Unauthorized Software Knowledge Check | | CDM Lab 128: Create Reports and iViews from Custom Queries | | CDM Lab 128: Create Reports and iViews from Custom Queries Knowledge Check |
|
|
|
| CDM 104: Using the Legacy (Archer) CDM Agency Dashboard to Drive Your Vulnerability Management Work Plan 2 Hours | Skill Level: Beginner | | | + Description | | | Learn how to use AWARE to prioritize vulnerability management activities to address the worst vulnerabilities first.
Learning Objectives:
- Understand AWARE Risk Scoring using the Legacy (Archer) CDM Agency Dashboard
- Learn how to identify vulnerabilities, components and mitigations
Date: 2020
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| | + Course Modules/Units | | | | CDM104: Course Introduction | | CDM104: Part 2 | | CDM104: Part 3 | | CDM104: Part 4 | | CDM104: Part 5 | | CDM104: Conclusion | | CDM Agency Dashboard Introduction | | CDM 129: Understanding AWARE Risk Scoring Terminology and Constructs | | CDM 129: Understanding AWARE Risk Scoring Terminology and Constructs Knowledge Check | | CDM 130: Identifying Vulnerabilities and Mitigations using AWARE Scoring Knowledge Check | | CDM 131: Identifying Vulns, Components and Mitigations Using AWARE Scoring Knowledge Check |
|
|
|
| CDM Module 1 : Overview 2 Hours | Skill Level: Basic | | | + Description | | | This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.
The course provides a high level overview of the CDM program. Topics covered include basic CDM concepts, how CDM relates to NIST 800-53 and other NIST SPs, CDM Concept of Operations, the CDM Environment, and CDM’s Phases and Capabilities.
Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend
Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis
Proficiency: Level 1 - Basic
Capture Date: 2015
|
| | + Course Modules/Units | | | | What is the CDM program? | | What problem does CDM address? | | How does the CDM program support Departments and Agencies | | Why does CDM focus on Automation? | | What is the CDM "Desired State" Specification? | | What is the Actual State? | | What is a Defect Check? | | What is an Assessment Object? | | What is a Defect instance? | | What is an Object Container? | | What is a CDM Security Capability? | | How Do 800-53 Controls Map to CDM Security Capabilities? | | How do I use the CDM Security Capabilities to Improve Security? | | How does CDM relate to NISTs 800-53 Catalogue of Controls? | | How does CDM relate to NISTs 800-53 Suggested Control Assessment Methods? | | How does CDM relate to NISTs guidance on ISCM (800-137)? | | How does CDM relate to NIST guidance on Risk Management 800-30 and 800-39? | | How does CDM relate to NISTs RMF? | | How does CDM operate in a department or agency? | | What is the CDM Concept of Operations? | | Where does the "Desired State" Specification come from? | | What does the actual state concept in CDM mean for our department or agency? | | Where does the Actual State Data come from? | | How does CDM discover defects? | | How does Scoring work with CDM and how am I affected? | | How does CDM know who is responsible for fixing defects? | | Will the CDM "System(s)" be A&Aed? | | How will CDM sensors affect my Network(s)? Performance? Security? | | What are CDM shared services? | | Why is CDM divided into phases? | | How do the security capabilities fit into phases? | | What are the Phase 1 capabilities? | | What are the Phase 2 capabilities? | | What are the Phase 3 capabilities? | | What does the CDM D/A Dashboard provide? | | How Does the CDM D/A Dashboard Work with Other D/A Dashboards? | | How Do I Get the Information My D/A Needs from the CDM D/A Dashboard? |
|
|
|
| CDM Module 2: Hardware Asset Management 1 Hour | Skill Level: Basic | | | + Description | | | This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.
The course begins by defining Hardware Asset Management (HWAM) and why it is critical to the implementation of a robust cybersecurity program. The training highlights the criteria for monitoring and managing hardware assets using CDM. It then transitions into HWAM implementation criteria and discusses the generic CDM concept of operations specific to HWAM. Topics covered include Actual State, Desired State, and Defects.
Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend
Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis
Proficiency: Level 1 - Basic
Capture Date: 2015 |
| | + Course Modules/Units | | | | What is Hardware Asset Management (HWAM)? | | What Are the Purpose and Results? | | What Types of Attacks Does HWAM Thwart for Our Organization? | | What Objects Does HWAM Assess? | | How Does the HWAM Concept of Operations (CONOPS) work? | | How Does HWAM Relate to Other Phase 1 Capabilities? | | What HWAM Roles and Responsibilities Will My Organization Implement? | | How Does an Organization Use the HWAM Capability? | | What Techniques Are Used to Search for HWAM Devices? | | What Types of Data Does the HWAM Actual State Collect? | | What Types of Data Are Used to Identify Network Addressable Devices? | | How Do Agencies Get Desired State Specification Data for the HWAM Capability? | | What Types of Data Does the HWAM Desired State Specification Collect? | | Can Agencies Specify How to Group Results? | | What Are the HWAM Defect Checks? | | Which HWAM Defect Checks Are at the Federal Level? | | Which HWAM Defect Checks Are at the Local Level? |
|
|
|
| CDM Module 3: Software Asset Management 1.5 Hours | Skill Level: Basic | | | + Description | | | This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.
The course begins by defining SWAM and why it is critical to the implementation of a robust cyber-security program. It covers new roles and responsibilities which the department or agency (D/A) must implement. It then transitions into SWAM implementation criteria, and discusses the generic CDM concept of operations specific to SWAM Actual State, Desired State, and Defects. It includes high level discussions of software lists (white, gray, black) and how software can be identified and tracked in CDM through the use of Common Platform Enumeration (CPE) and Software Identification (SWID) tags by Software package down to executables.
Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend
Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis
Proficiency: Level 1 - Basic
Capture Date: 2015 |
| | + Course Modules/Units | | | | What is the Software Asset Management (SWAM) Capability? | | What Purpose Does SWAM Serve? | | What Types of Results Will SWAM Accomplish? | | What Types of Attacks Does SWAM Thwart? | | What Objects Does SWAM Assess? | | How Does the SWAM Concept of Operations (CONOPS) Work? | | How Does SWAM Relate to Other Phase 1 Capabilities? | | How Does SWAM Block Many Zero Day and APT Attacks? | | What Techniques Are Used to Search for SWAM Devices? | | How Does CDM Identify Software Products and Executables? | | How Does CDM Use Digital Fingerprints? | | What Is a Whitelist? | | How Do I Use a Software Whitelist? | | What Is a Graylist? | | How Do I Use a Software Graylist? | | What Is a Blacklist? | | How Do I Use a Software Blacklist? | | What Does Locational Whitelisting Mean to Me? | | What Is a Trust Library and How Does SWAM Use It? | | How Is Desired State Specification Determined for Mobile Code in CDM? | | How Does SWAM Use Hashes? | | How Does SWAM Use Common Platform Enumeration (CPE)? | | How Does SWAM Use Software IDs (SWIDs)? | | What Are the SWAM Defect Checks? | | Which SWAM Defect Checks Are at the Federal Level? | | Which SWAM Defect Checks Are at the Local Level? | | What Mitigation Options Might My Department or Agency Use with SWAM? |
|
|
|
| CDM Module 4: Configuration Settings Management .5 Hours | Skill Level: Basic | | | + Description | | | This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.
The course begins by outlining the Cyber Security Manager position (CSM) and highlighting the types of attacks CSM can help prevent. It then transitions into CSM methods and criteria, where it reviews Actual State, Desired State, and Defect Checks specific to the capability area. It explains how CSM builds upon the other capabilities and how defect checks differ at the local and federal levels.
Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend
Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis
Proficiency: Level 1 - Basic
Capture Date: 2015 |
| | + Course Modules/Units | | | | What Is the Configuration Settings Management Security Capability? | | What Types of Results Will CSM Accomplish? | | How Does CSM Thwart Attacks? | | What Objects Does the CSM Security Capability Assess? | | How Does CSM Work? | | How Does HWAM and SWAM Support CSM? | | What Methods Will CSM Use to Determine Actual State Information? | | What Elements Does the Organization Require to Define the Actual State? | | How Does CSM Define the Desired State? | | What Methods Will CSM Use to Determine Desired State? | | What Is a Common Configuration Enumeration (CCE)? | | What Is a CSM Defect Check? | | Which CSM Defect Checks Are at the Federal Level? | | Which CSM Defect Checks Are at the Local Level? |
|
|
|
| CDM Module 5: Vulnerability Management .5 Hours | Skill Level: Basic | | | + Description | | | The course aims to help the student better understand how vulnerability management (VULN) identifies the existence of vulnerable software products in the boundary to allow an organization to mitigate and thwart common attacks that exploit those vulnerabilities.
The course begins by defining VULN, how it applies to the target environment, and how a fully implemented VULN capability impacts a Department or Agency. It then transitions into VULN criteria and methods, where it reviews Actual State, Desired State, and Defect Checks specific to the capability area. It explains how VULN builds upon the other capabilities areas, the types of defects, and how those defect checks differ at the local and federal levels.
Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend
Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis
Proficiency: Level 1 - Basic
Capture Date: 2015 |
| | + Course Modules/Units | | | | What Is the Vulnerability Management (VULN) Capability? | | What Is a CVE (Common Vulnerabilities and Exposures)? | | What Is a CWE (Common Weakness Enumeration)? | | What Types of Results Will VULN Accomplish? | | How Can VULN Thwart Attacks? | | What Types of VULN Objects Are Assessed? | | How Does the VULN Capability Work? | | How Does VULN Relate to SWAM? | | How Will My Organization Use the VULN Capability? | | What Methods Will VULN Use to Determine Actual State? | | What Is the CDM Actual State? | | How Does VULN Define the Desired State? | | What Methods Will VULN Use to Determine Desired State? | | What Is the National Vulnerability Database (NVD)? | | What Are the VULN Defect Checks? | | Which VULN Defect Checks Are at the Federal Level? | | Which VULN Defect Checks Are at the Local Level? |
|
|
|
| CDM PRIVMGMT: CA PAM for Chief Information Security Officers (LT1) 2 hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for senior-level executives within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Course Description: This course contains 9 learning tracks:
- X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- X2 General use of the web portal for requesting, accessing and managing privileged credentials.
- X3 Account management features which include account reconciliation and password management.
- X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X3 Account management features which include account reconciliation and password management. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CyberArk for Chief Information Security Officers (LT1) 2 hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for senior-level executives within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
This course contains 9 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C3 Account management features which include account reconciliation and password management.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute.
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors.
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level 1 - Basic |
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C3 Account management features which include account reconciliation and password management. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CA PAM for Information System Security Officer (LT2) 2 hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for senior-level executives within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Course Description: This course contains 9 learning tracks:
- X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- X2 General use of the web portal for requesting, accessing and managing privileged credentials.
- X3 Account management features which include account reconciliation and password management.
- X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X3 Account management features which include account reconciliation and password management. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CyberArk for Information System Security Officer (LT2) 2 Hours | Skill Level: Basic | | | + Description | | |
Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for research, develop, implement, test and review an organization's information security in order to protect information and prevent unauthorized access.
This course contains 9 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C3 Account management features which include account reconciliation and password management.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic
|
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C3 Account management features which include account reconciliation and password management. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CA PAM for Security Operations Center (LT3) 2 hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for operating the SOC site which is dedicated to monitoring, assessing, and defending enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints).
This course contains 5 learning tracks:
- X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- X2 General use of the web portal for requesting, accessing and managing privileged credentials.
- X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | P2 Splunk Integration. |
|
|
|
| CDM PRIVMGMT: CyberArk for Security Operations Center (LT3) 2 Hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for operating the SOC site which is dedicated to monitoring, assessing, and defending enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints).
This course contains 5 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | P2 Splunk Integration. |
|
|
|
| CDM PRIVMGMT:
CA PAM for Agency Privileged Users (LT4) 2 Hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel that access or use credentials which have been granted administrative privileges on one or more systems.
This course contains 4 learning tracks that provide Privileged users with
C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
C2 General use of the web portal for requesting, accessing and managing privileged credentials.
C3 Account management features which include account reconciliation and password management.
Training Purpose: Skill Development
Specialty Areas: Knowledge Management
Training Proficiency Area: Level 1 - Basic
|
| |
|
| CDM PRIVMGMT: CyberArk for Agency Privileged Users (LT4) 2 Hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel that access or use credentials which have been granted administrative privileges on one or more systems.
This course contains 4 learning tracks that provide Privileged users with
C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
C2 General use of the web portal for requesting, accessing and managing privileged credentials.
C3 Account management features which include account reconciliation and password management.
Training Purpose: Skill Development
Specialty Areas: Knowledge Management
Training Proficiency Area: Level 1 - Basic |
| |
|
| CDM PRIVMGMT: CA PAM for Privileged User Managers (LT5) 2 hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users.
This course contains 8 learning tracks:
- X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- X2 General use of the web portal for requesting, accessing and managing privileged credentials.
- X3 Account management features which include account reconciliation and password management.
- X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X3 Account management features which include account reconciliation and password management. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CyberArk for Privileged User Managers (LT5) 2 hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users.
This course contains 8 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C3 Account management features which include account reconciliation and password management.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C3 Account management features which include account reconciliation and password management. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CA PAM for Network Operations Center (LT6) 2 hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users.
This course contains 5 learning tracks:
- X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- X2 General use of the web portal for requesting, accessing and managing privileged credentials.
- X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic
|
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | P2 Splunk Integration. |
|
|
|
| CDM PRIVMGMT: CyberArk for Network Operations Center (LT6) 2 hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users.
This course contains 5 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | P2 Splunk Integration. |
|
|
|
| CDM_PRIVMGMT: SailPoint for SailPoint Administrators (LT7) 2 hours | Skill Level: Basic | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users.
This course contains 4 learning tracks:
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic
|
| | + Course Modules/Units | | | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CA PAM Administrator (LT8) 4 hours | Skill Level: Advanced | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for the overall operation and management of Xceedium. Personnel in this role would perform tasks such as managing users, devices, applications, credentials and disaster recovery scenarios.
This course contains 8 learning tracks:
X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
X2 General use of the web portal for requesting, accessing and managing privileged credentials.
X3 Account management features which include account reconciliation and password management.
X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
X5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP.
X6 Administration II provides users with the ability to create and configure application or services and setup policies.
X7 Administration III covers how to run reports and schedule reports, locate/manage log files, perform session management and locate troubleshooting tools.
X8 Administration IV provides users with an understanding of how to manage disaster recovery features.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Advanced |
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X3 Account management features which include account reconciliation and password management. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | X5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP. | | X6 Administration II provides users with the ability to create and configure application or services and setup policies. | | X7 Administration III covers how to run reports and schedule reports, locate/manage log files, perform session management and locate troubleshooting tools. | | X8 Administration IV provides users with an understanding of how to manage disaster recovery features. |
|
|
|
| CDM PRIVMGMT: CyberArk Administrators (LT8) 4 hours | Skill Level: Advanced | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for the overall operation and management of CyberArk. Personnel in this role would perform tasks such as managing users, devices, applications, credentials and disaster recovery scenarios.
This course contains 8 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C3 Account management features which include account reconciliation and password management.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- C5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP.
- C6 Administration II (Part 1 and 2) provides users with the ability to create and manage platforms and safes, configure master policies as well as an in-depth look into safe design.
- C7 Administration III covers how to run reports in the PVWA, operate the PrivateArk Client and how to locate and manage log files.
- C8 Administration IV provides users with an understanding of how to manage disaster recovery features.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Advanced
|
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C3 Account management features which include account reconciliation and password management. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | C5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP. | | C6 Administration II Part 1 provides users with the ability to create and manage platforms and safes, configure master policies as well as an in-depth look into safe design. | | C6 Administration II Part 2 provides users with the ability to create and manage platforms and safes, configure master policies as well as an in-depth look into safe design. | | C7 Administration III covers how to run reports in the PVWA, operate the PrivateArk Client and how to locate and manage log files. | | C8 Administration IV provides users with an understanding of how to manage disaster recovery features. |
|
|
|
| Cisco CCENT Self-Study Prep 13 hours | Skill Level: Intermediate | | | + Description | | | The Cisco CCENT Prep course is a self-study resource for learners preparing for the Cisco CCENT certification, one of the prerequisites for the Cisco CCNA certification. Installing, operating, configuring, and verifying a basic IPv4 and IPv6 network will be discussed. Students will also be introduced to configuring a local area network (LAN) switch, configuring an internet protocol (IP) router, and identifying basic security threats. The course includes several reinforcing video demonstrations of concepts discussed, as well as a quiz.
Training Purpose: Operate and Maintain
Specialty Areas: Network Services, Systems Administration, Systems Analysis, Customer Service and Technical Support
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2015 |
| | + Course Modules/Units | | | | Switched Networks Part 1 of 2 | | Switched Networks Part 2 of 2 | | Collisions and Broadcasts | | DEMO: Viewing an ARP Table | | Basic Switch Configuration | | SSH Operation and Configuration | | Configuring Switch Ports | | Switch Troubleshooting | | Securing a Switch | | Best Practices for Switched Networks | | DEMO: Making an RJ-45 Cable | | VLAN Segmentation Part 1 of 2 | | VLAN Segmentation Part 2 of 2 | | VLAN Implementations | | VLAN Security and Design | | DEMO: Configuring VLANs | | DEMO: Demonstrating VLAN Connectivity | | Functions of a Router Part 1 of 2 | | Functions of a Router Demo | | Functions of a Router Part 2 of 2 | | Configuring Basic Router Settings | | DEMO: IPv4 and IPv6 Subnetting | | Basic Router Settings_IPv6 and Loopback Interfaces | | Verifying Connectivity of Directly Connected Networks | | Switching Packets Between Networks | | Routing Tables and Protocols | | DEMO: IPv6 Header Analysis | | DEMO: MAC Address Table | | DEMO: IPv4 Addresses and Router Interfaces | | DEMO: IPv6 Addressing on Router Interfaces | | Inter-VLAN Routing Configuration | | Layer 3 Switching | | Static Routing | | Configure Static Routing | | Classful Addressing and Routing | | Configuring Summary Routes | | Troubleshooting Static and Default Routes | | DEMO: Static Routing | | Dynamic Routing Protocol Operation | | Routing Protocol Operating Fundamentals | | Types of Routing Protocols | | Types of Distance Vector Routing Protocols | | Configuring the RIP Protocol | | RIPng and Link-State Routing | | DEMO: RIP Version 1 and IPv4 | | DEMO: RIP Version 2 Improvements | | DEMO: Setting up RIP for IPv6 | | Characteristics of OSPF | | OSPF Messages | | OSPF Router IDs | | Configuring and Verifying OSPF | | OSPFv2 versus OSPFv3 | | DEMO: Configuring OSPF | | DEMO: Troubleshooting OSPFv2 | | DEMO: Configuring OSPFv3 | | DHCPv4 Operation | | Configuring and Troubleshooting DHCPv4 | | DEMO: DHCPv4 | | SLAAC and DHCPv6 | | Stateless and Stateful DHCPv6 | | DEMO: Stateless DHCPv6 | | NAT Characteristics and Benefits | | Types of NAT | | Configuring Static and Dynamic NAT | | Configuring PAT and Port Forwarding | | DEMO: Enabling IPv4 NAT | | Configuring and Troubleshooting NAT for IPv6 | | CCENT Prep Practice Exam |
|
|
|
| Cloud Computing Security 2.5 Hours | Skill Level: Intermediate | | | + Description | | | The cloud security course explores guidance from the Cloud Security Alliance (CSA), National Institute of Standards and Technology (NIST), National Security Agency (NSA), and several Cloud Service Providers (CSPs). Topics will cover cloud security risks and threats, basic operations, incident response considerations, along with application, data and infrastructure security concepts. Where applicable, demonstrations of cloud provider tools and capabilities will be used to reinforce key points.
Learning Objectives:
- Define cloud models and components
- Apply CSA security guidance and other best practices to cloud deployments
- Understand cybersecurity requirements within the Shared Responsibilities model
- Prepare for cloud computing governance and compliance challenges
- Relate traditional cybersecurity controls to popular cloud solutions
- Recognize and prepare for cloud computing threats
- Review additional cloud security tools and use cases
Date: 2020
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
| Systems Architecture |
Security Architect |
| Systems Development |
Secure Software Assessor |
|
| Operate and Maintain |
| Systems Administration |
System Administrator |
| Systems Analysis |
Systems Security Analyst |
|
Training Proficiency Area: Level 2 - Intermediate |
| | + Course Modules/Units | | | | Cloud Computing Security Course Overview | | Cloud Computing Overview | | Cloud Computing Overview Knowledge Check | | Building a Cloud | | Building a Cloud Knowledge Check | | Securing Your Cloud | | Cloud Security Basics | | Review of Multifactor Authentication | | Review of Monitoring and Security Configurations | | Options for Securing Within the Cloud | | VPC Network ACs and CloudWatch Monitoring | | Compute Instance in Google's Cloud Platform | | Monitoring and Alerting Options in Google Cloud | | Web App and Security Configs in Google Cloud | | Use of Microsoft's Platform as a Service | | Azure Compute Instance Setup | | Securing Your Cloud Knowledge Check | | Review of Two NIST Publications on Cloud Computing | | Guidance for Critical Areas in Cloud Computing | | Cloud Computing Risk Assessment by ENISA | | Resources Knowledge Check |
|
|
|
| Cisco CCNA Security Self-Study Prep 15 Hours | Skill Level: Intermediate | | | + Description | | | The Cisco CCNA Security Self-Study Prep course is aimed at those who already have experience with routers and basic level networking skills, and those who may be interested in taking the Cisco CCNA Security exam. Content covered in the CCNA Security Prep course include protocol sniffers, analyzers, TCP/IP, desktop utilities, Cisco IOS, the Cisco VPN, a Cisco simulation program called Packet Tracer, and some web-based resources. Students will get a theoretical understanding of network security, knowledge and skills designed to implement it. This self-study resource contains several reinforcing video demonstrations and final exam.
Training Purpose: Operate and Maintain
Specialty Areas: Network Services, Systems Administration, Systems Analysis, Customer Service and Technical Support
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2015
|
| | + Course Modules/Units | | | | Securing Network Devices | | Secure Administrative Access Part 1 of 2 | | Secure Administrative Access Part 2 of 2 | | DEMO: Securing Router Access Methods | | Role-Based CLI Overview | | Password Recovery | | Management Reporting and Logging Considerations | | Implementing Log Messaging for Security | | Configuring NTP | | Disabling Unused Cisco Router Network Services and Interfaces | | AAA Authentication Methods | | Implementing Local AAA Authentication | | Implementing Server-Based AAA Authentication | | Cisco Secure ACS | | Configuring Server-Based AAA Authentication | | Server-Based Authorization and Accounting | | Implementation Firewall Technologies | | Access List Controls (ACLs) | | Extended ACLs and ACL Caveats | | ACL Placement | | Complex ACLs | | Troubleshooting ACLs | | Securing Networks with Firewalls | | Zone-Based Policy Firewalls | | CCP Firewall Wizard and Manual ZPF using CCP | | DEMO: Enabling IOS Firewall | | Implementing Intrusion Prevention Intro | | IPS Signatures | | Signature Trigger and Action for IPS | | Managing and Monitoring IPS | | Configuring and Verifying IOS IPS | | Securing the Local Area Network Intro | | Layer 2 Security Part 1 of 2 | | Layer 2 Security Part 2 of 2 | | Mitigating MAC Spoofing and MAC Table Overflow Attacks | | Mitigating STP Manipulation | | Configuring Storm Control | | Mitigating VLAN Attacks | | Configuring Cisco Switch Port Analyzer | | Private VLAN Edge | | Advanced Technology Security Considerations | | Wireless Networks | | VoIP and SAN Networks | | DEMO: Enabling STP with Voiceover | | Cryptographic Systems and Hashes | | Encryption and Confidentiality | | Public Key Cryptography and PKI | | VPN Terminology and Topologies | | IPSec Frameworks and Key Exchange | | IPSec Tasks | | Configuring IPsec VPN using CCP | | Remote-Access VPNs | | Managing a Secure Network and Addressing Risks | | Operations Security | | Network Security Testing | | Continuity Planning | | SDLC | | Security Policy | | ASA Models and Features | | Basic ASA Configuration and Settings | | Introduction to ASDM | | ASA Objects and Object Groups | | ACLs for ASA | | ASA and NAT | | ASA and PAT | | ASA AAA | | Modular Policy Framework | | ASDM Service Policies Demo | | ASA VPN Features | | ASDM AnyConnect VPN Wizard | | DEMO: ASA Console Config | | DEMO: ASA GUI Config | | DEMO: ASA Traffic Management | | CCNA Security Prep Practice Exam |
|
|
|
| CMaaS Overview 0.5 Hours | Skill Level: Basic | | | + Description | | | This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how Continuous Monitoring as a Service (CMaaS) relates to the Continuous Diagnostics and Mitigation (CDM) program.
Training Purpose: Protect and Defend
Specialty Areas: Cyber Defense Analysis, Cyber Defense Infrastructure Support, Incident Response, Vulnerability Assessment and Management
Training Proficiency Area: Level 1 - Basic
Course Capture Date: 2016
|
| | + Course Modules/Units | | | | Lesson 1 - Continuous Diagnostics and Mitigation (Video) | | Lesson 2 - The Problem (Infographic) | | Lesson 3 - How CDM Phase 1 Capabilities Support CDM Goals (Infographic) | | Lesson 4 - How CDM Phase 1 Capabilities Work Together (Infographic) | | Lesson 5 - CDM Phase 1 Capabilities Scope (Infographic) | | Lesson 6 - Overview of Continuous Monitoring as a Service (Video) | | Lesson 7 - How the CDM Capabilities Were Defined | | Lesson 8 - ISCM Policy and Guidance Timeline |
|
|
|
| ud Security – What Leaders Need to Know | Skill Level: Basic | | | + Description | | | This hour-long webinar recorded on July 17, 2020 features National Defense University Professor Robert Richardson discussing important security and oversight requirements for commercial cloud solutions.
Learning Objectives:
- Overview of the cloud physically, logically, and architecturally.
- Discuss cloud deployment models and characteristics.
- Overview of cloud infrastructure characteristics.
- Cloud Supply Chain Risk Management and considerations of commercial cloud as third-party cloud services; senior leaders should "beware of the gaps and seams."
- Cloud software components — microservices & APIs.
- The driving forces and key technology enablers of commercial cloud services in the Federal Government.
- Must-have security requirements and policies for cloud solutions.
- The top ten cybersecurity cloud risks such as: loss of service, data breaches, human error. As well as non-cybersecurity risks such as: outsourcing risks, personnel security, and supply chain risk management.
- Where Federal Government adoption of commercial cloud is now and predictions for the future.
Date: July 17, 2020
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
| Cybersecurity Management |
Information Systems Security Manager |
| Executive Cyber Leadership |
Executive Cyber Leadership |
| Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
| Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
|
| Operate and Maintain |
| Network Services |
Network Operations Specialist |
| Systems Administration |
System Administrator |
| Systems Analysis |
Systems Security Analyst |
|
| Securely Provision |
| Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
| Systems Architecture |
Enterprise Architect, Security Architect |
| Systems Requirement Planning |
Systems Requirements Planner |
|
|
| |
|
| CMaaS Technical Overview Course 0.5 Hours | Skill Level: Basic | | | + Description | | | This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how Continuous Monitoring as a Service (CMaaS) will be implemented in DHS Component networks.
Training Purpose: Skill Development
Specialty Areas: Computer Network Defense Analysis, Computer Network Defense Infrastructure Support, Incident Response, Vulnerability Assessment and Management
Training Proficiency Area: Level 1 - Basic
Capture Date: 2017 |
| | + Course Modules/Units | | | | Lesson 1: CMaaS Technology Stack Overview (Video) | | Lesson 2: Central Management Enclave Firewall Requirements (Infographic) | | Lesson 3: Component Management Enclave Firewall Requirements (Infographic) | | Lesson 4: Hardware Sensors Firewall Requirements 1 of 2 (Infographic) | | Lesson 5: Hardware Sensors Firewall Requirements 2 of 2 (Infographic) | | Lesson 6: Software Sensors Firewall Requirements (Infographic) | | Lesson 7: Considerations for Initial CMaaS Deployment (Infographic) | | Lesson 8: CMaaS Deployment Overview (Infographic) |
|
|
|
| CMaaS Transition Classroom Sessions 5 Hours | Skill Level: Basic | | | + Description | | | This course is part of the CMaaS transitional webinar series conducted via WebEx. Each video focuses on a single tool within the CMaaS solution stack, and includes two major Use Cases for each tool.
Training Proficiency Level: Level 1 - Basic
Capture Date: 2018 |
| |
|
 CompTIA A+ (220-1001) Certification Prep 14 Hours | Skill Level: Basic | | | + Description | | | The CompTIA A+ (220-1001) certification prep course is a self-study resource to help students prepare for the CompTIA A+ certification exam. Topics covered in the CompTIA A+ 220-1001 cover mobile devices, networking technology, hardware, virtualization and cloud computing and network troubleshooting.
Learning objectives:
- Supplemental self-study preparation resource for the CompTIA A+ 220-1001 certification exam.
- Identify installation, configuration, and maintenance details for PC components, mobile devices, and user applications.
- Recall basics of networking and security fundamentals
- Apply troubleshooting techniques and satisfactory customer support.
NICCS Specialty Areas:
- (Operate and Maintain) Customer Service and Technical Support
- Network Services
- System Administration
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Basic
|
| | + Course Modules/Units | | | | Laptops and Mobile Devices | | Laptop Expansion Options, Docking and Locks | | Laptop Hardware Replacement | | Laptop Special Functions and Features | | DEMO: Laptop Computer Components | | Characteristics of Various Mobile Device Types | | Mobile Device Ports and Accessories | | Network Services and Protocols | | IP Address, Ports, and Protocols Part 1 of 3 | | IP Address, Ports, and Protocols Part 2 of 3 | | IP Address, Ports, and Protocols Part 3 of 3 | | DEMO: Windows Command-Line Tools | | Patch Panels, Ethernet Standards and LAN | | Wireless Networks and WiFi Standards | | Network Devices: Routers | | Network Devices: Hubs, Switches and Firewalls | | SOHO Network | | Network Types | | Technologies that Facilitate IoT | | IoT Attacks and Mitigation | | Wireless Protocols and Signal Modulation | | Fiber, Coaxial Cables and Connectors | | Display Connector and Cable Types | | Computing System Components | | Hard Drive Interfaces | | Power Supply and Connectors | | RAM Basics and Types of RAM | | Upgrading and Installing RAM | | DEMO: RAM Installation and Verification | | Hard Drive Basics | | Hard Drive RAID Types | | Removable Media | | Motherboard Form Factor, Chipset and Components | | Motherboard Expansion Slots and Card Installation | | Installing New Motherboard | | BIOS Components, Configuration, and Settings | | DEMO: BIOS Overview | | DEMO: Hard Drive Installation and Initializing | | PC Configurations | | DEMO: Inside Desktop Computer | | Central Processing Unit (CPU) | | Sockets and Processors | | Virtualization and Temperature Monitoring | | DEMO: CPU Characteristics and Installation | | Common Peripheral Devices | | Display Types and Features | | Audio/Video Standards | | Configuring a SOHO Network | | Printer Types | | Printer Languages and Installation | | Introduction to Cloud Computing | | Cloud Architectures | | Cloud Security | | Virtual Environments | | Network Troubleshooting Process | | Network Troubleshooting Methodology | | PC Troubleshooting Tools | | Troubleshooting Common Symptoms of System Issues | | Troubleshooting Hardware, Video, Networks and OS | | DEMO: Troubleshooting Hard Drives | | Troubleshooting Common Video and Display Issues | | Troubleshooting Mobile Device Issues | | Hardware Tools for Connectivity Issues | | Printer and Scanner Maintenance and Troubleshooting | | DEMO: Troubleshooting Network Issues | | CompTIA A+ 220-1001 Practice Exam |
|
|
|
| CompTIA A+ (220-1002) Certification Prep 7.5 Hours | Skill Level: Basic | | | + Description | | | The CompTIA A+ 1002 certification prep course is a self-study resource to help students prepare for the CompTIA A+ certification exam. Topics in the A+1002 covers installing and configuring operating systems, expanded security, software troubleshooting and operational procedures.
Learning objectives:
- Supplemental self-study preparation resource for the CompTIA A+ 220-1002 certification exam.
- Apply diagnostic and resolution processes to hardware and software issues
- Employ device installation and sound troubleshooting and customer support practices.
- Recall fundamentals of cloud and virtualization deployment strategies
NICCS Specialty Areas:
- (Operate and Maintain) Customer Service and Technical Support
- Network Services
- System Administration
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Basic |
| | + Course Modules/Units | | | | Microsoft Operating System Versions | | Understanding Windows Compatibility Risks | | File System for iOS Devices | | Understanding the Basics of iOS | | Understanding iOS Security Architecture | | Windows Command-line Tools | | DEMO: Windows Command-Line Tools | | Demonstration: Windows OS GUI Tools Part 1 of 2 | | Demonstration: Windows OS GUI Tools Part 2 of 2 | | Windows Operating System Features Part 1 of 2 | | Windows Operating System Features Part 2 of 2 | | Windows OS GUI Tools Best Practices | | Demonstration: Creating and Managing Disk Folders | | Demonstration: Windows Hidden File Properties | | Demonstration: File Structure and Paths | | Windows Firewall Zones | | Application Events and Security Events | | Windows Event Forwarding | | Windows Networking and Resource Sharing | | Demonstration: Image Backup and Restore on Windows | | Demonstration: Linux Commands | | Best Practices and Common Features of OS X | | Physical Security Concerns and Controls | | DEMO: Physical Security | | Infrastructure Physical Security | | Identification and Authentication Methods | | Demonstration: Installing Antivirus | | Authentication Services | | Malware and Social Engineering Threats | | Symptoms, Troubleshooting and Preventing PC Infections | | Host Security Controls Part 1 of 2 | | Host Security Controls Part 2 of 2 | | Windows 10 Security Features | | Mobile Based Social Engineering | | Mobile Device Security Best Practices | | Data Destruction and Disposal Methods | | Configuring a SOHO Network | | PC Troubleshooting Tools | | Troubleshooting Common Symptoms of System Issues | | Troubleshooting System Crash and Failure-to-Boot Issues | | Troubleshooting Mobile Device Issues | | Safety Procedures and Personal Safety | | IT Environmental Controls | | Incident Response Concepts | | Intellectual Property and Licensing | | Professional Communication and Troubleshooting Theory | | Procedures Supporting Policy | | Scripting Basics Overview | | CompTIA A+ 220-1002 Practice Exam |
|
|
|
| CompTIA Network+ N10-007 18 Hours | Skill Level: Basic | | | + Description | | | This Network+ prep course is a self-study resource designed to help students prepare to sit for the CompTIA Network+ 10-N007 certification exam. The Network+ certification is focused on IT infrastructure and networking concepts for junior to mid-level IT professionals in the cyber workforce. Topics covered include network operations, security, troubleshooting and tools, and well as infrastructure support.
Learning Objectives:
- Design and implement a functional network
- Configure, manage and maintain network security, standards and protocols
- Troubleshoot network issues
- Create and support virtualized networks
NICCS Specialty Areas:
- Operate and Maintain
- Network Services
- System Administration
- Customer Service and Technical Support
Training Purpose: Skill Development
Training Proficiency Area: Level 1- Basic |
| | + Course Modules/Units | | | | Net+N100-007 Introduction | | Ports and Protocols Part 1 of 2 | | Ports and Protocols Part 2 of 2 | | OSI Layers | | Properties of Network Traffic | | VLANs and VTP | | Routers and Routing Protocols | | Routing Tables and Types | | IP Addressing – IPv6 | | Traffic Filtering and Port Mirroring | | Network Performance Optimization | | IP Addressing Components | | Subnetting | | Network Topologies | | Technologies that Facilitate IOT | | Wireless Standards Part 1 of 2 | | Wireless Standards Part 2 of 2 | | DEMO: Wireless Architecture | | Introduction to Cloud Computing | | Cloud Security | | DNS Service | | Dynamic Host Configuration Protocol (DHCP) | | Ethernet Standards | | Cables and Wires | | Cable Termination and Fiber Optic | | DEMO: Cables and Connectors | | Firewall Implementations | | Network Components – Hubs and Switches | | DEMO: Contrasting Hubs, Switches,VLANS | | Router Setup and MAC Filtering | | Installing and Configuring Wireless Networks | | SOHO Network | | Telephony, VoIP | | Network Security Appliances IDS | | Advanced Security Devices | | Virtual Environments | | Network Storage Connection Types | | Network Storage and Jumbo Frames | | Wide Area Network Technologies | | Configuration Management Documentation | | Business Continuity and Disaster Recovery | | Fault Tolerance and Availability Concepts | | Maintainability: MTTR and MTBF | | Security Device and Technology Placement | | DEMO: Introduction to SNMP | | Network Access Security | | Remote Access Methods | | Operations Policies and Best Practices | | Mobile Device Deployment Models | | Physical Security Devices | | Authentication Services | | PKI Public Key Infrastructure | | Examples of PKI Use | | Network Access Control | | Wireless Encryption and Authentication | | DoS and MITM Attacks | | Wireless Threats and Mitigation | | Understanding Insider Threat | | DEMO: Malware and Social Engineering Threats | | Hardening Network Devices | | Switch Loop Protocol | | Network Segmentation and Design | | Honeypot | | Corporate Penetration Testing | | Network Troubleshooting Methodology | | Hardware Tools for Connectivity Issues | | Software Tools for Connectivity Issues | | DEMO: NSlookup Dig Google Toolbox | | Physical Connectivity Problems | | Cable Troubleshooting | | Wireless Troubleshooting | | Troubleshooting Routers and Switches | | Technologies that Facilitate IOT | | Network+ N10-007 Exam |
|
|
|
| Cyber Awareness Challenge 2019 1 hour | Skill Level: Basic | | | + Description | | | This course provides an overview of cybersecurity threats and best practices to keep information and information systems secure. Every year, authorized users of certain information systems must complete the Cyber Awareness Challenge to maintain awareness of, and stay up-to-date on new cybersecurity threats. The training also reinforces best practices to keep personal information and information systems secure, and stay abreast of changes in general cybersecurity policies. |
| |
|
| Cybersecurity Analyst 12.5 Hours | Skill Level: Intermediate | | | + Description | | | The Cybersecurity Analyst course is designed to help reinforce concepts for cyber work roles that require monitoring and information analysis to respond to suspicious events. This intermediate-level course focuses on defense techniques leveraging data and tools to identify risks to an organization, and apply effective mitigation strategies to detect and respond to threats.
Learning Objectives:
- List common cyber threats and examples of scanning and assessment tools and techniques to identify potential vulnerabilities.
- Analyze data from various sources to identify vulnerabilities and recommend strategies for mitigation.
- Configure and implement threat detection tools to detect incidents, and effectively respond and recover.
Date: 2018
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat Analyst |
| Protect and Defend |
Cybersecurity Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analysts |
|
| | + Course Modules/Units | | | | Reconnaissance | | Port Scanning for Active Reconnaissance | | Environmental Reconnaissance Tools | | Social Engineering for Reconnaissance | | Network Mapping for Active Reconnaissance | | Syslog | | Reviewing Alerts/Detecting Attack Phases | | Common Tasks in Environmental Reconnaissance | | Environmental Reconnaisannce Variables | | Basic Packet Analysis | | Methods of Network Traffic Analysis | | Network Traffic Analysis | | Netflows | | Working with Netflows | | Netflow Tools | | Examining Log Files | | Data Correlation and Analytics | | Analyzing Device Data | | SIEM | | DEMO: Wireshark Packet Analyzer | | Hardening Network Devices | | Network Segmentation and Design | | Honeypot | | Endpoint Security | | Windows Group Policy | | Access Control Models | | Remote Authentication - Radius and Tacacs+ | | Hardening Host and Networked Systems | | Compensating Controls | | Corporate Penetration Testing | | Reverse Engineering Purpose and Practice | | Team Training and Exercises | | Risk Evaluation and Security Controls | | Vulnerability Assessment Introduction | | Vulnerability Management Requirements | | Vulnerability Scanner Configuration | | Vulnerability Assessment Tools | | Scanning and Enumeration with Nmap | | Intro to Vulnerability Scanning with Nessus | | Vulnerability Remediation | | Scanning and Report Viewing with OpenVAS | | Endpoint and Protocol Analysis | | Logging Strategies and Sources | | Reviewing, Analyzing and Correlating Logs | | Network Vulnerabilities | | System Vulnerabilities | | Web Application Vulnerabilities | | Wireless Network Vulnerabilities | | Virtual Infrastructure Vulnerabilities | | Threats to Mobile Devices | | ICS and SCADA Systems Security | | Malware and Social Engineering Threats | | Preparing for Impact Analysis | | Forensics Kit and Incident Response | | Forensic Investigation Suite | | Setting Up an Analysis Environment | | Communication During Incident Response | | Common Symptoms of Host Infection | | Incident Response and Recovery Part 1 of 2 | | Incident Response and Recovery Part 2 of 2 | | Regulatory Compliance and Frameworks | | Control Selection Tailoring and Implementation | | Verification and Quality Control | | Procedures Supporting Policy | | Enterprise Network Authentication Part 1 of 2 | | Enterprise Network Authentication Part 2 of 2 | | Cross-site Scripting and Other Exploits | | Privilege Escalation Exploit | | Technical Processes and Controls | | Software Development Models and SDLC | | Code Review and Testing | | Secure Coding Best Practice Resources | | Preventative Cyber Tools | | Collective Cyber Tools | | Analytical Cyber Tools | | Exploit Cyber Tools | | Forensics Cyber Tools | | Course Test |
|
|
|
| Cybersecurity for Technical Staff 17.5 Hours | Skill Level: Basic | | | + Description | | | The Cybersecurity for Technical Staff course highlights best practices applicable to a wide variety cybersecurity job roles. Topics such as risk management, architecture and design, and tools and technologies, are key concepts for detecting, protecting, and defending from security threats. This foundational knowledge of cybersecurity controls and strategies is essential for technical operations staff.
Learning Objectives:
- List common cyber threats and how scanning and assessment tools and techniques identify potential vulnerabilities
- Explain how various tools and technologies are configured or deployed to support an organization's security posture
- Detail risk management best practices and mitigation strategies
Date: 2018
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Malware: Viruses | | Malware: Rootkits, Trojans, Botnets | | MITM, DoS, Packet Flooding and Other Attacks | | Backdoor, Spoofing, Replay and Other Attacks | | Password, Birthday, Crypto and Application Attacks | | Social Engineering Techniques | | Wireless Attacks | | Application Attacks | | Threat Actors | | Assessment Tools and Techniques | | Active and Passive Reconnaissance | | Security Testing and Assessment | | Firewall Implementations | | Proxy Server Implementations | | Hubs and Switches | | Routers and Routing Protocols | | Remote Access and VPNs Part 1 of 2 | | Remote Access and VPNs Part 2 of 2 | | Network Intrusion Detection Systems | | Host-Based Intrusion Detection Systems | | Password Cracking Categories and Tools | | Password Cracking Techniques | | DEMO: Local Information Gathering Tools | | DEMO: Network Connectivity Testing Tools | | DEMO: Remote Information Gathering Tools | | Mobile Device Security | | Mobile Device Deployment | | Network Security Protocols | | Network Services and Protocols | | Frameworks and Reference Architectures | | Network Zones | | Demilitarized Zones (DMZ) Implementations | | Security Device and Technology Placement | | Host Security: OS Hardening and Firewalls | | Host Security: Anti Virus, Malware and Spam | | Host Security: Pop Ups and Patch Management | | Secure Static Environment | | Secure Staging Deployment Concepts | | Cloud and Virtualization Concepts | | Cloud Architectures | | Host Security: Virtualization | | Resiliency and Automation to Reduce Risk | | Physical Security and Environmental Controls | | Access Control Categories | | Authentication Services | | Access Control Models | | Authentication and Authorization Concepts | | Biometric Authentication | | Account Management | | Identity Management | | Security Awareness and Training | | Risk and Related Concepts | | Risk and Asset Identification | | Threat and Risk Calculation | | Risk Control Types | | Security Control Types and Categories | | Basic Forensics Procedures | | Incident Handling and Forensics | | Incident Response Preparation | | Risk Management: Business Continuity | | Risk Management: Redundancy and Fault Tolerance | | Risk Management: Disaster Recovery | | Risk Mitigation Strategies | | Data Security | | Data Destruction and Disposal Methods | | Data Sensitivity and Handling | | Mitigation and Deterrence: Logging | | Mitigation and Deterrence: Hardening | | Mitigation and Deterrence: Network Security | | Mitigation and Deterrence: Attack Countermeasures | | Cryptography Part 1 of 2 | | Cryptography Part 2 of 2 | | Wireless Security Evolution | | Wireless Security Best Practices | | Cryptographic Keys and PKI | | Course Test |
|
|
|
| Creating a Computer Security Incident Response Team (CSIRTs) 3 Hours | Skill Level: Basic | | | + Description | | | The Creating a Computer Security Incident Response Team course was developed for organizations and individuals who are at the beginning of their planning and implementation process for creating a computer security incident response team or an incident management capability. The course begins with definitions and context for defining a CSIRT framework, followed by services that may be provided and building an action plan. A attendee workbook is included with questions and exercises to use in conjunction with the training.
Learning Objectives:
- Understand the function of Computer Security Incident Response Teams (CSIRT) and the philosophy behind them
- Understand the role of CSIRT in the incident management process
- Identify the requirements to establish an effective CSIRT
- Appreciate the key issues and decisions that must be addressed when creating a CSIRT
- Learn to strategically plan the development and implementation of your CSIRT/li>
Date: 2020
Training Proficiency Area: Level 1 - Basic
Training Purpose: Management Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All Source Analysis |
Exploitation Analysis |
| Oversee and Govern |
Cybersecurity Management |
Executive Cyber Leadership |
|
| | + Course Modules/Units | | | | Create a Computer Security Incident Response Team | | Defining Incident Management Part 1 of 2 | | Defining Incident Management Part 2 of 2 | | Defining CSIRTs | | Types of CSIRTs | | Setting the Context | | Defining Your Framework Part 1 of 2 | | Defining Your Framework Part 2 of 2 | | Capability Strategies | | CSIRT Components | | CSIRT Components: Organizational Issues | | CSIRT Components: Resources | | Range and Level of Services | | Policy and Procedure Examples | | Range and Level of Services Summary | | Ideas for Your Action Plan | | Taking the Next Steps | | CSIRTs Resource Overview |
|
|
|
| Cryptocurrency for Law Enforcement 2 hours | Skill Level: Basic |  | | + Description | | | Cryptocurrency for Law Enforcement
This course covers the history, risks and legality of cryptocurrency as well as discusses what cryptocurrency items can be seized by law enforcement.
Learning Objectives:
- Define cryptocurrency and compare it to traditional currency
- Describe the history of cryptocurrency
- State the elements of a cryptocurrency transaction and their roles
- Describe safety measures taken to protect cryptocurrency
- Identify items that serve as wallets for cryptocurrency and could be seized by law enforcement
- Evaluate apps and websites that could be linked to cryptocurrency
- Compare degrees of anonymity of various cryptocurrencies
- Compare legal and illegal uses of cryptocurrency
- Evaluate the legality of different cryptocurrency scenarios
- Identify notable cases of illegal uses of cryptocurrency found in recent headlines
Training Purpose: Investigate
Specialty Areas: Cyber Investigation, Digital Forensics
Training Proficiency Area: Level 1 - Basic
Course Date: 2/27/2019 |
| |
|
| Cyber Dark Arts 3 Hours | Skill Level: Intermediate | | | + Description | | | Cyber Dark Arts highlights ‘dark’ or deceptive activities that are employed by malicious users via the Internet. Several legitimate purpose technologies and techniques and how they are leveraged, or manipulated for fraudulent purposes, is discussed. Threats from topics such as zero-day attacks, dark web, alternate OSs, VPN/TOR, weaponized psychology, and anonymous services will be detailed, as well as methods for concealing one’s identity. These methods are taught in order for cybersecurity experts to defend against such attacks.
The course includes reinforcing video demonstrations.
Learning Objectives:
- Explain several techniques for obfuscating online activities
- List examples of technologies leveraged for deceptive purposes
- Detail best practices for prevention and protection from malicious cyber activities
NICCS Specialty Areas:
- Collect and Operate: Cyber Operations
- Operate and Maintain: Systems Analysis
- Protect and Defend: Cyber Defense Analysis
Training Purpose: Skill Development
Training Proficiency Area Level 2 - Intermediate |
| | + Course Modules/Units | | | | Cyber Dark Arts | | Weaponized Psychology | | DEMO: Password Cracking Using Hydra | | Scanning for Vulnerable Devices and Networks | | Anonymous Web Hosting, Searching, and Browsing | | Alternative Operating Systems | | Tails, Whonix, and Qubes | | Secure Messaging Services | | Blockchain and Cryptocurrency | | DEMO: Blockchain and Cryptocurrency | | DEMO: Iodine IP over DNS | | DEMO: TOR versus Traditional Tunneling | | Advanced Persistent Threats | | Cyber Dark Arts Exam |
|
|
|
| CyberEssentials 1 Hour | Skill Level: Basic | | | + Description | | | This course is based on the DHS CISA Cyber Essentials, a guide for leaders to develop actionable items to start implementing organizational cybersecurity practices. This course provides an overview of the Cyber Essentials from a leadership perspective and is designed to introduce the six essential elements of building a culture of cyber readiness. Learning objectives:
At the end of this course, you will be able to: - Identify actionable items to reduce your organization's cyber risks through a holistic approach
- Identify the six essential elements of building a culture of cyber readiness
- Identify the stepping stones to building a culture of cyber readiness
Specialty Areas: - Training
- Education and Awareness
- Cybersecurity Management
- Strategic Planning and Policy
- Executive Cyber Leadership
- Program/Project Management and Acquisition
Training Purpose: Oversee and Govern Training Proficiency Area: Level 1
|
| |
|
| Cyber Fundamentals for Law Enforcement Investigations 8 Hours | Skill Level: Intermediate | | | + Description | | | This course serves as an introduction and overview of several concepts and technologies that may be encountered as part of an investigation with a digital or cyber component. Starting with the basics of how devices communicate, the course continues with technical concepts and applications that may be used to facilitate or investigate incidents. Content includes lab exercises and practical application takeaways to reinforce concepts, and a course exam.
Learning objectives:
- Describe essential computing communication concepts
- Identify digital evidence sources and handling
- Apply techniques to examine applications for target information
Training Purpose: Skill Development
Specialty Areas: Threat Analysis, Digital Forensics, Investigation
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2017 |
| | + Course Modules/Units | | | | Cyber Investigation Course Intro | | Cyber Crimes versus Traditional Crimes | | Cyber Laws Overview | | Logical and Physical Addresses | | Dissecting a Data Packet | | How Computers Connect | | IP Addresses and Domain Names | | IP Addresses | | Domain Naming | | NSlookup Dig Google Toolbox | | Digital Artifacts Basics | | Site Survey and Collection | | Determining Sophistication | | Time Standardization | | Requesting Digital Forensic Artifacts | | Footprinting | | Handling Untrusted or Unknown Files | | Setting Up an Analysis Environment | | Examining Images | | Intro to Encryption | | Detecting Encryption | | Malware Awareness | | Malware Propagation | | Malware History | | Remote Access | | Understanding Insider Threat | | Introduction to Peer-to-Peer | | Advanced IP Tunneling Overview | | TOR versus Traditional Tunneling | | Iodine IP over DNS | | Email Analysis | | Phishing Message Analysis | | Online Auctions | | Open Source Searches Using Facebook | | Open Source Searches Using Twitter | | Google FU | | Cyber Investigations Exam | | Domain Information Lookup | | Examining EXIF Data and Images | | Computing and Comparing Hash Values | | File Search Techniques | | Open Source Twitter Searches |
|
|
|
| Cyber Security Investigations 9 Hours | Skill Level: Basic | | | + Description | | | This course discusses the basic concepts of cyber security and digital forensics investigation practices. Topics include performing collection and triage of digital evidence in response to an incident, evidence collection methodologies, and forensic best practices. This is an introductory course reviewing the processes, methods, techniques and tools in support of cyber security investigations.
Training Purpose: Skill Development
Specialty Areas: Digital Forensics, Cyber Operations, Incident Response, Investigation
Training Proficiency Area: Level 1 - Basic
Capture Date: 2015 |
| | + Course Modules/Units | | | | Purpose of Computer and Network Forensics | | Digital Forensics Tools | | Forensics Team Staffing Considerations | | Digital Forensics Guidelines, Policies, and Procedures | | Digital Forensics Life Cycle | | Digital Forensics Best Practices | | Digital Forensics Concepts | | Locard's Exchange Principle | | Incident Response Phases Part 1 of 3 | | Incident Response Phases Part 2 of 3 | | Incident Response Phases Part 3 of 3 | | Computer Forensics Process Part 1 of 2 | | Computer Forensics Process Part 2 of 2 | | Digital Forensic Planning and Preparation | | IR and Digital Forensics Tools | | Forensically Prepared Media, Tools and Equipment | | Incident Response Information Gathering | | Incident Response Acquisition Considerations | | Incident Response Notes and Documentation | | Auditing Windows Event Logs | | Volatile Data Collection | | Storage Media Collection | | Network Data Collection | | Log Collection | | Data Carving using FTK | | Digital Forensic Triage Overview | | Incident Triage Process | | Incident Triage Methodology | | Attacker Methodology Overview Part 1 of 3 | | Attacker Methodology Overview Part 2 of 3 | | Attacker Methodology Overview Part 3 of 3 | | Triage: Light and General Collections | | Triage Analysis | | Triage Analysis of Volatile Data | | Program Execution | | Analyzing Services | | Malware Vectors and Detection | | Mobile Device Triage Analysis | | IR: Following a Trail | | Hash and File Signature Analysis | | Time Analysis | | Registry Analysis | | File Analysis Demonstration | | Hashing with md5deep | | Hash Analysis with Autopsy | | Lessons Learned from an Incident | | Lessons Learned from Objective and Subjective Data | | Evidence Retention and Information Sharing Post Incident | | Cyber Security Investigations Exam |
|
|
|
| Cyber Security Overview for Managers 6 Hours | Skill Level: Basic | | | + Description | | | Cybersecurity Overview for Managers is designed for managers and other stakeholders who may be involved in decision making regarding their cyber environment but do not have a strong technical background. Discussions will not focus on specific technologies or implementation techniques, but rather cybersecurity methodologies and the framework for providing a resilient cyber presence. The course aims to help managers better understand how people and devices work together to protect mission critical assets and more effectively evaluate their cyber posture.
Training Purpose: Skill development
Specialty Areas: Information System Security Management, Security Program Management, Strategic Planning and Policy Development
Training Proficiency Area: Level 1 - Basic
Capture Date: 2012 |
| | + Course Modules/Units | | | | Cyber Security Overview Course Introduction | | Key Concepts in Cyber Security Part 1 of 2 | | Key Concepts in Cyber Security Part 2 of 2 | | Cyber Security Role in Culture, Vision, and Mission | | Roles and Responsibilities in Cyber Security Part 1 of 2 | | Roles and Responsibilities in Cyber Security Part 2 of 2 | | Cyber Security Governance | | Cyber Security and Federal Guidelines | | Impact and Limitations of Laws | | Threat Actors | | Common Threats to Cyber Security Part 1 of 2 | | Common Threats to Cyber Security Part 2 of 2 | | Mobile Security and Mobile Threats | | Cyber Security and Cloud Computing | | Controls, Countermeasures, and Cyber Security | | Risk Management Overview | | Determining Critial Assents and Processes | | Asset Criticality Demo | | Risk and Threats and Vulnerabilities | | Determining Risk and Impact | | Risk Mitigation Strategy | | Risk Assessment Methodologies | | Incident Handling and Business Continuity | | Business Continuity Plans and Procedures | | Disaster Recovery Plans and Procedures | | Cyber Security Overview Course Quiz |
|
|
|
| Cyber Supply Chain Risk Management 2 Hours | Skill Level: Basic | | | + Description | | | The purpose of this course is to educate the learner about cyber supply chain risk management, also known as C-SCRM, and the role it plays within our society today. This course will teach learners how to securely provision, analyze, oversee and govern, protect and defend a supply chain.
Objectives:
- Describe product supply chains and life cycles
- Identify the role of adversaries in supply chain risk management
- Define the risks associated with supply chains
- State the principles of supply chain management
- Identify security measures taken to protect a supply chain
- Apply suggested tools to address supply chain vulnerabilities
- Explain how knowledge of the "internet of things" (IOT) is used to evaluate products as IOT devices
- Recognize potential dangers posed by various devices brought to work
- Identify the threats outlined for acquisitions personnel through the Federal Acquisition Regulation (FAR)
- Define how to personally safeguard your organization’s cybersecurity
Training Purpose:
Securely Provision, Analyze, Oversee and Govern, Protect and Defend
Specialty Areas
Risk Management, Software Development, Systems Development, Systems Requirements Planning, All-Source Analysis, Exploitation Analysis, Targets, Threat Analysis, Cybersecurity Management, Program/Project Management and Acquisition, Strategic Planning and Policy, Cyber Defense Analysis, Cyber Defense Infrastructure Support
Training Area: Level 1 - Basic
Capture Date: 2019
|
| |
|
| Demilitarized Zone (DMZ) with IDS/IPS 9 Hours | Skill Level: Intermediate | | | + Description | | | This course introduces the concept of a network Demilitarized Zone (DMZ) and the security benefits it can provide. Best practices for designing and implementing a DMZ is followed with a section on IDS and IPS systems that includes an in-depth look at SNORT for network monitoring. The course concludes with log analysis and management best practices.
Training Purpose: Skill development
Specialty Area: Computer Network Defense Infrastructure Support, Network Services, Systems Security Analysis, System Administration
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2013 |
| | + Course Modules/Units | | | | Demilitarized Zone (DMZ) Introduction | | DMZ Architecture | | DMZ Components: Firewalls Part 1 of 2 | | DMZ Components: Firewalls Part 2 of 2 | | Setting up a DMZ using IPTables Demo | | DMZ Components: IDS | | DMZ Components: IDS/IPS Placement | | DMZ Components: Proxy Servers | | DMZ Components: Network Servers | | DMZ Architectures | | Attacking the DMZ Part 1 of 2 | | Attacking the DMZ Part 2 of 2 | | DMZ Attack Types Part 1 of 2 | | DMZ Attack Types Part 2 of 2 | | DMZ: Open Source vs Commercial Implementations | | DMZ: Software Subscription Services | | Open Source DMZ Tools Part 1 of 2 | | Open Source DMZ Tools Part 2 of 2 | | Proxy Concepts | | DNS Concepts | | Web Server Concepts | | E-mail Relay and VPN Concepts | | DMZ and Commercial Software - Part 1 | | DMZ and Commercial Software - Part 2 | | Security Capabilities in a DMZ | | Security Capabilities in Procmail Demo | | Network Security Appliances IDS | | Snort Intro and Overview | | Using BASE w Snort DB | | Snort Demo | | Log Mgmt and Analysis Concepts | | SYSLOG Basics | | Using Swatch Overview | | Log Management Best Practices | | Proxy and DNS Log File Concepts | | Analyzing Proxy and DNS Log Files | | DMZ with IDS/IPS Course Quiz |
|
|
|
| DB Evaluations using AppDetectivePro and dbProtect 1.5 Hours | Skill Level: Basic | | | + Description | | | This course introduces students to basic database security concepts and methodology. The course demonstrates how tools such as AppDetectivePRO and DbProtect can be used to scan databases in order to uncover configuration mistakes, identification and access control issues, missing patches or any toxic combination of settings that could lead to escalation-of-privilege or denial-of-service attacks, data leakage or unauthorized modification of data.
Training Purpose: Skill development
Specialty Areas: Information Assurance Compliance, Software Assurance and Security Engineering, Systems Development, Test and Evaluation
Training Proficiency Area: Level 1 - Basic |
| | + Course Modules/Units | | | | Importance of Databases Security | | Databases Security Methodology | | AppDetectivePRO Overview | | DbProtect Overview | | DbProtect Deployment Model | | DbProtect Features | | DbProtect Demonstration |
|
|
|
| Dynamic Testing using HPE WebInspect 1.5 hours | Skill Level: Basic | | | + Description | | | This course introduces students to dynamic testing tools for web applications and demonstrates how they can be used to identify, evaluate, and mitigate a web application’s potential security vulnerabilities. The focus is on using HPE WebInspect in order to perform and manage dynamic security vulnerability testing and address results from both a developer and cyber security professional perspective.
Training Purpose: Skill development
Specialty Areas: Information Assurance Compliance, Software Assurance and Security Engineering, Systems Development, Test and Evaluation
Training Proficiency Area: Level 1 - Basic
Capture Date: 2014 |
| | + Course Modules/Units | | | | Application Security | | WebInspect Dynamic Analysis | | Installing WebInspect | | Run a WebInspect Scan | | WebInspect Demonstration | | Policy Manager Demonstration | | Default Settings Demonstration | | Reports | | Application Settings and Tools | | Comparing Scans | | Testing in a Closed versus Open Network | | WebInspect Agent, Web Services |
|
|
|
| DNSSEC Training Workshop 2 Hours | Skill Level: Advanced | | | + Description | | | This course covers the basics of DNSSEC, how it integrates into the existing global DNS and provides a step-by-step process to deploying DNSSEC on existing DNS zones.
Training Purpose: Skill development
Specialty Areas: Enterprise Architecture, Network Services, System Administration
Training Proficiency Area: Level 3 - Advanced
Capture Date: 2015 |
| | + Course Modules/Units | | | | DNSSEC Introduction | | DNS Resolution Steps | | DNS Vulnerabilities and Security Controls | | DNSSEC Mechanisms | | DNS Resource Records (RR) | | Special DNS Resource Records | | DNS Zone Signing | | Secure DNS Zone Configuration-DNSSEC Key Generation | | Prepare the DNS Zone File for Signing | | Signing the DNS Zone file | | Publishing a signed zone | | Testing a signed zone | | Testing a signed zone through a validator | | DNSSEC Chain of Trust | | Setting Up A Secure Resolver | | Adding a trusted key | | Securing the last hop | | ZSK Rollover | | Using pre-published keys | | KSK Rollover | | Conclusions |
|
|
|
| Elections and IT Embrace your role as a Manager - 3.5 Hours | Skill Level: Basic | | | + Description | | | This course, a collaboration between the U.S. Election Assistance Commission (EAC) and the U.S. Department of Homeland Security (DHS), provides an opportunity to learn why election officials must view themselves as IT managers. The course is designed for both the seasoned and unseasoned election official who needs an overview of information technology and how to ensure security is included in the planning, procuring, designing, implementing, and maintaining of your interconnected electronic election systems, including public facing websites. The course includes 14 modules that can be taken together or separately to meet your training needs. The first set of modules provide an overview of the intrinsic connection of information technology and election systems, followed by modules introducing the key concepts of identifying vulnerabilities and how to protect your election systems from internal and external threats. The final two modules provide information on cybersecurity resources available from the EAC and DHS.
Training Purpose: Management Development
Specialty Areas: Cybersecurity Management, Incident Response, Risk Management
Training Proficiency Area: Level 1 - Basic
Capture Date: 2018 |
| | + Course Modules/Units | | | | Professionalizing Election Admin Intro | | Being an IT Manager | | Election Systems | | Procuring IT | | Testing and Audits | | Election Security | | Principles of Information Security | | Cybersecurity and Elections | | Risk Management and Elections | | Phishing and Elections | | Election Infrastructure Security | | DHS Cyber Security Tools and Services | | EAC Resources |
|
|
|
| Enterprise Cybersecurity Operations 24 Hours | Skill Level: Advanced | | | + Description | | | The Enterprise Cybersecurity Operations course highlights technical knowledge and skills required for implementing secure solutions in the enterprise. A broad spectrum of disciplines is covered to aid practitioners in applying frameworks and controls to improve the security posture while supporting the business mission.
Learning Objectives:
- Describe risk management's role in the enterprise and mitigation strategies for specific threats.
- Detail implementing network security strategies and controls for connected devices.
- Explain how cloud technologies are leveraged and can support a secure enterprise architecture.
- List sources and methods to help stay current with cybersecurity best practices and threat trends, and analyzing potential impact to the enterprise.
Date: 2018
Training Proficiency Area: Level 2 - Advanced
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Collect and Operate |
Cyber Operations Planning |
Cyber Ops Planner |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Securely Provision |
Risk Management |
Security Control Assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect |
|
| | + Course Modules/Units | | | | Configuration Strategies w/ Spec Compon | | Cryptographic Terms and Implementations | | Cryptographic Tools and Techniques Part 1 of 2 | | Cryptographic Tools and Techniques Part 2 of 2 | | Hybrid Encryption in SSL Demo | | Encryption Limitations and Key Length Part 1 of 2 | | Encryption Limitations and Key Length Part 2 of 2 | | DEMO: Volume and File Encryption | | Hash Functions and Algorithms | | Digital Signatures | | Digital Certificate Elements | | CAs and Public Key Infrastructure | | Origins For Cryptographic Standards | | Virtual Networking | | Intro to Virtualized Computing Part 1 of 2 | | Intro to Virtualized Computing Part 2 of 2 | | VLANs and Switching | | Storage Types and Considerations | | Enterprise Storage | | Enterprise Storage Connection Terms | | Enterprise Storage and RAID | | Securing iSCSI and FCoE and Managing Storage | | Network Security Concepts | | Network Zones and Remote Access | | NW Components Routers and Firewalls Part 1 of 2 | | NW Components Routers and Firewalls Part 2 of 2 | | NW Components Intrusion Detection Systems | | Networked-based IDS and IPS Deployment | | Securing Wireless Part 1 of 2 | | Securing Wireless Part 2 of 2 | | DMZ Components | | Web Services Concepts | | Web Servers and DNS | | Securing DNS Best Practices | | Proxy Servers and SMTP Relay | | NAT and PAT | | Infra Design : Firewalls and Proxies | | Infra Design : IDS and IPS | | Infra Design : Syslog and SIEMs | | Infra Design : Switch and Router Security | | Infra Design : VPNs and SNMP | | SCADA Environments | | Application Security : VTC and VoIP | | Application Security : Databases and Web Services | | Application Security : IPv6 | | Physical Security Concerns and Controls | | Host Security Controls Part 1 of 2 | | Host Security Controls Part 2 of 2 | | Web Application Security Design | | DEMO: Whitelisting and Blacklisting | | Specific Application Issues | | Client side vs Server side Processing | | Analyzing Business Risk | | Risk Management in New Business Models | | Risk Mitigation Strategies and Controls | | Security Impact of Inter Organizational Change | | Calculating Risk Exposure | | Incident Response Concepts | | Incident Response and Recovery Process | | Privacy Policy and Procedures Part 1 of 2 | | Privacy Policy and Procedures Part 2 of 2 | | Assessment Tools | | Assessment Methods | | Assessment Methodologies | | Cybersecurity Benchmarks | | Security Metrics | | Situational Awareness | | Analyzing Industry Trends Part 1 of 3 | | Analyzing Industry Trends Part 2 of 3 | | Analyzing Industry Trends Part 3 of 3 | | Applying Analysis to Improve Enterprise Security Part 1 of 4 | | Applying Analysis to Improve Enterprise Security Part 2 of 4 | | Applying Analysis to Improve Enterprise Security Part 3 of 4 | | Applying Analysis to Improve Enterprise Security Part 4 of 4 | | Integrating Enterprise Disciplines Part 1 of 2 | | Integrating Enterprise Disciplines Part 2 of 2 | | Security Controls for Communication and Collaboration | | Adv Authentication Tools and Techniques | | Software Development Models | | System Dev Life Cycle and CS | | IT Governance | | Cloud based Deploy Models | | Cloud Security | | Identity Management | | Securing Virtual Environments Part 1 of 3 | | Securing Virtual Environments Part 2 of 3 | | Securing Virtual Environments Part 3 of 3 | | Enterprise Storage Advantages and Security Measures | | Enterprise Network Authentication Part 1 of 2 | | Enterprise Network Authentication Part 2 of 2 | | Practice Exam |
|
|
|
| The Election Official as IT Manager 4 Hours | Skill Level: Basic | | | + Description | | | In this course, you will learn why Election Officials must view themselves as IT systems managers, and be introduced to the knowledge and skills necessary to effectively function as an IT manager. The course includes a review of Election Systems, Election Night Reporting, and Interconnected Election Systems vulnerabilities and liabilities. The course also covers Social Media and Website best practices, vulnerabilities, and liabilities, and will also address Procuring IT, Vendor Selection, Testing and Audits, Security Measures, and Risk Assessments. In addition, the course also includes a review of resources available to the election community from the Department of Homeland Security.
Training Purpose: Management Development
Specialty Areas: Cybersecurity Management, Incident Response, Risk Management
Training Proficiency Area: Level 1 - Basic
Capture Date: 2018 |
| | + Course Modules/Units | | | | Professionalizing Election Admin Intro | | Being an IT Manager | | Election Systems | | Technology and the Election Office | | Procuring IT | | Testing and Audits | | Election Security | | Principles of Information Security | | Physical Security | | Cybersecurity and Elections | | Human Security | | Risk Management and Elections | | Incident Response Scenarios and Exercises | | Phishing and Elections | | DDOS Attacks and Elections | | Website Defacing | | Election Infrastructure Security | | DHS Cyber Security Tools and Services | | EAC Resources |
|
|
|
| Emerging Cyber Security Threats 12 Hours | Skill Level: Intermediate | | | + Description | | | This course covers a broad range of cyber security elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. This course will cover what policy is, the role it plays in cyber security, how it is implemented, and cyber security laws, standards, and initiatives. Topics include cyber security policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.
Training Purpose: Skill Development
Specialty Areas: System Administration, Technology Demonstration, Vulnerability Assessment and Management, Strategic Planning and Policy Development, Cyber Threat Analysis
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2010 |
| | + Course Modules/Units | | | | Introduction to Cybersecurity Policy | | Types of Security Policy | | Policy Education and Implementation | | Cybersecurity Laws | | Proposed Legislation | | NIST Cybersecurity Standards | | Other Cybersecurity Standards | | Comprehensive National Cybersecurity Initiatives (CNCI) | | Other Federal Cybersecurity Initiatives | | Implementing Cybersecurity Initiatives | | SPAM | | Malware Trends | | Botnets | | Monetization | | Cyber Attack Profiles | | Cyber Crime | | Cyberwarfare | | Cyber Attack Attribution | | Cyber Threat Mitigation | | Mobile Device Trends | | Mobile Device Threats | | Mobile Device Countermeasures | | Exploited Threats | | What is Cloud Computing? | | Technical Risks | | Operational Risks | | Risk Mitigation Strategies | | DISA Cloud Solutions | | RFID Introduction | | RFID Threats | | RFID Countermeasures | | Exploited Threats | | Introduction and MAC Address Monitoring | | MAC Address Spoofing | | Managing Traffic Flows | | VLANs and Security | | 802.1x Port Authentication | | Network Admission Control | | Securing STP | | Securing VLANs and VTP | | Introduction and Edge Security Traffic Design | | Blocking DoS and DDoS Traffic | | Specialized Access Control Lists | | Routers with Firewalls | | Beyond Firewalls: Inspecting Layer 4 and Above | | Securing Routing Protocols and Traffic Prioritization | | Securing Against Single Point of Failures | | Physical and Operating System Security | | Management Traffic Security | | Device Service Hardening | | Securing Management Services | | Device Access Hardening | | Device Access Privileges | | Name Resolution Introduction | | Name Resolution and Security | | DNS Cache | | DNS Security Standards and TSIG | | DNSSEC | | Migrating to DNSSEC | | Issues with Implementing DNSSEC 1 | | Issues with Implementing DNSSEC 2 | | IPv6 Concepts | | IPv6 Threats | | IPv6 Network Reconnaissance | | DEMO: IPv6 Network Reconnaissance | | IPv6 Network Recon Mitigation Strategies | | IPv6 Network Mapping | | DEMO: IPv6 Network Mapping | | IPv6 Network Mapping Mitigation Strategies | | IPv6 Neighbor Discovery | | DEMO: IPv6 Address Assignment | | IPv6 Attacks | | DEMO: IPv6 Alive Hosts | | DEMO: IPv6 Duplicate Address Detection (DAD) | | DEMO: IPv6 DAD Denial of Services (DOS) | | DEMO: IPv6 Fake Router Advertisement | | DEMO: IPv6 Man-in-the-middle | | IPv6 Attack Mitigation Strategies | | IPv6 Tunneling | | IPv6 Windows Teredo Tunneling | | IPv6 Tunneling Mitigation Strategies | | IPv6 Best Practices |
|
|
|
| RAMP — A Leader's Dashboard for Compliance | Skill Level: Basic | | | + Description | | | This hour-long webinar recorded on July 24, 2020 features National Defense University Professor Roxanne Everetts discussing some key leadership decisions around using Federal Risk and Authorization Management Program (FedRAMP) solutions. FedRAMP is a unique government cloud — it is a combination of cloud security, cybersecurity, and risk management.
Key topics covered:
- Overview of FedRAMP and why Federal agencies use FedRAMP. (Hint: It's the law!)
- Discuss knowledge key leaders need for cloud solutions, including: FedRAMP structure, how it helps, and how agencies can leverage it.
- Overview of the FedRAMP governing bodies.
- The roles of Cloud Service Providers (CSPs) and Third-Party Assessment Organizations (3PAOs) as FedRAMP participants.
- Agency responsibilities, which include ensuring they have an Authority to Operate (ATO) letter on file with the FedRAMP Program Management Office (PMO).
- Overview of the FedRAMP Security Framework (SAF), based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37.
- Using the FedRAMP Marketplace to find services that meet agency needs. Any service listed in the Marketplace meets federal security requirements and has already been authorized.
Date: July 24, 2020
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
| Cybersecurity Management |
Information Systems Security Manager |
| Executive Cyber Leadership |
Executive Cyber Leadership |
| Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
| Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
|
| Operate and Maintain |
| Network Services |
Network Operations Specialist |
| Systems Administration |
System Administrator |
| Systems Analysis |
Systems Security Analyst |
|
| Securely Provision |
| Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
| Systems Architecture |
Enterprise Architect, Security Architect |
| Systems Requirement Planning |
Systems Requirements Planner |
|
|
| |
|
| Foundations of Cybersecurity for Managers 2 Hours | Skill Level: Basic | | | + Description | | | The Foundations of Cybersecurity for Managers (FCSM) course is designed for managers and other stakeholders who may be involved in decision making that would include considerations for security in a cyber environment but do not have a strong technical background. Discussions focus on cybersecurity concepts and methodologies that are part of building a resilient cyber enterprise. The course aims to help the learner better understand how people and technology work together to protect mission critical assets, and the frameworks leveraged to assess and apply security controls. Beginning with governance, laws and regulations, the course progresses into threats to the environment and identifying corresponding controls and countermeasures, concluding with strategies for business continuity.
Learning Objectives:
- Know key concepts of cybersecurity and its relation to the business mission
- Recall risk management strategies and related frameworks
- Identify how cloud services are leveraged and pros and cons of doing so
- Describe common threats, threat actor types, and mitigation techniques
Date: 2020
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manage |
| Oversee and Govern |
Program/Project Management (PMA) and Acquisition |
Program Manager |
|
| | + Course Modules/Units | | | | Cybersecurity Introduction | | Cybersecurity Workforce | | Cybersecurity Governance | | Cybersecurity Guidance Resources | | Laws and Cybersecurity | | Common Cyber Threats | | Threat Actors | | Cybersecurity and Mobile Devices | | Security Controls | | Security Tools and Measures | | Introduction to Cloud Computing | | Cloud Architectures and Deployment Models | | Cloud Threats and Attacks | | Cloud Security | | Risk Management Overview | | Incident Response and Digital Evidence Types | | Risk and Planning Strategies | | Foundations of Cybersecurity for Managers Exam |
|
|
|
| Foundations of Incident Management 10.5 Hours | Skill Level: Basic | | | + Description | | | This course provides an introduction to the basic concepts and functions of incident management. The course addresses where incident management activities fit in the information assurance or information security ecosystem and covers the key steps in the incident handling lifecycle with practices to enable a resilient incident management capability.
Learning Objectives:
- Explain the role of incident management
- Distinguish between incident management and incident handling
- Outline the incident handling lifecycle
- Identify key preparations to be established to facilitate incident handling
- Distinguish between triage and analysis
- Identify the basic steps in response
Training Purpose: Functional Development
Specialty Areas: Computer Network Defense Analysis, Incident Response, Threat Analysis
Training Proficiency Area: Level 1 - Basic
Capture Date: 2015 |
| | + Course Modules/Units | | | | Foundations of Incident Management Course Intro | | Framing The Need For Incident Management | | Incident Management Terms and Processes | | Institutionalizing Incident Management Capabilities | | Stakeholders in Incident Management | | CERT and Other’s Perspective on Threats and Trends | | Incident Management Terminology | | Incident Management Attack Classes and Actors | | Incident Management Malware and DoS Examples | | Incident Management Prevention, Detection, and Response | | Incident Handling Lifecycle - Prepare | | Incident Handling Information | | Analyzing Attack Information | | Incident Management Monitoring Tools | | Incident Management Detection Process | | Process to Support Incident Detection and Reporting | | What is Situational Awareness? | | Non Technical Elements of Situational Awareness | | Technical Elements of Situational Awareness | | Using Sensors for Requirements Gathering | | Incident Handling Lifecycle: Analysis | | Incident Handling Lifecycle: Triage | | Questions Addressed in Triage | | Objectives of Incident Analysis | | Tasks of Incident Analysis Part 1 of 2 | | Tasks of Incident Analysis Part 2 of 2 | | Data Sources for Analysis | | Examples of Data Sources for Analysis | | Incident Analysis Exercise Scenario | | Preparing For Impact Analysis | | Conducting Impact Analysis | | Response and Recovery Part 1 of 2 | | Response and Recovery Part 2 of 2 | | Mission of the Response Process | | Coordinating Response Part 1 of 2 | | Coordinating Response Part 2 of 2 | | Sample Attack Mitigations | | Benefits and Motivations of Information Sharing | | Methods of Information Sharing | | Data Models for Information Sharing | | STIX/TAXII Protocol | | Foundations of Incident Handling Course Summary | | Foundations of Incident Management Course Exam |
|
|
|
| Fundamentals of Cyber Risk Management 6 Hours | Skill Level: Basic | | | + Description | | | Fundamentals of Cyber Risk Management covers key concepts, issues, and considerations for managing risk. Discussions include identifying critical assets and operations, risk assessment and analysis methodologies, risk management frameworks, and how to determine threats to your business function, mitigation strategies, and response and recovery
Learning objectives:
- Describe key concepts related to cyber risk management
- Detail risk assessment and analysis methodologies and frameworks
- Identify security controls and countermeasures to mitigate risks and support response and recovery
Training Purpose: Skill Development
Training Proficiency Level: Level 1 - Basic
Specialty Areas:
Oversee and Govern: Cybersecurity Management
Securely Provision: Risk Management
Protect and Defend: Incident Response
|
| | + Course Modules/Units | | | | Fundamentals of Cyber Risk Management Course Introduction | | Risk Management Overview | | Standards for Risk Management | | OCTAVE | | CERT Resilience Management Model Overview | | Critical Assets and Operations | | Threat Overview | | Vulnerabilities | | Threat Scenarios | | Risk and Impact Analysis | | Considerations for Responding to Risks | | Risk Mitigation Strategies | | Control Methods and Types of Security Controls | | Administrative Controls | | Selecting Security Controls | | Security Control Assessment | | Mitigation Strategy and Maintenance | | Security Testing and Assessments | | Incident Response Terms and Life Cycle | | Incident Response Phase 1 of 6 - Preparation | | Incident Response Phase 2 of 6 – Detection and Analysis | | Incident Response Phase 3 of 6 – Containment | | Incident Response Phases 4-5 of 6 – Eradication and Recovery | | Incident Response Phase 6 of 6 – Lessons Learned | | Business Continuity Plans and Procedures | | Disaster Recovery Plans and Procedures | | Fundamentals of Cyber Risk Management Exam |
|
|
|
| Introduction to Computer Forensics 1.5 Hours | Skill Level: Basic | | | + Description | | | The Introduction to Computer Forensics course introduces the tasks, processes, and technologies to identify, collect and preserve, and analyze data so that it can be used in a judiciary setting. The course begins with obtaining and imaging data and then describes each step in following the forensic process.
Key topics covered:
- Explain the importance and the processes necessary to handle data to ensure its admissibility in a court of law.
- List steps in the computer forensics process and goals for each step.
Date: 2020
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
|
| | + Course Modules/Units | | | | Computer Forensics - Introduction | | Computer Forensics - The Process | | Computer Forensics - Following the Process – On-Site | | Computer Forensics - Following the Process – On-Site - Encryption | | Computer Forensics - Following the Process – On-Site - Memory | | Computer Forensics - Following the Process – On-Site - Verification | | Computer Forensics - Following the Process – Analysis | | Computer Forensics - Following the Process – Report Findings | | Computer Forensics - Following the Process – Data Preservation | | Computer Forensics - Laws | | Computer Forensics - Summary | | Computer Forensics - Questions |
|
|
|
| Insider Threat Analysis 6 Hours | Skill Level: Advanced | | | + Description | | | The Insider Threat Analysis: Implementation and Operation course is designed to help insider threat analysts understand the nature and structure of data that can be used to prevent, detect, and respond to insider threats. Students will learn how to work with data from multiple sources to develop indicators of potential insider activity, as well as strategies for developing and implementing an insider threat analysis and response. Learners will also understand the workflow that incorporates expertise and capabilities from across an organization.
Learning Objectives:
- Work with raw data to identify concerning behaviors and activity of potential insiders
- Identify the technical requirements for accessing data for insider threat analysis
- Develop insider threat indicators that fuse data from multiple sources
- Apply advanced analytics for identifying insider anomalies
- Measure the effectiveness of insider threat indicators and anomaly detection methods
- Navigate the insider threat tool landscape
- Describe the policies, practices, and procedures needed for an insider threat analysis process
- Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process
Date: 2020
Training Proficiency Area: Level 3 - Advanced
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Protect and Defend |
Vulnerability and Assessment Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Insider Threat Analysis Introduction | | Insider Threat Hub Overview | | Hub Roles and Responsibilities Part 1 of 2 | | Hub Roles and Responsibilities Part 2 of 2 | | Hub Management and Operations | | Non-Technical Data Sources Part 1 of 2 | | Non-Technical Data Sources Part 2 of 2 | | Technical Data Sources | | A Closer Look at Logs | | Data Source Prioritization | | Indicator Development | | Example Analytics | | Sequence and Model Development | | Insider Threat Anomaly Detection Part 1 of 2 | | Insider Threat Anomaly Detection Part 2 of 2 | | Data Correlation and Entity Resolution Part 1 of 2 | | Data Correlation and Entity Resolution Part 2 of 2 | | Insider Threat Tools | | Insider Threat Mitigation Tools | | Meas. Insider Threat Control Efficacy Part 1 of 2 | | Meas. Insider Threat Control Efficacy Part 2 of 2 | | Incident Threat Analysis Process | | Analyst Workflow | | Conducting Analysis | | Cognitive Bias | | Incident Response | | Where Incident Response Fits | | Incident Response Options | | InTP Incident Response Plans | | Insider Threat Ansys Wrap-Up |
|
|
|
| ider Threat Program Manager: Implementation and Operations - 7 Hours | Skill Level: Intermediate | | | + Description | | | The Insider Threat Program Manager course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods to develop, implement, and operate program components. The content covered supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance.
Learning Objectives:
- Identify critical assets and protection schemes
- Coordinate a cross-organizational team to help develop and implement the Insider Threat Program
- Develop a framework for the Insider Threat Program
- Identify methods to gain management support and sponsorship
- Plan the implementation for their Insider Threat Program
- Identify organizational policies and processes that require enhancement to accommodate insider threat components
- Identify data sources and priorities for data collection
- Identify infrastructure changes and enhancements necessary for implementing and supporting an Insider Threat Program
- Outline operational considerations and requirements needed to implement the program
- Build policies and processes to help hire the right staff and develop an organizational culture of security
- Improve organizational security awareness training
- Identify training competencies for insider threat team staff
Date: 2020
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Management Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
|
| | + Course Modules/Units | | | | Insider Threat Program Manager Intro | | Principles of Insider Risk Management | | Activities of an Enterprise Risk Mgmt Process | | Controls and Safeguards of Insider Risk Management | | Mitigation Strategies for Insider Risk Management | | Concepts of Initial Planning for an InTP | | Stakeholder Planning and Engagement | | Identify Your Starting Point | | Insider Threat Program Governance | | Roles and Responsibilities in InTP Governance | | Insider Threat Program Governance Challenges | | Building the Insider Threat Program Plan | | Developing a Phased Implementation | | Implementation Options for Insider Threat Program | | Building Your Program with Compliance in Mind | | InTP Placement in Organization | | Naming the InTP | | Developing an InTP in a Classified Environment | | Building the InTP Team | | InTP Team Size | | Key Roles Within the InTP Team | | Insider Threat Hub Operations | | Insider Threat Hub Staffing | | Data Sources Part 1 of 2 | | Data Sources Part 2 of 2 | | Selecting Data Sources | | Using Data Sources | | Protecting Data Sources | | Tools for InTP Teams | | Hub Building Considerations | | Managing Insider Investigations and Incidents | | Considerations: Investigations and Incidents | | Insider Threat Incidents | | Insider Threat Training and Awareness | | General Employee Training and Awareness | | InTP Team and Working Group Training | | Customized Role-Based Training | | Classified Systems and Data Training | | Management and Supervisor Training | | Problems and Considerations | | Measuring Insider Threat Program Effectiveness | | Different Metrics for Different Audiences | | Return on Investment (ROI) | | Making Measurements: Assessments and Evaluations | | Unintended Consequences of InTPs | | Potential Negative Impacts from InTP Activities | | Achieving Balance Using Positive Incentives | | Creating the Proper Culture: Policy and Practice | | InTP Maintenance Part 1 of 3 | | InTP Maintenance Part 2 of 3 | | InTP Maintenance Part 3 of 3 | | Insider Threat Program Manager Wrap-Up |
|
|
|
| Introduction to Cyber Intelligence 2 Hours | Skill Level: Basic | | | + Description | | | Cyber intelligence is a phrase often used, but interpreted in different ways by government agencies, private companies, and the general public. For the purpose of this course, cyber intelligence is acquiring, processing, analyzing and disseminating information that identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making. Students are introduced to the current threat landscape and the importance of cyber intelligence. Students learn how cyber intelligence differs from cyber security and cyber threat intelligence. The course provides an introduction into a Cyber Intelligence Conceptual Framework and explores intelligence tradecraft fundamentals from information gathering, data validation, analysis and communication. Students learn structured analytical techniques, estimative writing and briefing within a cyber intelligence construct.
Learning Objectives:
- Discuss the threat and data landscape
- Apply traditional intelligence tradecraft to the Cyber Domain
- Define and describe a Cyber Intelligence Framework involving Human-Machine Teaming
- Describe structured analytical techniques and biases
- Communicate analytic findings effectively and recommend courses of action to practitioners and decision makers
NICCS Specialty Areas:
|
| | + Course Modules/Units | | | | What is Cyber Intelligence? | | Cyber Intelligence - Why Should You Care? | | Cyber Intelligence - Skills, Traits, Competencies | | Cyber Intelligence - Conceptual Framework | | Environmental Context | | Data Gathering | | Threat Analysis | | Strategic Analysis | | Reporting and Feedback | | Human and Machine Teaming | | The Art and Science of Cyber Intelligence | | Cognitive Biases | | Logical Fallacies | | Analytical Acumen - The Science | | Analytic Methodologies - Diagnostic Technique | | DC Sniper: Beltway Attacks | | Analytical Methodologies - Contrarian Technique | | Analytical Methodologies - Imaginative Technique | | Analytical Methodologies - Network Analysis | | Analytical Methodologies - ACH | | Analytical Methodology – Systems Dynamics Modeling | | Intelligence Writing - Why It Matters | | Estimative Language | | Briefing Tips | | Intro to Cyber Intelligence Quiz |
|
|
|
| Introduction to Threat Hunting Teams 1.5 hours | Skill Level: Basic | | | + Description | | | This course provides basic definitions, activities, and examples of teams hunting threats in the cyber domain. The course addresses the differences between hunting team activities and those of incident management teams or penetration testing teams. The content covers how hunting teams establish goals, methods used by threat hunting teams, and sources available to help read and interpret the threat landscape.
Training Purpose: Skill development
Specialty Areas: Computer Network Defense Analysis, Threat Analysis, Vulnerability Assessment and Management
Training Proficiency Area: Level 1 - Basic
Capture Date: 2016 |
| | + Course Modules/Units | | | | Defining Threat Hunting | | Examples and Goals of Threat Hunting | | Differences Between Hunt Teams and Other Cyber Teams | | Threat Landscape | | Types of Threat Modeling | | Hunting Methods on Networks | | Teaming and Automation Example | | Threat Hunting Teams Course Exam |
|
|
|
| Introduction to Investigation of Digital Assets 4 Hours | Skill Level: Basic | | | + Description | | | This course is designed for technical staff who are new to the area of Digital Media Analysis and Investigations. It provides an overview of the digital investigation process and key activities performed throughout the process.
Training Purpose: Skill development
Specialty Areas: Digital Forensics, Cyber Investigation
Training Proficiency Area: Level 1 - Basic
Capture Date: 2012 |
| | + Course Modules/Units | | | | Investigations of Digital Assets | | Exercise Setup | | Exercise Debrief | | What is an Investigation with Digital Assets? | | Digital Investigation Process | | Preparation Phase | | Data Collection Phase | | Data Analysis Phase | | Findings Presentation Phase | | Incident Closure Phase | | Digital Investigation Process Summary | | Introduction to Artifact Analysis | | Artifact Analysis Capabilities | | Artifact Analysis Process | | Surface and Comparative Analysis Process | | Surface and Comparative Analysis Process-Continued | | Runtime Analysis Process | | Static Analysis Process | | Sample Analysis: Runtime | | Sample Analysis: Static | | Malware Analysis Summary | | Analysis Exercise |
|
|
|
| Introduction to Windows Scripting 4 Hours | Skill Level: Basic | | | + Description | | | This course focusses on writing scripts for the Microsoft Windows operating system. It covers fundamentals and syntax for automating administrative and security monitoring tasks. The course will present the basics of Windows BATCH scripting syntax and structure, along with several Windows command line utilities to harness the powerful capabilities built into Windows.
Training Purpose: Functional Development
Specialty Areas: Network Services, System Administration, Systems Security Analysis
Training Proficiency Area: Level 1 - Basic
Capture Date: 2015 |
| | + Course Modules/Units | | | | Scripting Basics Overview | | Windows BATCH Scripting Basics | | Windows BATCH Scripting_Variables | | Windows BATCH Scripting_Loops | | Windows BATCH Scripting_Functions | | Windows Script Error Handling and Troubleshooting | | Windows Script Best Practices and Examples | | Windows Scripting Demo | | Scripting for Penetration Testing | | Windows Scripting Utilities_xcopy | | Windows Scripting Utilities_findstr | | Windows Scripting Utilities_net Commands | | xcopy Examples Demo | | WMI and WMIC | | PowerShell Commands | | PSExec | | Windows Management Instrumentation Demo | | Intro to Windows BATCH Quiz |
|
|
|
| IPv6 Security Essentials Course 5 Hours | Skill Level: Advanced | | | + Description | | | This Internet Protocol version 6 (IPv6) Security Essentials course begins with a primer of IPv6 addressing and its current deployment state, discusses Internet Control Manager Protocol version 6 (ICMPv6), Dynamic Host Configuration Protocol version 6 (DHCPv6), and Domain Name System version 6 (DNSv6), and concludes with IPv6 Transition Mechanisms, security concerns and management strategies. This course includes several reinforcing video demonstrations, as well as a final knowledge assessment.
Training Purpose: Skill development
Specialty Area(s): Enterprise Architecture, Network Services, System Administration, Computer Network Defense Infrastructure Support, Systems Security Analysis
Training Proficiency Level: Level 3 - Advanced
Capture Date: 2015 |
| | + Course Modules/Units | | | | IPv6 Introduction | | IPv6 Adoption | | DEMO: IPv6 Network Reconnaissance | | IPv6 Addressing Part 1 of 2 | | IPv6 Addressing Part 2 of 2 | | IPv6 Packet Header | | DEMO: IPv6 Header Analysis | | ICMPv6 | | IPv6 Address Assignment | | DEMO: IPv6 Address Assignment | | IPv6 Web Browsing | | IPv6 Transition Mechanisms Part 1 of 2 | | IPv6 Transition Mechanisms Part 2 of 2 | | DEMO: IPv6 Tunneling | | IPv6 Security Concerns | | DEMO: IPv6 Network Mapping | | IPv6 Security Mitigation Strategies | | DEMO: IPv6 Network Monitoring Tools | | IPv6 Ready | | IPv6 Security Essentials Key Takeaways | | DEMO: IPv4 and IPv6 Subnetting | | DEMO: IPv6 Addressing on Router Interfaces | | DEMO: Setting up RIP for IPv6 | | DEMO: Configuring OSPFv3 | | DEMO: IPv6 Alive Hosts | | DEMO: IPv6 Duplicate Address Detection (DAD) | | DEMO: IPv6 DAD Denial of Services (DOS) | | DEMO: IPv6 Fake Router Advertisement | | DEMO: IPv6 Man-in-the-middle | | IPv6 Security Essentials Quiz |
|
|
|
| ISACA Certified Information Security Manager (CISM) Prep 11 Hours | Skill Level: Intermediate | | | + Description | | | The ISACA Certified Information Security Manager (CISM) certification prep self-study resource helps prepare candidates to sit for the management-focused CISM exam, and strengthens students information security management expertise through in-depth lecture topics, reinforcing demonstrations, and practice exam. The course includes concepts from the four job practice areas of the 2017 CISM certification: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.
Learning Objectives:
- Explain how information security governance and supporting processes are used to align security strategy with organizational goals and objectives.
- Detail strategies to manage risk to an acceptable level in support of organization goals and objectives.
- Describe the information security program's role in the organization's security posture by managing and protecting assets while supporting goals.
- Detail means to minimize the impact to operations in the event of a security incident through establishing detection, response and recovery capabilities.
Training Purpose: Skill Development
NICCS Specialty Areas:
- Cybersecurity Management (Oversee and Govern)
- Systems Analysis (Operate and Maintain)
- Program/Project Management and Acquisition (Oversee and Govern)
- Vulnerability Assessment and Management (Protect and Defend)
Training Proficiency Area: Level 2- Intermediate |
| | + Course Modules/Units | | | | CISM Course Introduction | | IS Governance Domain Overview | | Information Security (IS) Management | | Importance of IS Governance Part 1 of 2 | | Importance of IS Governance Part 2 of 2 | | IS Management Metrics | | ISM Strategy Part 1 of 2 | | ISM Strategy Part 2 of 2 | | Elements of IS Strategy | | IS Action Plan for Strategy | | DEMO: Key Goal, Risk, Performance Indicator | | Risk Management Overview and Concepts | | Risk Management Implementation | | Risk Assessment: Models and Analysis | | DEMO: Calculating Total Cost of Ownership | | DEMO: Recovery Time Objective (RTO) | | Compliance Enforcement | | Risk Analysis: Threat Analysis | | IS Controls and Countermeasures | | Other Risk Management Considerations Part 1 of 2 | | Other Risk Management Considerations Part 2 of 2 | | DEMO: Cost Benefit Analysis | | Information Security Program Development | | Information Security Program Management | | Outcomes of Effective Management | | IS Security Program Development Concepts | | Scope and Charter of IS Program Development | | IS Management Framework | | IS Framework Components | | IS Program Roadmap | | Organizational Roles and Responsibilities | | Information Security Manager Responsibilities | | Other Roles and Responsibilities in IS | | Information Security Program Resources | | IS Personnel Roles and Responsibilities | | IS Program Implementation Part 1 of 2 | | IS Program Implementation Part 2 of 2 | | Implementing IS Security Management Part 1 of 2 | | Implementing IS Security Management Part 2 of 2 | | Measuring IS Management Performance | | Common Challenges to IS Management | | Determining the State of IS Management | | Incident Management and Response | | Incident Management Part 1 of 2 | | Incident Management Part 2 of 2 | | IMT IRT Members | | Incident Response Planning Part 1 of 2 | | Incident Response Planning Part 2 of 2 | | DEMO: Phishing Emails | | DEMO: Incident Management Workflow | | Recovery Planning Part 1 of 2 | | Recovery Planning Part 2 of 2 | | DEMO: RTIR Incident Response Tool Part 1 of 2 | | DEMO: RTIR Incident Response Tool Part 2 of 2 | | CISM Practice Exam |
|
|
|
| (ISC)2 (TM) CAP Certification Prep Self Study 2014 11 Hours | Skill Level: Intermediate | | | + Description | | | This certification prep course is designed to help prepare students for the Information Security Certification (ISC)2 Certified Authorization Professional (CAP) certification exam as well as strengthen their knowledge and skills in the process of authorizing and maintaining information systems. Topics include understanding the Risk Management Framework (RMF), selection, implementation, and monitoring of security controls as well as the categorization of information systems. The course includes a practice exam.
Training Purpose: Skill development
Specialty Areas: Cybersecurity Management, Cyber Defense Infrastructure Support, Vulnerability Assessment and Management
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2014 |
| | + Course Modules/Units | | | | CAP Course Introduction | | Risk Management Approach to Security Authorization | | Risk Management Framework Steps | | Risk Management Framework Phases | | RMF Roles and Responsibilities | | Organization Wide Risk Management | | Managing Risk | | Assessor Independence and External Environments | | System Development Life Cycle | | Alignment of RMF with SDLC Review | | RMF Legal and Regulatory Requirements | | NIST Publications | | Continuous Monitoring Strategies | | RMF Guidance Review | | Defining Categorization | | Categorization Examples | | Categorization Process | | Security Plans and Registration | | Categorize | | Selection Step Tasks | | Selection Step Definitions | | Security Controls Guidance | | Privacy and Security Controls | | Control Selection and Supplemental Guidance | | Tailoring Security Controls | | Control Assurance and Monitoring | | Control Assurance and Monitoring - Continued | | Select | | Implementing Security Controls Overview | | Integrating Implementation | | Implement | | Preparing for Control Assessments | | Conducting Control Assessments | | Security Assessment Report | | Remediation Actions and Process Review | | Assess | | Authorization Documentation | | Risk Determination and Acceptance Part 1 of 3 | | Risk Determination and Acceptance Part 2 of 3 | | Risk Determination and Acceptance Part 3 of 3 | | Authorization Decisions | | Prioritized Risk Mitigation and Authorization Review | | Authorize | | Assessments and Configuration Management | | Ongoing Security Control Assessments | | Monitor | | CAP Certification Prep Practice Exam |
|
|
|
| (ISC)2 (TM) CISSP (R) Certification Prep 2018 22.5 Hours | Skill Level: Advanced | | | + Description | | | The (ISC)2 Certified Information Systems Security Professional (CISSP) certification self-study prep course is a resource for individuals preparing for the CISSP certification exam or expanding their knowledge in the information security field. The course reflects the 2018 published CISSP exam objectives and the eight domains upon which the exam is based. This course includes reinforcing video demonstrations and a final practice exam.
Learning Objectives:
- Explain and apply concepts to design, implement, and manage secure cyber operations
- Develop, document, and implement security policy, standards, procedures, and guidelines
- Apply risk management concepts
NICCS Specialty Areas:
- Cyber Operations
- Strategic Planning and Policy
- Systems Architecture
Training Purpose: Management Development
Training Proficiency Area Level 3 - Advanced |
| | + Course Modules/Units | | | | CISSP Course Introduction | | Security and Risk Management Concepts | | Regulatory Compliance and Frameworks | | Organizational Privacy Responsibilities | | Acquisition Strategies | | Computer Crime and Incident Response | | International Laws Pertaining to Security | | Legal Regulations and Privacy | | (ISC)2 Code of Ethics and Ethic Bases | | Legal Regulations and Ethics | | Policy and Components Overview | | BC and DR Initiation and Management | | BCP Business Impact Analysis | | Vendor Management | | System Threats and Countermeasures | | Risk Assessment and Countermeasures | | Access Control Types | | RMF Security Control Assessment Process | | Conducting Security Control Assessments | | Security Assessment Report | | Asset Valuation | | Threat Modeling and Reduction Analysis | | Security Awareness and Training | | DEMO: Security Policy Review | | Data Classification | | Data Ownership and Retention | | Privacy Protection and Data Governance | | Security Control Application and Tailoring | | Security Control Selection | | Data Protection Method (DLP) | | Secure Design Principles | | Secure Design Standards and Models | | Database System | | Key Crypto Concepts and Definitions | | Securing ICS and SCADA Systems | | Industrial Control System Security | | DEMO: SCADA Honeynet | | Cloud Computing | | Cloud Computing Security Issues | | Distributed Systems | | Parallel and Distributed Systems Security Issues | | Internet of Things | | Assess and Mitigate Vulnerabilities in Mobile Systems | | Cryptographic Lifecycle | | Cryptographic Methods | | Symmetric Ciphers | | Asymmetric Ciphers | | Public Key Infrastructure (PKI) | | Key Management Practices | | Digital Signatures | | Hashes and Other Integrity Controls | | Salting Hashes | | Methods of Cryptanalytic Attacks | | Digital Rights Management | | Site and Facility Design Criteria | | Physical Security Controls | | Physical and Environmental Threats | | OSI and TCP/IP Models | | Telecom and NW Security Layer 1 | | Telecom and NW Security Layer 2 | | Telecom and NW Security Layer 3 | | Telecom and NW Security Layer 4 and 5 | | Telecom and NW Security Layer 6 and 7 | | Multilayer and Converged Protocols | | Mobile and Wireless Security | | Content Distribution Networks | | Implementing and Using Remote Access | | Virtualization | | Access Control Technologies | | Access Control Types | | Access Control System Strategies | | Building Access Control | | Operations Area Access Control | | Credential Management Systems | | Third-Party Identification Service | | Cloud Identity | | Data Authorization Mechanisms | | Rule-Based Access Control | | Audit and Assurance Mechanisms | | Synthetic Transactions | | Code Review and Testing | | Misuse Case Testing | | Test Coverage Analysis | | Interface Testing | | Security Audits and Agreements | | Digital Investigation and Evidence Analysis | | Legal System Investigation Types | | Electronic Discovery | | Intrusion Detection and Prevention | | Continuous Monitoring | | Egress Monitoring | | Security Operations Concepts | | Security Operations Incident Management | | Managing Security Services Effectively | | DEMO: Whitelisting and Blacklisting | | Security Operations Resource Protection | | Disaster Recovery Strategy | | Maintaining Operational Resilience | | Managing Recovery Communications | | Test Disaster Recovery Plans (DRP) | | Security Education Training and Awareness | | Perimeter Security | | Perimeter Intrusion Detection | | Biometrics and Authentication Accountability | | Personnel Privacy and Safety | | DEMO: Intro to Dshell Toolkit | | SDLC Phases | | Software Development Models | | System Security Protections and Controls | | Agile Development Models | | Maturity Models | | Integrated Product Teams | | Security Environment and Controls | | SW Development Security and Malware | | Impact of Acquired Software | | DEMO: Automated Code Review | | CISSP Practice Exam |
|
|
|
| (ISC)2 (TM) CISSP Concentration: ISSEP Prep 7 Hours | Skill Level: Advanced | | | + Description | | | The Information Systems Security Engineering Professional (ISSEP) is a CISSP concentration focused on applying security and systems engineering principles into business functions. This self-study prep course is designed to help students prepare to sit for the specialized (ISSEP) certification exam. The topics in the course cover the five domain areas of the CISSP-ISSEP.
Learning Objectives:
- Incorporate security into business processes and information systems
- Demonstrate subject matter expertise in security engineering
- Apply engineering principles into business functions
NICCS Specialty Areas:
- Collect and Operation
- Cyber Operation Planning
- Operate and Maintain
- Systems Analysis
- Oversee and Govern
- Cybersecurity Management
Training Purpose Skill Development
Training Proficiency Area Level 3 - Advanced |
| | + Course Modules/Units | | | | ISSEP Course Introduction | | ISSE Responsibilities and Principles | | ISSE and IATF | | Security Design Principles | | Elements of Defense in Depth | | RMF Characteristics | | Maintaining Operational Resilience | | Risk Management Overview | | Assessing Risk Part 1 of 2 | | Assessing Risk Part 2 of 2 | | Determining Risks | | Categorizing Information Systems | | Stakeholder Roles and Responsibilities | | Requirements Analysis | | Using Common and Tailored Controls | | Assessing Security Controls | | Implementing Security Controls | | Authorizing Information Systems | | Systems Verification and Validation | | Monitor, Manage, and Decommissioning | | Defense Acquisition System Overview | | Acquisitions Process | | System Development Process Models | | Project Processes | | Project Management | | ISSEP Practice Exam |
|
|
|
| (ISC)2 (TM) CISSP:ISSMP Prep 2018 12.5 Hours | Skill Level: Advanced | | | + Description | | | The Information Systems Security Management Professional (ISSMP) concentration of the CISSP certification is intended for individuals with strong management and leadership skills and interested in focusing on establishing, presenting, and governing information security programs. This self-study prep course reviews the six common body of knowledge domains for the CISSP-ISSMP certification exam.
Learning Objectives:
- Demonstrate ability to apply leadership and management skills to manage an organization information security program.
- Apply the security lifecycle management processes and principles into the system development lifecycles.
- Application of contingency management practices to plan and implement processes to reduce the impact of adverse events.
NICCS Specialty Areas:
- Oversee and Govern
- Cybersecurity Management
- Strategic Planning and Policy
- Executive Cyber Leadership
Training Purpose Management Development
Training Proficiency Area Level 3 - Advanced
Capture Date: 2018
|
| | + Course Modules/Units | | | | ISSMP Course Introduction | | Security’s Role - Culture, Vision and Mission | | Security’s Role – Management, Support and Commitment | | Security’s Role – Board of Dir, Steering Committee | | Security Role – IT, HR and Legal | | Security’s Role – Strategic Alignment | | IS Governance Defined | | IS Governance Goals Part 1 of 2 | | IS Governance Goals Part 2 of 2 | | Importance of IS Governance | | Information Security Strategies | | Data Classification and Privacy | | Threats to Data Privacy | | Data Classification and Privacy Implementations | | Security Policy Framework and Lifecycle | | Security Requirements in Contracts and Agreements | | Security Awareness and Training Programs | | Managing the Security Organization | | Security Metrics | | Security Metrics Indicators | | Integrating Project Management with SDLC | | System Development Life Cycle (SDLC) | | Systems Engineering (CMM) | | Vulnerability Management and Security Controls | | Service Oriented Architecture Controls | | Oversee System Security Testing | | Managing Change Control | | Risk Management | | Risk Management – Threats and Vulnerabilities | | Risk Management – Risk Assessments | | Calculating Risks | | Mitigating Risks | | Cyber Threat Intelligence | | Detection of Attack Sources | | Discovery Challenges and Escalation | | DEMO: Escalating Event to Incident | | Common Attack Vectors | | Root Cause and Investigation | | Incident Management Concepts | | Incident Management Process | | Incident Management Classification | | Financial Impact of Incidents | | Investigation and Forensic Evidence | | Investigations, IH and Response | | DEMO: Ditigal Forensics Investigation | | Security Compliance Frameworks | | Auditing Introduction and Preparation | | Evidence Reporting and Auditors | | Exception Management | | Continuity and Disaster Recovery Planning | | Understanding the Business | | Insurance | | Critical Processes Recovery Objectives | | Recovery Obligation Considerations | | BCM Site and IT Strategies | | Personnel and Recommended Strategies | | Design and Testing BCP and COOP | | Implementing Continuity and Recovery Plans | | Intellectual Property and Licensing | | (ISC)2 Code of Ethics | | DEMO: Verification and Quality Control | | Audit Planning Process | | ISSMP Self Study Practice Exam |
|
|
|
| (ISC)2(TM) Systems Security Certified Practitioner 12 Hours | Skill Level: Basic | | | + Description | | | The (ISC)2 Systems Security Certified Practitioner (SSCP) certification self-study prep course is a resource for individuals preparing for the SSCP certification exam, helping to demonstrate their advanced technical skills and knowledge required to implement and administer infrastructure using security best practices, policies, and procedures.
Learning Objectives:
- Demonstrate knowledge of security operations and administration
- Implement risk monitoring, analysis, and mitigation strategies
- Develop and implement incident response and recovery plans
NICCS Specialty Areas:
Operate and Maintain
- Systems Analysis
- Systems Administration
Securely Provision
- Systems Requirements Planning
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Basic
Capture Date: 2018 |
| | + Course Modules/Units | | | | SSCP Introduction | | Authentication Methods | | Single Sign-On and Federated Access | | Attribute Based Access Control | | Device Authentication | | Trust Architectures | | Identity Management Lifecycle | | Implementing Access Controls | | (ISC)2 Code of Ethics | | Security Concepts and Controls | | Asset Management | | Security Control Implementation | | Assessing Physical Security | | Physical Security Defenses | | Administrative Controls | | Auditing | | System Development and Change Cycle | | Change Control and Patch Management | | Security Awareness and Training | | Risk Management | | Risk and Security Assessment | | Security Testing and Assessment | | Monitoring and Analysis | | Monitoring Employees | | Log Management | | Integrity Checking | | Testing and Analysis | | Auditing Methodologies | | Communicate Findings | | Continuous Monitoring and CAESARS | | Introduction to Continuous Monitoring | | Incident Handling, Response and Recovery | | Incident Handling Knowledge Areas Part 1 of 2 | | Incident Handling Knowledge Areas Part 2 of 2 | | Incident Handling Response | | Incident Handling Countermeasures | | DEMO: OpenVAS | | Forensics | | Business Continuity Planning | | Business Impact Analysis | | Backup and Recovery Strategies | | Redundancy and Storage | | Cryptography Terms | | Requirements for Cryptography Part 1 of 2 | | Requirements for Cryptography Part 2 of 2 | | Steganography | | Hashes, Parity and Checksum | | Secure Protocols and Cryptographic Methods | | Symmetric Cryptosystems | | Symmetric and Asymmetric Cryptosystems | | Public Key Infrastructure (PKI) | | Key Management | | Web of Trust | | Secure Protocols | | OSI and TCP/IP Models | | Network Topology | | Transmission Media | | TCP, UDP and Common Protocols | | ARP, DHCP and ICMP | | Routers and Routing Protocols | | Network Security Protocols | | SSCP Exam |
|
|
|
| LAN Security Using Switch Features 2 Hours | Skill Level: Intermediate | | | + Description | | | In this course, students learn different methods of how to secure Local Area Networks (LANs) at the connectivity level. Topics include: monitoring media access control (MAC) addresses and port security, limiting MAC & IP spoofing, controlling traffic flows, implementing and enhancing security in virtual local area netorks (VLANs), enabling authentication on connection points, and determining host security health. Examples are used throughout to reinforce concepts
Training Purpose: Skill Development
Specialty Areas: System Administration, Systems Security Analysis, Vulnerability Assessment and Management, Cyber Threat Analysis
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2010 |
| | + Course Modules/Units | | | | Introduction and MAC Address Monitoring | | MAC Address Spoofing | | Managing Traffic Flows | | VLANs and Security | | 802.1x Port Authentication | | Network Admission Control | | Securing STP | | Securing VLANs and VTP |
|
|
|
| eader's Approach to Assessment & Authorization (A&A) | Skill Level: Basic | | | + Description | | | This hour-long webinar recorded on July 31, 2020 features National Defense University Professor Mark Duke discussing some key leadership decisions when assessing and authorizing systems. The Assessment & Authorization (A&A) process is a comprehensive assessment of policies, technical and non-technical security components, and a system's technical controls followed by leadership agreement that the system meets adequate risk levels before the system is authorized to go into full production.
Key topics covered:
- Why do we have to do Assessment & Authorization?
- Roles & Responsibilities of Assessment & Authorization
- Seven Major Components of Assessment & Authorization
- Establishing Authorization Boundaries
- Assessment Scanning Tools
- The Role of Security Technical Implementation Guides (STIGs) as potential criteria for Assessment activities
Date: July 31, 2020
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
| Cybersecurity Management |
Information Systems Security Manager |
| Executive Cyber Leadership |
Executive Cyber Leadership |
| Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
| Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
|
| Securely Provision |
| Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
| Systems Requirement Planning |
Systems Requirements Planner |
| Systems Architecture |
Enterprise Architect, Security Architect |
|
|
| |
|
| Linux Operating System Security 9 Hours | Skill Level: Advanced | | | + Description | | | This course introduces students to the security features and tools available in Linux as well as the considerations, advantages, and disadvantages of using those features. The class will be based on Red Hat Linux and is designed for IT and security managers, and system administrators who want to increase their knowledge on configuring and hardening Linux from a security perspective.
Training Purpose: Skill Development
Specialty Areas: Vulnerability Assessment and Management, Systems Security Analysis, System Administration
Training Proficiency Area: Level 3 - Advanced Capture Date: 2013 |
| | + Course Modules/Units | | | | Linux OS Security Introduction | | Booting Linux | | Linux Recovery | | Linux Startup Scripts | | Linux Startup Processes | | Linux Runlevels Demo | | Chkconfig_and_Upstart Demo | | Linux Processes and Signals | | Linux Process Monitoring | | PS_and_Netstat Demo | | Linux PS and TOP Demo | | Working with Linux PIDs | | Linux File System Overview | | Linux File Security | | Linux File Access Controls | | File Integrity Demo | | Linux Kernel Tuning | | Linux Host Access Controls | | Linux User and Group Definition | | User Management | | Linux Privilege Escalation | | Sudoers Demo | | Linux Authentication Methods | | Linux Viruses and Worms | | Linux Trojan Horses | | Linux Rootkits | | Linux Misconfigurations | | Linux Software Vulnerabilities | | Linux Social Engineering | | Linux Automated Installation | | Managing Linux Packages | | Package Management Tools Demo | | Repositories and System Management | | Custom Repository Demo | | Linux IPv4 and IPv6 | | Linux Network Configuration | | Linux Tunneling | | Kernel Tuning Demo | | Linux X11 Forwarding | | Linux File Sharing | | Linux Grand Unified Bootloader (GRUB) | | Configuring GRUB Demo | | Security Enhanced Linux | | Introduction to IPTables | | IPTables Rules | | IPFilter | | Linux Packet Sniffers | | Linux NIDS | | Linux HIDS | | Linux Antivirus | | Linux Secure Shell | | Linux Log Management | | Linux Scripting Basics | | BASH Scripting Demo | | IF Statements | | Pipes and Redirection | | Variables and Regular Expressions | | Custom Scripting | | Linux Hardening | | NSA Hardening Guides | | National Vulnerability Database (NVD) | | Common Vulnerabilities and Exposures (CVE) | | Vulnerability Scanning | | Linux Operating System Security Quiz |
|
|
|
| Managing Computer Security Incident Response Teams (CSIRTs) 8.5 Hours | Skill Level: Intermediate | | | + Description | | | The Managing Computer Security Incident Response Team course provides insight into the type and nature of work the CSIRTs may be expected to handle. It will provide an overview of the incident response field, including the nature of incident response activities and an overview of the incident handling processes themselves. This course focuses on foundation material, staffing issues, incident management processes and other issues such as working with law enforcement, insider threat and publishing information.
Learning Objectives:
- Provide an overview of the incident response arena, the nature of incident response activities and incident handling processes
- Guide learners to understand technical issues from a management perspective, problems and pitfalls to avoid and best practices where applicable
- Emphasize the importance of CSIRT management pre-defined policies and procedures
- Discuss what is needed to operate an effective CSIRT
Date: 2020
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Management Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All Source Analysis |
Exploitation Analysis |
| Oversee and Govern |
Cybersecurity Management |
Executive Cyber Leadership |
|
| | + Course Modules/Units | | | | Managing CSIRTS Introduction | | CSIRT Management Issues | | CSIRT Environment Introduction Part 1 of 2 | | CSIRT Environment Introduction Part 2 of 2 | | Formalization of Incident Management | | The Incident Handling Process | | CSIRT Environment Terms | | The Incident Handling Roles and Responsibilities | | CSIRT Environment Summary | | CSIRT Environment Resources and Summary | | CSIRT Staffing | | How to Grow & Retain Staff | | CSIRT Code of Conduct Part 1 of 2 | | CSIRT Code of Conduct Part 2 of 2 | | Media Issues Part 1 of 2 | | Media Issues Part 2 of 2 | | Managing the CSIRT Infrastructure Components | | Data Security | | Physical Security | | Equipment for CSIRT Staff | | Network and Systems for CSIRT Staff | | CSIRT Tools | | Incident Management Processes Introduction | | IM Processes: Prepare, Sustain, and Improve | | IM Processes: Protect Infrastructure | | IM Processes: Detect | | Situational Awareness | | Network and System Monitoring | | Critical Information | | IM Process: Triage | | Triage Activities | | IM Process: Response | | Response Actions | | Response Process Issues | | Handling Major Events Part 1 of 2 | | Handling Major Events Part 2 of 2 | | Building a Crisis Communication Plan | | Publishing Information | | Publishing Document Types | | Information Sharing | | Publishing Information Summary | | General Guidance for Measuring and Evaluating | | Types of Evaluations | | Building a Quality Assurance Framework | | Issues to Consider in Your Framework | | Resources for Building an Assurance Framework | | What Is Insider Threat? | | Types of Insider Threat Activities | | Malicious Insider Activity Examples | | How Bad Is Insider Threat? | | CERT Insider Threat Research | | Insider Threat Mitigation | | Mitigation Security Controls and Practices | | Insider Threat Summary | | Working with Law Enforcement Part 1 of 2 | | Working with Law Enforcement Part 2 of 2 | | Managing CSIRTs Wrap-Up | | Video [CSIRTs Resource Overview] (required) |
|
|
|
| Measuring What Matters: Security Metrics Workshop 1.5 Hours | Skill Level: Basic | | | + Description | | | It is critical to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty and doubt (FUD) and the latest attack. The Measuring What Matters: Security Metrics Workshop, the student will learn how to refine a strategic or business objective that meets that S.M.A.R.T.E.R. criteria-Specific, Measurable, Achievable, Relevant, Time-bound, Evaluated, Reviewed-and can be used to initiate the Goal - Question - Indicator - Metric (GQIM) process.
Learning Objectives:
- Identify a core set of business goals, based on the business objective, to which the cybersecurity risk measurement program will be applied.
- Formulate one or more key questions for each business goal, and use them to help determine the extent to which the goal is being achieved.
- Identify one or more indicators for each business goal key question.
- Identify one or more metrics for each indicator that most directly inform the answer to one or more questions.
Date: 2020
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
| Securely Provision |
Risk Management |
Security Control Assessor |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
|
| | + Course Modules/Units | | | | Measuring What Matters Course Introduction | | Why Measure? | | Measurement Defined | | GQIM Overview | | Selecting Business Objectives | | Objectives to Goals | | Goals to Question | | Questions to Indicators | | Indicators to Metrics | | The Big Picture: Putting It All in Context | | Validate Current Questions or Metrics | | Getting Started with GQIM | | Appendix Cybersecurity Metrics Template | | GQIM Process Template |
|
|
|
| Mobile and Device Security (2015) 22 Hours | Skill Level: Basic | | | + Description | | | The Mobile and Device Security course introduces students to mobile devices, how they operate, and their security implications. This course includes topics such as signaling types, application stores, managing mobile devices, and emerging trends and security and privacy concerns with social media.
Training Purpose: Skill Development
Specialty Areas: Customer Service and Technical Support, Digital Forensics, Information Assurance Compliance, Information Systems Security Operations
Training Proficiency Area: Level 1 - Basic Capture Date: 2015 |
| | + Course Modules/Units | | | | Mobile Security Course Introduction | | Cellular Network Generations | | Network Standards Introduction | | CDMA TDMA and GSM Introduction | | GPRS Edge and UMTS Introduction | | Additional Network Standards | | Bluetooth and Wi-Fi | | Cellular Network Components | | Mobile Switching Center Database | | Authentication and Government Standards | | 4G LTE | | Mobile Device Components | | Mobile Device Operating Systems | | Android Customization | | Wireless Technology Introduction | | WiFi Standards | | Wi-Fi Standards : 802.11ac | | WiFi Types | | Wireless Fidelity Part 2 | | WiFi Channels and SSIDs | | WiFi Signals and Hardware | | Bluetooth | | WiMAX | | Additional Standards | | Near Field Communication | | Introduction to Threats | | Lost and Stolen Devices | | Additional Device-Level Threats | | Near Field Communications and Mobile Threats | | Application-Level Threats | | Rogue Applications | | Network-Level Threats | | Pineapple Router | | Malicious Hotspot | | Malicious Use Threats | | Mobile Hacking Tools | | Mobile Device Security Introduction | | Mobile Device Security Introduction Cont. | | Android Introduction | | Android Security | | Android Application Security | | Google Android OS Features | | Installing Antivirus | | iOS Security Model and Platform | | iOS Application Security | | Jailbreaking iOS | | iOS Application Security Cont. | | Apple iOS Update Part 1 of 2 | | Apple iOS Update Part 2 of 2 | | Windows Phone Security Model and Platform | | Windows Implementation and Application Security | | Windows Phone Update | | WiFi Security | | WiMax and Bluetooth | | Bluetooth Attack | | Protecting Data | | Encryption | | Android Encryption | | iOS Encryption | | Email Security | | Android and iOS Email Security | | Windows Email Security | | iOS Hardening | | iOS Hardening Cont | | Blackberry Hardening | | Android Hardening | | Android Hardening Cont. | | Windows Phone Hardening | | Windows Phone Password and Cookies | | Windows Phone Wi-Fi | | Windows Phone - Find, Wipe, and Backup | | Device Security Policies | | Exchange and BES | | Mobile Device Management | | Mobile Device Management Cont. | | McAfee Mobility Management | | Forensics Overview | | Forensics Role and Framework | | Device Identification | | Device Identification Cont. | | Network Data | | Network Data Cont. | | Preservation | | Preservation Cont. | | Acquisition | | Acquisition Cont. | | Device Specific Acquisition | | Hashing | | Hashing Cont. | | Analysis | | Archiving and Reporting | | Cellebrite | | Forensics Demonstration | | XRY/XACT | | Oxygen and CellXtract | | Paraben and MOBILedit! | | Additional Methods | | Subscriber Data | | Benefits of Social Media | | Risks of Social Media | | Liabilities Associated with Social Media | | Social Media Controls | | Emerging Trends | | Emerging Trends Cont. | | New Technologies in Mobile Devices | | Mobile Devices and the Cloud | | Mobile Security Course Quiz |
|
|
|
| Mobile Forensics 4 Hours | Skill Level: Advanced | | | + Description | | | This course provides an overview of mobile forensics, the branch of digital forensics that focusses on forensically sound extraction and analysis of evidence from mobile devices. Cell phone investigations has grown exponentially with data from mobile devices becoming crucial evidence in a wide array of incidents. The Mobile Forensics course begins highlighting details of the field and then focuses on the iOS architecture, concluding with data acquisition and analysis.
Learning objectives:
- Describe the impact of mobile devices on investigations
- Identify iOS device filesystem, operating system, and security architecture basics
- Explain acquisition and analysis tools and techniques for iOS devices
Training Purpose: Skill Development
Specialty Areas: Digital Forensics, Investigation
Training Proficiency Area: Level 3 - Advanced
Capture Date: 2017 |
| | + Course Modules/Units | | | | Introduction to Mobile Forensics | | Importance of Mobile Forensics | | Challenges of Mobile Forensics | | Handling and Preserving Evidence | | File System for iOS Devices | | Understanding the Basics of iOS | | Understanding iOS Security Architecture | | Mobile Forensics Tool Classification | | Data Acquisition Types | | iOS Jailbreaking | | Idenifying an iOS Device | | Physical Acquisition of iOS Devices | | iTunes Backup Acquisition | | Apple File Conduit Acquisition | | iTunes Backup Analysis | | iCloud Data Acquisition and Analysis | | Analyzing Data on iOS Devices | | Mobile Forensics Quiz |
|
|
|
| Network Layer 1 & 2 Troubleshooting 3 Hours | Skill Level: Basic | | | + Description | | | This course reviews troubleshooting methods used in Layer 1 and Layer 2 of the OSI Model. The course covers how to detect, trace, identify, and fix network connectivity issues at the Physical and Data Link layers of the OSI stack. The basics of the Physical and Data Link layers will be covered along with a review of the devices, signaling, and cabling which operate at these layers. Students will be presented with methods for tracing connectivity issues back to the source and identifying mitigation solutions.
Training Purpose: Functional Development
Specialty Areas: Network Services, System Administration, Customer Service and Technical Support, Systems Security Architecture
Training Proficiency Area: Level 1 - Basic
Capture Date: 2015 |
| | + Course Modules/Units | | | | Network Layer 1 and 2 Troubleshooting Introduction | | OSI Physical Layer 1 Overview | | Data Transmission Medium Cables and Connectors | | Patch Panels | | Fiber Optic Cables | | Encoding and Signaling Functions | | Network Components | | Physical Network Design/Topology | | Network Troubleshooting Methodology | | Common Layer 1 Issues Part 1 of 2 | | Common Layer 1 Issues Part 2 of 2 | | Layer 2 Data Link Layer Components Overview | | MAC Addresses/Logical Link Control | | Layer 2 Protocols | | Physical Network Design/Topology | | Network Troubleshooting Methodology Review | | Common Layer 2 Issues | | Layer 2 Troubleshooting Tools | | NW Layer 1 and 2 Troubleshooting exam |
|
|
|
| Offensive and Defensive Network Operations 13 Hours | Skill Level: Basic | | | + Description | | | This course focuses on fundamental concepts for offensive and defensive network operations. It covers how offensive and defensive cyber operations are conducted and details U.S. government doctrine for network operations. Topics include network attack planning, methodologies, and tactics and techniques used to plan for, detect, and defend against network attacks.
Learning Objectives
- Apply U.S. government network operations background and doctrine
- Describe offensive and defensive network operations
- Determine offensive network operation missions, planning, and exploitation phases and methodologies
- Derive defensive network operation missions, planning, and methods to detect and defend against network attacks and attackers' methods
Training Purpose: Functional Development
Specialty Areas: Computer Network Defense Analysis, Cyber Operations
Training Proficiency Area: Level 1 - Basic
Capture Date: 2015 |
| | + Course Modules/Units | | | | Cyberspace As A Domain | | Joint Publication 3-12(R), Cyberspace Operations Overview Part 1 of 3 | | Joint Publication 3-12(R), Cyberspace Operations Overview Part 2 of 3 | | Joint Publication 3-12(R), Cyberspace Operations Overview Part 3 of 3 | | Joint Communications Overview and Information Environment | | Joint Force Communication, System Operations, and Management Planning | | Legal Considerations for Cyber Operations Part 1 of 2 | | Legal Considerations for Cyber Operations Part 2 of 2 | | Adversaries in Cyberspace Part 1 of 3 | | Adversaries in Cyberspace Part 2 of 3 | | Adversaries in Cyberspace Part 3 of 3 | | Offensive Cyber Operations Background | | Offensive Cyberspace Operations Definitions | | Offensive Cyberspace Operations Planning and Legal Considerations | | Offensive Methodology Planning Examples 1 of 2 | | Offensive Methodology Planning Examples 2 of 2 | | Reconnaissance Methodology Overview | | Social Engineering for Reconnaissance | | Reconn with Automated Correlation Tools and Search Engines Part 1 of 2 | | Reconn with Automated Correlation Tools and Search Engines Part 2 of 2 | | Network Mapping for Active Reconnaissance | | Port Scanning for Active Reconnaissance | | Windows Enumeration Basics | | Linux Enumeration Basics | | Scanning and Enumerating with Nmap | | Exploitation using Direct Exploits and System Misconfiguration | | Exploitation with SET Example | | Exploitation | | Entrenchment | | Exploitation Basics | | Post-Exploitation | | Abuse and Attacks | | Defensive Cyberspace Operations (DCO) | | DCO Types of Operations | | DCO Operational Goals | | DCO Best Practices | | Defensive Methodology: Understanding the Threat | | Defensive Methodology: Tactics | | Defensive Methodology: Defense-in-Depth | | Incident Management Overview | | Incident Management Policies, Plans and Procedures | | Incident Management Team Configuration | | Incident Response Lifecycle | | Defending the Domain | | Perimeter and Host Defenses | | IDS/IPS Defined Including Advantages and Disadvantages | | IDS/IPS Types and Functions | | IDS/IPS Location Placements | | Intrusion Detection using Snort | | Reviewing Alerts and Detecting Attack Phases | | Network Traffic Analysis | | Methods of Network Traffic Analysis | | Wireshark | | Log Analysis Methods and Techniques Part 1 of 2 | | Log Analysis Methods and Techniques Part 2 of 2 | | Detecting Offensive Operations using Log Analysis | | Digital Forensics Overview and Tools | | Digital Forensics Methods and Techniques Part 1 of 2 | | Digital Forensics Methods and Techniques Part 2 of 2 | | Identifying Phases of Attack Using Digital Forensics | | Incident Data: Profile and Analysis | | Incident Reporting | | Offensive and Defensive Network Operations Exam |
|
|
|
| Overview of Creating and Managing Computer Security Incident Response Teams (CSIRTs) 4 Hours | Skill Level: Basic | | | + Description | | | The Overview of Creating and Managing CSIRTs course is designed to provide the learner with an overview of what is needed to create and operate a Computer Security Incident Response Team (CSIRT). The intended audience is individuals tasked with creating a CSIRT and those who may be new to CSIRT issues and processes. Topics covered within the course include the benefits and limitations of a CSIRT, CSIRT requirements, services, common policies and procedures, and operational best practices. Previous incident handling experience is not required to partake in this course.
Learning Objectives:
- Identify managerial, organizational, procedural, and operational issues regarding the CSIRT role and function
- Describe the issues involved with creating and operating a CSIRT
- Discuss specific topics regarding CSIRT benefits and limitations, requirements and framework, services, policies and procedures, and operational best practices
Training Proficiency Area: Level 1 - Basic
Date: 2020
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications Security (COMSEC) Manager |
|
| | + Course Modules/Units | | | | Creating and Managing CSIRTS Introduction | | Defining the Problem | | Defining Incident Management | | Effective Incident Management Processes | | Defining Terms Used Throughout the Course | | Institutionalizing IM Capabilities | | Incident Handling Terms Used Throughout the Course | | Defining CSIRTs | | Creating an Effective CSIRT | | Building a CSIRT: Action Plan Part 1 of 2 | | Building a CSIRT: Action Plan Part 2 of 2 | | Building a CSIRT: Where to Begin | | Lessons Learned and Team Maturity | | CSIRT Components | | CSIRT Organizational Models Part 1 of 2 | | CSIRT Organizational Models Part 2 of 2 | | CSIRT Policies and Procedures | | CSIRT Staffing and Hiring | | CSIRT Facilities and Infrastructure | | Incident Management Processes Overview | | IM Process: Prepare, Sustain, and Improve | | IM Process: Protect Infrastructure | | IM Process: Detect Events | | IM Process: Triage Events | | IM Process: Triage Best Practices | | IM Process: Respond | | IM Process: Respond Issues | | IM Process: Best Practices | | Creating and Managing CSIRTs Summary | | Creating and Managing CSIRTs Resources |
|
|
|
| Risk Management Framework for Leaders 1 Hour | Skill Level: Basic | | | + Description | | | This hour-long webinar recorded on July 10, 2020 features National Defense University Professor Mark Duke discussing key leadership decisions to implement the NIST Risk Management Framework (RMF). The RMF is a risk-based approach to implement security within an existing enterprise – it is leadership’s responsibility to ensure adequate and effective system security.
Learning Objectives:
- How to prepare your component or organization to initiate the RMF.
- How to define, understand, and manage risk to your Information Systems by identifying your threats and vulnerabilities.
- Understand the link to the RMF with Supply Chain Risk Management (SCRM) and the Software Development Life Cycle (SDLC).
- Understand the new "Prepare" step of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 v2 RMF.
- Explain managers; roles and involvement in each step of the RMF.
Date: July 10, 2020
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
| Cybersecurity Management |
Information Systems Security Manager |
| Executive Cyber Leadership |
Executive Cyber Leadership |
| Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
| Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
|
| Securely Provision |
| Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
| Systems Architecture |
Enterprise Architect, Security Architect |
| Systems Requirement Planning |
Systems Requirements Planner |
|
|
| |
|
| Root Cause Analysis 1 hour | Skill Level: Intermediate | | | + Description | | | This course provides an explanation of root cause analysis for cyber security incidents and an overview of two different root cause analysis models (and approaches used in these models). The course also describes how root cause analysis can benefit other incident management processes (response, prevention, and detection), and details general root cause analysis techniques that can be adopted as methods for analysis of cyber incidents.
Training Purpose: Skill Development
Specialty Areas: Threat Analysis, Computer Network Defense Analysis, Incident Response
Training Proficiency Area: Level 1 - Basic
Capture Date: 2016 |
| | + Course Modules/Units | | | | Root Cause Analysis Fundamentals | | Root Cause Analysis Methods | | Cyber Kill Chain Model for Root Cause Analysis | | Sample Incident Cause Analysis Workflow | | Root Cause Analysis Course Exam |
|
|
|
| Radio Frequency Identification (RFID) Security 1 Hour | Skill Level: Intermediate | | | + Description | | | This course will cover securing radio frequency identification (RFID), different components of RFID, how it works, applications in which it is being used, benefits and weaknesses, and the communication range over which it works will be reviewed. Students will learn specific concerns with RFID, recommendations for RFID, and security issues that have come to light.
Training Purpose: Skill Development
Specialty Areas: System Security Analysis, Vulnerability Assessment and Management
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2010 |
| |
|
| Securing Infrastructure Devices 1 Hour | Skill Level: Intermediate | | | + Description | | | This course covers physical security, operating system security, management traffic security, device service hardening, securing management services and device access privileges.
Training Purpose: Skill Development
Specialty Areas: Enterprise Architecture, Network Services, System Administration, Computer Network Defense Infrastructure Support, Systems Security Analysis
Training Proficiency Level: Level 2 - Intermediate
Capture Date: 2010 |
| | + Course Modules/Units | | | | Physical and Operating System Security | | Management Traffic Security | | Device Service Hardening | | Securing Management Services | | Device Access Hardening | | Device Access Privileges |
|
|
|
| Securing Internet- Accessible Systems 1 Hours | Skill Level: Basic | | | + Description | | | Internet-accessible systems have become the backbone of modern business and communication infrastructure, from smartphones to web applications such as Outlook to the explosive growth of the "Internet of Things" (IoT). Each of these systems and devices, however, can be targeted by threat actors and used to conduct malicious activity if they are unsecured - worse, these systems can leave vulnerabilities and sensitive information open to exploitation if not properly configured and maintained. It is crucial for organizations and individuals to understand the vulnerabilities of their internet-accessible systems and how to prepare for, mitigate, and respond to a potential attack. This course provides key knowledge to inform organizational awareness of internet-accessible system attacks as well as best practices that minimize the likelihood of a successful attack, and enable effective response and recovery if an attack occurs.
This webinar is accessible to non-technical learners including managers and business leaders, and offers an organizational perspective useful to technical specialists.
Learning Objectives:
Enable learners to better defend their internet-accessible systems through awareness of common vulnerabilities, best practices, CISA guidance, and resources:
- Define Internet-Accessible Systems and common vulnerabilities
- Explain cyber hygiene best practices that prevent attacks
- Understand the impacts of real-life cyberattacks and what an effective organizational response looks like
- Learn steps to identify, mitigate, and recover from Internet-Accessible System attacks
Date: September 2020
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Data Administration |
Data analyst, database administrator |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber policy and strategy planner; cyber workforce developer and manager |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
| Protect and Defend |
Incident Response |
Cyber defense incident responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
System Requirements Planning |
System requirements planner |
|
| |
|
| Securing the Network Perimeter 1 Hour | Skill Level: Intermediate | | | + Description | | | This course covers edge security traffic design, blocking Denial of Service / Distributed Denial of Service (DoS/DDoS) traffic, specialized access control lists, routers and firewalls, securing routing protocols, securing traffic prioritization and securing against Single Point of Failure (SPOF).
Training Purpose: Skill Development
Specialty Areas: Network Services, Computer Network Defense, Incident Response, Digital Forensics, Systems Security Analysis
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2010 |
| | + Course Modules/Units | | | | Introduction and Edge Security Traffic Design | | Blocking DoS and DDoS Traffic | | Specialized Access Control Lists | | Routers with Firewalls | | Beyond Firewalls: Inspecting Layer 4 and Above | | Securing Routing Protocols and Traffic Prioritization | | Securing Against Single Point of Failures |
|
|
|
| Security and DNS 1 Hour | Skill Level: Advanced | | | + Description | | | This course discusses name resolution principles, name resolution and security, DNS security standards, securing zone transfers with Transaction Signature (TSIG), and DNS Security Extension (DNSSEC) principles, implementation and resources.
Training Purpose: Skill Development
Specialty Areas: Enterprise Architecture, Network Services, System Administration
Training Proficiency Area: Level 3 - Advanced
Capture Date: 2010 |
| | + Course Modules/Units | | | | Name Resolution Introduction | | Name Resolution and Security | | DNS Cache | | DNS Security Standards and TSIG | | DNSSEC | | Migrating to DNSSEC | | Issues with Implementing DNSSEC 1 | | Issues with Implementing DNSSEC 2 |
|
|
|
| SiLK Traffic Analysis 7 Hours | Skill Level: Intermediate | | | + Description | | | This course is designed for analysts involved in daily response to potential cyber security incidents, and who have access to the Einstein environment. The course begins with an overview of network flow and how the SiLK tools collect and store data. The next session focuses specifically on the Einstein environment. The basic SiLK tools are covered next, giving the analyst the ability to create simple analyses of network flow. Advanced SiLK tools follow, and cover how to create efficient and complex queries. The course culminates with a lab where students use their new skills to profile a network.
Training Purpose: Skill Development:
Specialty Areas: Cybersecurity Management, Cyber Defense Infrastructure Support, Vulnerability Assessment and Management
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2013 |
| | + Course Modules/Units | | | | Introduction to SiLK | | iSiLK | | What is Network Flow? | | Interpreting SiLK Network Flow | | SiLK Flows | | SiLK Traffic Analysis Quiz 1 | | The SiLK Repository | | Basic SiLK Tools | | SiLK Traffic Analysis Quiz 2 | | rwfilter | | rwfilter Examples | | rwfilter Demo | | rwfilter Continued | | SiLK Traffic Analysis Quiz 3 | | rwcount | | rwcount Demo | | rwstats | | rwstats Demo 1 | | rwstats Continued 1 | | rwstats Demo 2 | | rwstats Continued 2 | | rwuniq | | SiLK Traffic Analysis Quiz 4 | | PySiLK | | Python Expressions and SilkPython | | SiLK Traffic Analysis Quiz 5 | | IP Sets | | Bags | | SiLK Traffic Analysis Quiz 6 | | Prefix Maps | | Tupples | | SiLK Traffic Analysis Quiz 7 | | rwgroup | | rwmatch | | SiLK File Utilities | | IPv6 in SiLK | | SiLK Traffic Analysis Quiz 8 | | Network Profiling Introduction |
|
|
|
| Software Assurance Executive Course (SAE) 10 Hours | Skill Level: Intermediate | | | + Description | | | This course is designed for executives and managers who wish to learn more about software assurance as it relates to acquisition and development. The purpose of this course is to expose participants to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.
Training Purpose: Skill Development
Specialty Areas: Software Assurance, Software Assurance Management, Acquisition
Training Proficiency Area: Level 2 - Intermediate Capture Date: 2013 |
| | + Course Modules/Units | | | | Interview with William Scherlis: Introduction and Background | | Software Assurance Challenges | | Encouraging Adoption of Software Assurance Practices Through People and Incentives | | The Path Toward Software Assurance: Advice for Organizations | | Learning from Failure | | The Future of Software Assurance | | Introduction, Current Software Assurance Activities by DHS, and Current SW Assurance Environment | | Managing Risks in a Connected World | | A Need for Diagnostic Capabilities and Standards | | Changing Behavior: Resources | | Establishing a Foundation for Software Assurance | | Conclusion: The Rugged Manifesto and Challenge | | Introduction to Software Assurance | | Software Assurance Landscape | | Software Assurance Principles | | Current Software Realities | | Introduction to Software Assurance, Part 2 | | Building Security In | | Microsoft Secure Development Lifecycle (MS SDL) | | Requirements Engineering | | Security Requirements Methods | | Threat Modeling: STRIDE (used by Microsoft) | | Industry Case Study in Threat Modeling: Ford Motor Company | | Topic Summary | | Creating and Selling the Security Development Lifecycle (SDL) | | Managing the Process | | Making a Difference | | Introduction and Key Components of Agile Development | | Traditional & Agile Acquisition Life Cycles | | Common Agile Methods and Scrum - the Most Adopted Agile Method | | Challenges to Agile Adoption | | Suggestions for Successful Use of Agile Methods in DHS Acquisition | | Agile Summary | | Software Assurance, Introduction to Part 3: Mission Assurance | | What Does Mission Failure Look Like? | | Mission Thread Analysis for Assurance | | Applying Mission Thread Analysis Example 1 | | Applying Mission Thread Analysis Example 2 | | Applying Mission Thread Analysis | | Software Assurance, Introduction to Part 4: SwA for Acquisition | | Software Supply Chain Challenges | | Supply Chain Risk Mitigations for Products | | System Supply Chains | | SCRM Standards | | Summary | | Software Assurance in the Software Development Process and Supply Chain: Introduction | | Scope of the Problem | | Governance for System and Software Assurance | | Strategy Solutions: System Security Engineering, Software Sustainment | | Process Solutions | | Introduction, History, and Current State of Software | | Trustworthy Software | | The UK Trustworthy Software Initiative (TSI) | | Trustworthy Software Framework | | Current Focus and Future Direction of UK TSI | | Questions and Answers |
|
|
|
| Static Code Analysis using HPE Fortify 2 Hours | Skill Level: Basic | | | + Description | | | This course introduces students to the idea of integrating static code analysis tools into the software development process from both a developer's and a security professional's perspective. The course demonstrates how Fortify is used to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available.
Training Purpose: Skill Development
Specialty Areas: Information Assurance Compliance, Software Assurance and Security Engineering, Systems Development
Training Proficiency Area: Level 1 - Basic
Capture Date: 2014 |
| | + Course Modules/Units | | | | AppSec with HPE Product Overview and Workflow | | HPE Fortify Static Code Analyzer Suite Overview | | HPE Static Code Analyzer Command Line Demo | | Audit Workbench Demo | | Fortify SCA Process Flow | | Audit Workbench Demo Continued | | STIG Reporting with Audit Workbench | | IDE Plugin | | Questions and Answers | | Fortify Priority | | Software Security Center |
|
|
|
| Static Code Analysis using Synopsis Coverity 1.5 Hours | Skill Level: Basic | | | + Description | | | This course introduces students to the idea of integrating static code analysis tools into the software development process. The focus is on how developers can use tools such as Coverity to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available, prior to deployment.
Training Purpose: Skill Development
Specialty Areas: Information Assurance Compliance, Software Assurance and Security Engineering, Systems Development, Test and Evaluation
Training Proficiency Area: Level 1 - Basic
Capture Date: 2014 |
| | + Course Modules/Units | | | | Overview of Synopsis Software Integrity Platform | | Demonstration | | Questions and Answers | | Closing |
|
|
|
| Supply Chain Assurance using Sonatype Nexus 2.5 Hours | Skill Level: Basic | | | + Description | | | This course introduces students to the idea of integrating static code analysis tools into the software development process from both a developer's and a security professional's perspective. The course demonstrates how tools such as Sonatype can be used to evaluate the software supply chain in order to identify and remove components with known Common Vulnerabilities and Exposures (CVE) from applications in which the source code is available.
Training Purpose: Skill Development
Specialty Areas: Information Assurance Compliance, Software Assurance and Security Engineering, Systems Development, Test and Evaluation
Training Area: Level 1 - Basic
Capture Date: 2014 |
| | + Course Modules/Units | | | | Overview of Sonatype Success Engineering | | Developer Perspective | | Policies | | Dashboard | | Repository Manager | | Questions and Answers | | Success from the Start | | Preparing for Deployment - Overview | | Preparing for Deployment - Licenses | | Preparing for Deployment - Architectural Risk | | Preparing for Deployment - Evaluation | | Preparing for Deployment - Policy Elements | | Preparing for Deployment - Default Policy Demo | | Preparing for Deployment - Policy Demo |
|
|
|
| Windows Operating System Security 16 Hours | Skill Level: Intermediate | | | + Description | | | This course introduces students to the security aspects of Microsoft Windows. The class begins with an overview of the Microsoft Windows security model and some of the key components such processes, drivers, the Windows registry, and Windows kernel. An overview of the users and group permission structure used in Windows is presented along with a survey of the attacks commonly seen in Windows environments. Patching, networking, and the built-in security features of Windows such as the firewall, anti-malware, and BitLocker are all covered in light detail.
Training Purpose: Skill Development
Specialty Area: Vulnerability Assessment and Management, Systems Security Analysis, System Administration
Training Proficiency Area: Level 2 - Intermediate
Capture Date: 2012
|
| | + Course Modules/Units | | | | Windows OS Security Course Introduction | | Windows Security Module Introduction | | Windows Architecture Overview | | Windows Subsystems Part 1 of 2 | | Windows Subsystems Part 2 of 2 | | Windows Security Development Lifecycle | | Windows API | | Windows Registry | | Viewing Windows Registry Demo | | Windows Services Part 1 of 2 | | Windows Services Demo | | Windows Services Part 2 of 2 | | Multi-tasking | | Sessions, Windows Stations and Desktops | | Programs and Drivers Part 1 of 2 | | Reviewing Drivers in Windows | | Programs and Drivers Part 2 of 2 | | Updating Widows Drives Demo | | Applications, Processes, and Threads | | Buffer Overflow Protection | | Authenticode Part 1 of 2 | | Digital Certificate Details Demo | | Authenticode Part 2 of 2 | | Windows Action Center | | Windows Users and Groups Introduction | | User Account Control | | Windows Users and Groups Part 1 of 2 | | Windows Users and Groups Part 2 of 2 | | Windows Interactive Logon Process | | NTLM Authentication Overview | | Kerberos Authentication Overview | | Types of Authentication | | File Permissions | | Dynamic Access Controls | | Threats and Vulnerabilities Introduction | | OS Vulnerabilities | | CVE Details Demo | | CVE Samples | | Misconfigurations | | Password Configuration Options | | Password DDOS Demo | | Common Misconfigurations | | CCE and the NVD Demo | | Social Engineering | | Viruses and Worms | | Impersonation | | Microsoft Updates and Patching Process Part 1 of 2 | | Double Decode | | Microsoft Updates and Patching Process Part 2 of 2 | | Securing the Update Process | | Update Process Circumvention | | Windows Server Update Service | | Internet Explorer Patching | | Windows Network Connectivity | | Windows Network Profiles | | Windows Network Adapter Settings | | Windows Wireless Settings | | Windows Networking Protocols | | Other Windows Protocols | | Microsoft VPN Part 1 of 2 | | Microsoft VPN Part 2 of 2 | | Microsoft Network Access Protection Part 1 of 2 | | Microsoft Network Access Protection Part 2 of 2 | | How to Configure Windows Update Settings Demo | | Windows Security Features Introduction | | Windows Firewall | | Windows Firewall Wizard Demo | | Windows Firewall with Advanced Security | | Windows Firewall with Advanced Security Demo | | Configuring Windows Firewall Demo | | Windows Defender | | Windows AD and PKI Demo | | Windows Active Directory Certificate Services | | Windows Group Policy | | Windows AppLocker | | Configuring And Using App Locker Demo | | Windows BitLocker | | Configuring And Using Bitlocker Demo | | Windows Secure Boot | | Windows Security Auditing | | Windows Audit Settings and Examples | | SCW Introduction | | Hardening Windows Introduction | | Windows Templates | | Microsoft Baseline Security Analyzer | | Microsoft Security Configuration Wizard | | Microsoft Security Compliance Manager | | Hardening with Group Policy | | NVD Search Demo | | Other Guidelines and Recommendations | | Using Windows Mgmt Intstrumentation Demo | | Using The Security Config Wizard Demo | | PowerShell Introduction | | PowerShell Key Commands | | PowerShell Demo | | Administrative Functions with PowerShell | | Computer and Network Management with PowerShell | | Basic Scripts in PowerShell | | PowerShell Security Settings and Configurations | | Using Powershell Demo | | Windows OS Security Quiz |
|
|
|
| Wireless Network Security (WNS) 9 Hours | Skill Level: Intermediate | | | + Description | | | The purpose of the Wi-Fi Communications and Security course is to teach the technologies of the 802.11 family of wireless networking, including the principles of network connectivity and network security.
Training Purpose: Skill Development
Speciality Areas: Enterprise Architecture, Network Services, System Administration, Customer Service and Technical Support, Computer Network Defense Infrastructure Support
Training Proficiency Area: Level 2 - Intermediate Capture Date: 2013 |
| | + Course Modules/Units | | | | Wi-Fi Communication and Security Intro | | How Wi-Fi Became Ubiquitous | | Wi-Fi Standards - 802.11b | | Wi-Fi Standards - 802.11a | | Wi-Fi Standards - 802.11g n and ac | | Bluetooth Standards | | WiMAX Standards | | LTE HSPA EvDO Network Types | | Spread Spectrum Technology | | 802.11 Transmissions and Wireless Channels | | 802.11 Data Rates | | Wireless Network Topologies | | Wireless Network Hardware | | RF Propagation Principles | | Impacts on Signal Radiation | | Signal Propagation and Objects | | Additional Signal Effects | | Measuring Signal Strength | | Signal Strength and Antennas | | Wireless Coverage and Frequency Reuse | | Wireless Network Design Issues | | Wireless Modes and Service Sets | | Wireless Authentication and Association | | Wireless and Roaming 1 of 2 | | Wireless and Roaming 2 of 2 | | Enterprise 802.11 Solutions | | Key Points of CAPWAP | | Advantages of CAPWAP | | CAPWAP Demo | | 802.11 Security Flaws | | Fixing 802.11 Security | | 802.1x Authentication Protocols | | Additional Issues with 802.11 Encryption | | Additional 802.11 Security Measures | | Other Wireless Threats | | Wireless Best Practices | | Wireless Network Assessment Part 1 of 2 | | Wireless Network Assessment Part 2 of 2 | | Wireless Network Security Quiz |
|
|
|