|
|
 CDM PMO speaks about ES-3 of the CDM Agency Dashboard .25 Hours | Skill Level: Basic |    | | + Description | | | This video explains the features of the current ES-3 version of the CDM Agency Dashboard.
Date: 2021
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Oversee and Govern Cybersecurity Management Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
| CDM Training Environment Enrollment and Logon Process .5 Hours | Skill Level: Beginner | | | + Description | | | This is a 10-minute video explaining how to enroll and log onto the CDM Training Environment which is used in the live delivery of the CDM webinars. The Training Environment allows students to participate in lab activities and apply what they learn in the webinars in real-time. Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.
Learning Objectives:
- Learn how to enroll in the CDM Training Environment
-
- Learn how to log onto the CDM Training Environment
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: N/A |
| |
|
| CDM 141 Introduction to the CDM Agency Dashboard - 2 Hours | Skill Level: Beginner | | | + Description | | | This course is a recording of a virtual two-hour course which is the first of six webinars. This course provides participants with the essential knowledge of the ES-2 version of the CDM Agency Dashboard. It explains basic features and navigation within the environment, and includes demonstrations using the new CDM Agency Dashboard to identify and report on vulnerabilities.
Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.
Learning Objectives:
- Understand CDM Agency Dashboard basic features and functionality
- Instructor demonstrates the CDM Agency Dashboard
Date: 2020
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Administration, Systems Analysis |
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
| CDM 142 Asset Management with the CDM Agency Dashboard - 2 Hours | Skill Level: Beginner | | | + Description | | | This course is a recording of a virtual two-hour course which is the second of six webinars. This course presents an ES-2 overview of how the dashboard provides visibility into the metrics and measurements needed for a continuous monitoring program. It explains how to create queries for hardware (HW) and software (SW) assets and introduces a framework for using data reports to inform risk-based decision-making. Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.
Learning Objectives:
- Understand CDM agency dashboard functionalities around asset management
- Learn how to create asset management queries
- Learn how to create reports
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
| CDM 143 Vulnerability Management with the CDM Agency Dashboard - 2 Hours | Skill Level: Beginner | | | + Description | | | This course is a recording of a virtual two-hour course which is the second of six webinars covering the ES-2 version of the CDM Agency Dashboard. This course introduces participants to CDM Agency-Wide Adaptive Risk Enumeration (AWARE) and other vulnerability management topics. With the information provided, dashboard users can identify the most critical vulnerabilities and prioritize mitigation activities at their agency. Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.
Learning Objectives:
- Understand the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) Score
- Walkthrough how to identify vulnerabilities in the CDM Agency Dashboard
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Oversee and Govern Cybersecurity Management Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
| AWARE 1.5 and the ES-3 version of the CDM Agency Dashboard .75 Hours | Skill Level: Basic | | | + Description | | | This video explains the features of AWARE 1.5 on the current ES-3 version of the CDM Agency Dashboard.
Date: 2021
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Oversee and Govern Cybersecurity Management Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
| CDM 201 Identity and Access Management Capabilities within the CDM Agency Dashboard - 2 Hours | Skill Level: Intermediate | | | + Description | | | This course is a recording of a virtual two-hour course which is the second of six webinars covering the ES-2 version of the CDM Agency Dashboard. This course introduces participants to the four identity management capabilities - PRIV, CRED, TRUST, and BEHAVE - and to the use of the new CDM Agency Dashboard to reduce risks associated with each. Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.
Learning Objectives:
- Overview of how the CDM Agency Dashboard addresses user-centric data in addition to hardware and software information
- Strategies for integrating PRIV/CRED/TRUST/BEHAVE capabilities into routine processes workflows to drive increased risk awareness and mitigation.
Date: 2021
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Oversee and Govern Cybersecurity Management Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
| IAM- Identity and Access Management with the CDM Agency Dashboard .5 Hours | Skill Level: Intermediate | | | + Description | | | This 39 minute video is an interview recording of a Mr. Ross Foard, subject matter expert for DHS/CISA, and Identity and Access Management (IAM) . This video provides participants with the essential knowledge of IAM and the CDM Agency Dashboard.
Learning Objectives:
- Understand CDM Agency Dashboard basic features and IAM functionality.
Date: 2021
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Administration, Systems Analysis |
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
| CDM 202 Managing Configuration Settings with the CDM Agency Dashboard - 2 Hours | Skill Level: Intermediate |  | | + Description | | | This 2 -hour course demonstrates the configuration settings management (CSM) capability within the new CDM Agency Dashboard. In this course students are shown the basic concepts associated with CSM, the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), how CSM scoring is incorporated into the AWARE calculations, and gain an understanding of how the CSM capability of the CDM Agency Dashboard can be used to reduce the misconfiguration of assets in their inventory.
Learning Objectives:
- Overview of the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and how CSM scoring is incorporated into the AWARE calculations.
- Walkthrough of how CSM scoring affect the AWARE algorithm and can reduce asset misconfiguration.
Date: 2021
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Oversee and Govern Cybersecurity Management Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
| Configuration Settings Management (CSM) with the CDM Agency Dashboard .5 Hours | Skill Level: Basic | | | + Description | | | This video explains the CSM features of the current ES-3 version of the CDM Agency Dashboard.
Date: 2021
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Oversee and Govern Cybersecurity Management Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
| CDM 203 CDM Dashboard Role-Based Training – System Security Analyst - 2 Hours | Skill Level: Intermediate | | | + Description | | | This 2 -hour demonstrates the continuous monitoring and analysis capability with the CDM Agency Dashboard for those cybersecurity workforce staff that use the dashboard routinely. In this course students are shown concepts associated with continuous monitoring and analysis of the top issues that affect networks. Topics include an overview of the responsibilities of the Security analyst, continuous monitoring, how the CDM Agency Dashboard can be used to identify vulnerabilities, AWARE scoring, the reporting function, and possible courses of action.
Learning Objectives:
- Overview of the importance of the CDM Agency Dashboard role of system security analyst, which includes monitoring and vulnerability identification.
- Strategies for securing agency assets and creating report functionality using the CDM Agency Dashboard.
Date: 2021
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Oversee and Govern Cybersecurity Management Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
| Advanced Computer Forensics 5 Hours | Skill Level: Advanced |   | | + Description | | | This course focuses on building skills to improve the ability to piece together the various components of the digital investigation. The course begins with acquisition planning and preparation, progresses through the investigative process, and concludes with analysis techniques and methods for more manageable investigations.
Learning Objectives:
- Develop an investigative process for the digital forensic investigation.
- Explain methods of focusing investigations through analysis of multiple evidence sources.
- Effectively prepare for incident response of both victim and suspect systems.
- Identify sources of evidentiary value in various evidence sources including network logs, network traffic, volatile data and through disk forensics.
- Identify common areas of malicious software activity and characteristics of various types of malicious software files.
- Confidently perform live response in intrusion investigation scenarios.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
|
| | + Course Modules/Units | | | | Course Objectives | | Introduction to Acquisition Preparation | | The Preparation Phase | | Known Executables | | Collection Strategies | | Once an Incident Has Occurred | | Making Adjustments | | Response | | Acquisition Summary | | Incident Information Gathering | | Live Acquisitions | | Acquisition Considerations and Risks | | Acquisition Preparation and Identification | | Using Live Disks, Bootable USBs, and Evidence Storage | | Volatile Data Collection | | Memory Collection | | Memory Collection Tools | | WinDD | | Hard Drive Collection | | Disk Encryption | | Network Log Analysis | | Log Analysis Tools and Wireshark | | Fundamentals of Memory Analysis | | Why Should You Care About Memory | | Volatile System Information | | Virtual Memory | | Memory Acquisition Considerations and Tools | | Benefits and Limitations of Memory Analysis | | Mandiant Redline | | Volatility | | Using Volatility | | Using Strings | | Demo of Volatility 1_Using Volatility | | Memory Analysis Flow and Techniques | | Demo of Volatility 2_Comparing Memory and Volatile System Information | | Advanced Memory Analysis | | Understanding Attacks and Incidents | | Anatomy of an Attack of Infection | | Benefits of Malware Analysis | | Using Antivirus | | Introduction to Windows Artifacts | | Prefetch Files | | User Assist Entries | | Recent, Link, and Shortcut Files | | Most Recently Used Files | | Shell Bags Entries | | Page, Hibernation, and Autorun Files | | Persistence | | Hash Analysis | | Registry Decoder | | Timeline Analysis | | Forensic Analysis of Timelines | | Victim System Analysis | | User Level Vs Kernel Level Rootkits | | Correlating Incident Response with Forensics | | Advanced Analysis Topics 1 | | Malware Versus Tools | | Advanced Analysis Topics 2 | | Identifying a Suspect | | Scanning and Fingerprinting the Suspect |
|
|
|
|
|
| Advanced PCAP Analysis and Signature Development (APA) 1 Hour | Skill Level: Intermediate |  | | + Description | | | This course will introduce rules and go over example syntax, protocols, and expressions. It contains several supporting video demonstrations as well as lab exercises writing and testing basic rules.
Learning Objectives:
- Identify poorly written signatures and revise them.
- Write regular expressions.
- Create signatures.
- Identify information in PCAP data to use for creating alerts.
Date: 2011
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Collect and Operate |
Cyber Operations |
Cyber Operator |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| | + Course Modules/Units | | | | Advanced Pcap Analysis And Signature Development | | Packet Protocol Dns | | Introduction To Rules | | Examples Of Sourcefire Rules | | Sourcefire Rule Syntax - Protocols | | Sourcefire Rule Syntax - Message And Matching | | Lab Exercise Writing And Testing Basic Rules | | Lab Exercise Writing And Testing Basic Rules Video | | Lab Exercise Writing And Testing Basic Rules Continued | | Lab Exercise Continued | | Regular Expressions | | Editing A Poor Rule | | How To Write An Ipv4 Regular Expression | | Lab Exercise Writing Regular Expression | | Lab Exercise Writing Regular Expression Continued | | Malware Analysis Reports (Mar) | | Demonstration of Mar 131751 Report | | Demonstration Of Mar Report Continued | | Lab Exercise Writing Rules From Malware Analysis Reports | | Lab Exercise Writing Rules From Malware Analysis Reports Continued |
|
|
|
| Advanced Windows Scripting 6 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on advanced concepts for writing scripts for the Microsoft Windows operating system. The course covers how to string multiple commands together in traditional BATCH scripts, as well as leverage Visual Basic Scripting (VBS) to perform more complex tasks and includes reinforcing video demonstrations and final assessment.
Learning Objectives:
- Understand the fundamentals of Visual Basic Scripting.
- Recognize the concepts of redirection, piping, and how to conduct complex tasks with multiple commands.
- Apply integration of Windows BATCH with Visual Basic Scripting.
- Demonstrate how to access the Windows API from Visual Basic Scripting.
Date: 2015
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
Software Development |
Software Developer |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
|
| | + Course Modules/Units | | | | Advanced Windows Scripting Introduction | | Windows BATCH Scripting Overview | | Windows BATCH Advanced Syntax Part 1 of 2 | | Windows BATCH Advanced Syntax Part 2 of 2 | | Windows Scripting Advanced Uses of FOR | | Windows Scripting Syntax Tips and Tricks | | Windows Scripting CALL and START Demo | | Windows Scripting Subroutine Demo | | Windows Scripting SET Demo | | Windows Scripting PUSHD and POPD Demo | | Manipulating In_Outputs | | Stringing Multiple Commands Together | | FOR Loop Generating List Demo | | FOR Loop Recursive Listing Demo | | Taking Action Based on Content of Output | | Action Based on Content Output Demo | | Scripts in Typical Penetration Testing Tasks Part 1 of 2 | | Scripts in Typical Penetration Testing Tasks Part 2 of 2 | | Visual Basic Scripting Syntax and Usage | | Visual Basic Scripting Merge Demo | | VBS Elements_Structure | | VBS Elements_Variables, Arguments, and Conditionals | | VBS Elements_Loops | | VBS Elements_Functions and Operators | | VBS Windows Scripting Host | | VBS Elements_File I_O | | VBS Windows Scripting Demo | | VBS Error Handling and Troubleshooting | | Visual Basic for Applications | | Visual Basic for Application Elements | | Visual Basic for Applications Working with Applications | | VBA Working with Applications Demo | | VBA Error Handling and Troubleshooting | | VBA Error Handling and Troubleshooting Demo | | Advanced Windows Scripting Quiz |
|
|
|
| Analysis Pipeline 6 Hours | Skill Level: Intermediate | | | + Description | | | This course is designed for network flow data analysts who use or are considering using Analysis Pipeline (http://tools.netsa.cert.org/analysis-pipeline5/index.html). The course aims to create a better understanding of how to incorporate streaming network flow analysis into their toolkit for identifying and alerting on events of interest. The focus will be on applying Analysis Pipeline to operational use cases.
Learning Objectives
At the completion of this course analysts will be able to:
- Understand Analysis Pipeline and its role in network flow data streaming analytics and alerting.
- Understand the Analysis Pipeline configuration language.
- Develop and implement network flow data use cases with Analysis Pipeline.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operations |
Cyber Operator |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| | + Course Modules/Units | | | | Introduction | | Configuration Files | | Running Pipeline | | Logical Schematics | | Pipeline and Timing and State | | Alerts | | Configuration File Basics | | Filters | | Filters (Exercises and Solutions) | | Evaluations | | Evaluations (Exercises and Solutions) | | Statistics | | Internal Filters | | List Configurations | | Configuration File Basics (Exercises and Solutions) | | Threshold Examples | | Special Evaluations | | Building an Analytic | | Server Profiling Analytic | | Host Discovery Analytic | | Advanced Configurations | | NTP Anomalies | | Unknown SSH Brute Force | | Choose Your Own Adventure | | ICMP Surveying: Thinking it Through | | ICMP Surveying: Building it Out | | DDoS Detection: Thinking it Through | | DDoS Detection: Building it Out | | SSH Compromise: Thinking it Through | | SSH Compromise: Building it Out | | Analysis Pipeline 5 |
|
|
|
| Artificial Intelligence (AI) and Machine Learning (ML) for Cyber 1.5 Hours | Skill Level: Intermediate | | | + Description | | | This course provides the foundational practices and ethical principles of artificial intelligence. Diving into each of the ethical principles along with other technical ethics, it is aimed at reducing risk and unwanted bias to create ethical, transparent, and fair artificial intelligence systems.
Learning Objectives:
- Explain the harm with bias in artificial intelligence.
- Discuss how to reduce risk and unwanted bias.
- Cite several principles of AI and the goals of each.
- Describe how principles are applied to create ethical, transparent, and fair AI.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
| Operate and Maintain |
Data Administration |
Data Analyst |
|
| | + Course Modules/Units | | | | AI and ML for Cyber | | Ethical Principles for AI Overview | | Responsible Aspects of Ethics Part 1 of 2 | | Responsible Aspects of Ethics Part 2 of 2 | | Equitable Portion of the Ethics Principles | | Traceable AI | | Reliable AI Part 1 of 2 | | Reliable AI Part 2 of 2 | | How to Make AI Reliable Part 1 of 2 | | How to Make AI Reliable Part 2 of 2 | | Governable AI | | AI and ML for Cyber Review | | Course Test |
|
|
|
| Certified Ethical Hacker Version 10 (CEHv10) Prep 29 Hours | Skill Level: Advanced | | | + Description | | | This self-study course focuses on preparing learners for the EC-Council Certified Ethical Hacker version 10 certification exam. This course contains materials on advanced network assessment techniques including enumeration, scanning, and reconnaissance. It is designed to use the same knowledge and tools as a malicious hacker, but in an ethical and lawful manner to examine an organization's network security posture. The course concludes with a practice exam.
Learning Objectives:
- Learn how to perform a vulnerability analysis to identify security weakness in an organization's network structure.
- Perform a security assessment of a cloud environment to understand cloud computing threats and attacks.
- Understand risks and defensive strategies for IoT platforms and devices.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Analysis |
Systems Analyst |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | CEHv10 Course Introduction | | Information Security Reports | | Ethical Hacking Defined | | Ethical Hacking Terminology | | Hacking Phases and Vul Research | | Types of Attacks and Attack Vectors | | Threat Modeling | | Introduction to Physical Security | | Incident Management Process | | Incident Response Overview | | Security Testing and Assessments | | Pen Testing Phases and Methodology | | Information Security Laws and Standards | | Reconnaissance | | Footprinting Methodologies - Passive | | Footprinting Methodologies - Active | | Advanced Google Hacking Techniques | | Network Mapping | | DEMO: WHOIS with BackTrack | | DEMO: Active Footprinting with Traceroute | | DEMO: Maltego for Information Gathering Part 1 | | DEMO: Maltego for Information Gathering Part 2 | | Footprinting Countermeasures | | DEMO: Windows CMD Information Gathering | | Scanning Essentials | | DEMO: Colasoft Packet Builder | | Port Scanning | | DEMO: Banner Grabbing with Telnet | | Covert Scanning | | Covert Scanning with Proxies | | DEMO: Scanning with Nmap | | Common Enumeration Techniques | | Enumeration Tools | | Protocol Enumeration | | DEMO: Scanning and Enumeration with Nmap | | Understanding System Vulnerabilities | | Passive and Active Vul Scanning | | Vulnerability Assessment Lifecycle and CVSS | | Common Vulnerabilities and Exposures (CVE) | | Vulnerability Scanning | | DEMO: Vulnerability Scanning with Nessus | | Authentication Techniques | | Microsoft Authentication | | Password Cracking | | Privilege Escalation | | DEMO: Rainbow Table Lookup Sites | | Keyloggers | | Spyware and Activity Monitoring | | Packet Sniffing Attacks | | Covert Hacking | | Hiding Files - Rootkits | | DEMO: Kernel-Level Rootkits | | Covering Tracks | | Malware Awareness | | Trojan Terminology and Techniques | | Trojans and Backdoors | | Virus Examples and Symptoms | | Virus Classifications and Characteristics | | Virus Making Tools | | Other Malicious Code Types | | Malware Countermeasures and Tools | | DEMO: Bind and Reverse Shell | | DEMO: Strings Analysis | | Sniffers Terminology and Overview | | Network Overview for Sniffer Placement | | Basic Packet Analysis | | Address Resolution Protocol (ARP) | | DEMO: Viewing ARP Packets with Packet Builder | | Spoofing and Flooding Sniffing Attacks | | MITM Attacks Ports Vul to Sniffing | | Wireshark Overview and Examples | | Evasion in Network Sniffing | | Sniffing Countermeasures and Tools | | DEMO: Hping3 | | DEMO: Wireshark | | Social Engineering Background and Examples | | Human-Based Social Engineering | | Computer-Based Social Engineering | | Computer Based SE - Social Networking | | Social Engineering with Mobile Applications | | SE and Identity Theft Countermeasures | | DEMO: Social Engineering Toolkit | | DEMO: Leveraging Armitage in Phishing Attack | | DoS Impacts and Classifications | | Categories of Denial of Service | | Botnets and Disruption Attacks | | DoS Symptoms and Tools | | Buffer Overflow Terminology and Background | | Session Hijacking Overview and Examples | | Compromising Session Attacks | | Session Hijacking Techniques | | Session Hijacking Tools | | IPSec and Session Hijacking | | Firewalls and Honeypots | | Firewall Configurations | | IDS Overview and Detection Methods | | IDS, Firewall, and Honeypot Evasion | | Evasion Techniques | | Evasion Testing Techniques | | DEMO: Intrusion Signs | | Common Web Server Attack | | Webserver Architecture | | OWASP Top 10 and Beyond | | Webserver Hacking Countermeasures | | SQL and Command Injection Web App Hacking | | Non SQL Injection Errors | | Parameter and Form Tampering Web App Hacking | | Cross-site Scripting and Obfuscation Web App Hacks | | Cross-site Request Forgery and Cookies | | Web Application Pen Test Methodology | | Web App Tools and Countermeasures | | Buffer Overflow Tools and Countermeasures | | DEMO: BurpSuite | | SQL Terminology and Example Statements | | SQL Enumeration | | SQL Injection Attacks | | SQL Injection Tools and Countermeasures | | DEMO: SQL Inject Attacks | | Wireless Terminology and Standards | | Wireless Terminology and Antennas | | Wireless Authentication | | Wireless-Based Attacks | | Wireless Attack Methodology Part 1 of 2 | | Wireless Attack Methodology Part 2 of 2 | | WEP, WPA and Other Wireless Attacks | | Bluetooth Communication Basics | | Wireless Protocols and Signal Modulation | | DEMO: SSID and Channels | | DEMO: Wireless Hacking | | Wireless Hacking Tools | | Wireless Hacking Countermeasures | | Mobile Platform Overview | | OWASP IoT Vuls and Countermeasures | | Mobile Device Operating Systems | | Hacking Mobile Platforms | | Mobile Device Management and Risks | | Mobile Device Security | | Internet of Things (IoT) Concepts | | Internet of Things (IoT) Attacks and Mitigation | | Introduction to Cloud Computing | | Cloud Architectures and Deployment Models | | Cloud Threats and Attacks | | Cloud Security | | Cloud Testing Tools | | Cryptography Background and Terminology | | Crypto Keys and Algorithms | | SHA and TLS Algorithms | | DEMO: Hashing with MD5 Sum | | Cryptography Implementations | | Public Key Infrastructure (PKI) | | Cryptanalysis Techniques | | Crypto Attacks | | DEMO: Encryption with TrueCrypt | | Digital Signatures | | Certified Ethical Hacker Practice Exam | | LAB: Using a Simulated Botnet to Conduct a Distributed Denial of Service |
|
|
|
| New CDM Agency Dashboard Videos (8 Videos) 1 Hours | Skill Level: Intermediate | | | + Description | | | These short videos (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.
Learning Objectives:
- Understand what are CDM and the CDM Agency Dashboard
- Understand the New CDM Agency Dashboard
- Provide an overview on the AWARE Scoring Algorithm 1.0
- Become familiar with the Kibana User Interface
- Understand the general architecture, data flow, and data structure and schema
- Become familiar with JSON Documents
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
This course is to be broken up. Any completion data will be preserved in the new courses. |
| | + Course Modules/Units | | | | What is CDM and the CDM Agency Dashboard? | | Introduction to the New CDM Agency Dashboard | | Introduction to the AWARE Scoring Algorithm 1.0 | | AWARE Scoring Algorithm 1.0 Details | | CDM Agency Dashboard - Kibana User Interface | | CDM Agency Dashboard Architecture and Data Flow | | CDM Agency Dashboard Data Structure and Schema | | Understanding JSON Documents |
|
|
|
 CDM PRIVMGMT: CA PAM for Chief Information Security Officers (LT1) 2 hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for senior-level executives within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Course Description: This course contains 9 learning tracks:
- X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- X2 General use of the web portal for requesting, accessing and managing privileged credentials.
- X3 Account management features which include account reconciliation and password management.
- X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X3 Account management features which include account reconciliation and password management. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CyberArk for Chief Information Security Officers (LT1) 2 hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for senior-level executives within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
This course contains 9 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C3 Account management features which include account reconciliation and password management.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute.
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors.
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level 1 - Basic |
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C3 Account management features which include account reconciliation and password management. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CA PAM for Information System Security Officer (LT2) 2 hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for senior-level executives within an organization responsible for establishing and maintaining the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected.
Course Description: This course contains 9 learning tracks:
- X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- X2 General use of the web portal for requesting, accessing and managing privileged credentials.
- X3 Account management features which include account reconciliation and password management.
- X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X3 Account management features which include account reconciliation and password management. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CyberArk for Information System Security Officer (LT2) 2 Hours | Skill Level: Beginner | | | + Description | | |
Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for research, develop, implement, test and review an organization's information security in order to protect information and prevent unauthorized access.
This course contains 9 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C3 Account management features which include account reconciliation and password management.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic
|
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C3 Account management features which include account reconciliation and password management. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CA PAM for Security Operations Center (LT3) 2 hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for operating the SOC site which is dedicated to monitoring, assessing, and defending enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints).
This course contains 5 learning tracks:
- X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- X2 General use of the web portal for requesting, accessing and managing privileged credentials.
- X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | P2 Splunk Integration. |
|
|
|
| CDM PRIVMGMT: CyberArk for Security Operations Center (LT3) 2 Hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for operating the SOC site which is dedicated to monitoring, assessing, and defending enterprise information systems (web sites, applications, databases, data centers and servers, networks, desktops and other endpoints).
This course contains 5 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | P2 Splunk Integration. |
|
|
|
| CDM PRIVMGMT:
CA PAM for Agency Privileged Users (LT4) 2 Hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel that access or use credentials which have been granted administrative privileges on one or more systems.
This course contains 4 learning tracks that provide Privileged users with
C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
C2 General use of the web portal for requesting, accessing and managing privileged credentials.
C3 Account management features which include account reconciliation and password management.
Training Purpose: Skill Development
Specialty Areas: Knowledge Management
Training Proficiency Area: Level 1 - Basic
|
| |
|
| CDM PRIVMGMT: CyberArk for Agency Privileged Users (LT4) 2 Hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel that access or use credentials which have been granted administrative privileges on one or more systems.
This course contains 4 learning tracks that provide Privileged users with
C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
C2 General use of the web portal for requesting, accessing and managing privileged credentials.
C3 Account management features which include account reconciliation and password management.
Training Purpose: Skill Development
Specialty Areas: Knowledge Management
Training Proficiency Area: Level 1 - Basic |
| |
|
| CDM PRIVMGMT: CA PAM for Privileged User Managers (LT5) 2 hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users.
This course contains 8 learning tracks:
- X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- X2 General use of the web portal for requesting, accessing and managing privileged credentials.
- X3 Account management features which include account reconciliation and password management.
- X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X3 Account management features which include account reconciliation and password management. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CyberArk for Privileged User Managers (LT5) 2 hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users.
This course contains 8 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C3 Account management features which include account reconciliation and password management.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C3 Account management features which include account reconciliation and password management. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CA PAM for Network Operations Center (LT6) 2 hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users.
This course contains 5 learning tracks:
- X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- X2 General use of the web portal for requesting, accessing and managing privileged credentials.
- X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic
|
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | P2 Splunk Integration. |
|
|
|
| CDM PRIVMGMT: CyberArk for Network Operations Center (LT6) 2 hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users.
This course contains 5 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- P1 Splunk dashboard introduction.
- P2 Splunk Integration
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic |
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | P1 Splunk dashboard introduction. | | P2 Splunk Integration. |
|
|
|
| CDM_PRIVMGMT: SailPoint for SailPoint Administrators (LT7) 2 hours | Skill Level: Beginner | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for managers of privileged users.
This course contains 4 learning tracks:
- S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute
- S2 SailPoint Administration I covers configuring Applications and Tasks.
- S3 SailPoint Administration II covers Target Applications and Connectors
- S4 SailPoint Administration III includes the ability to run, schedule and review reports.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Basic
|
| | + Course Modules/Units | | | | S1 SailPoint Introduction covers the UI and highlights how to locate an Identity Attribute. | | S2 SailPoint Administration I covers configuring Applications and Tasks. | | S3 SailPoint Administration II covers Target Applications and Connectors. | | S4 SailPoint Administration III includes the ability to run, schedule and review reports. |
|
|
|
| CDM PRIVMGMT: CA PAM Administrator (LT8) 4 hours | Skill Level: Advanced | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for the overall operation and management of Xceedium. Personnel in this role would perform tasks such as managing users, devices, applications, credentials and disaster recovery scenarios.
This course contains 8 learning tracks:
X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
X2 General use of the web portal for requesting, accessing and managing privileged credentials.
X3 Account management features which include account reconciliation and password management.
X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
X5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP.
X6 Administration II provides users with the ability to create and configure application or services and setup policies.
X7 Administration III covers how to run reports and schedule reports, locate/manage log files, perform session management and locate troubleshooting tools.
X8 Administration IV provides users with an understanding of how to manage disaster recovery features.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Advanced |
| | + Course Modules/Units | | | | X1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | X2 General use of the web portal for requesting, accessing and managing privileged credentials. | | X3 Account management features which include account reconciliation and password management. | | X4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | X5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP. | | X6 Administration II provides users with the ability to create and configure application or services and setup policies. | | X7 Administration III covers how to run reports and schedule reports, locate/manage log files, perform session management and locate troubleshooting tools. | | X8 Administration IV provides users with an understanding of how to manage disaster recovery features. |
|
|
|
| CDM PRIVMGMT: CyberArk Administrators (LT8) 4 hours | Skill Level: Advanced | | | + Description | | | Privilege Access Management (PRIVMGMT) course is designed for personnel responsible for the overall operation and management of CyberArk. Personnel in this role would perform tasks such as managing users, devices, applications, credentials and disaster recovery scenarios.
This course contains 8 learning tracks:
- C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals.
- C2 General use of the web portal for requesting, accessing and managing privileged credentials.
- C3 Account management features which include account reconciliation and password management.
- C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests.
- C5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP.
- C6 Administration II (Part 1 and 2) provides users with the ability to create and manage platforms and safes, configure master policies as well as an in-depth look into safe design.
- C7 Administration III covers how to run reports in the PVWA, operate the PrivateArk Client and how to locate and manage log files.
- C8 Administration IV provides users with an understanding of how to manage disaster recovery features.
Specialty Areas: Cyber Defense Infrastructure Support
Level: Advanced
|
| | + Course Modules/Units | | | | C1 An introduction into the PRIVMGMT solution and how it aligns to CDM goals. | | C2 General use of the web portal for requesting, accessing and managing privileged credentials. | | C3 Account management features which include account reconciliation and password management. | | C4 Credential Approval designed to provide agencies with a functional understanding of approving credential requests. | | C5 Administration I covers how to add new users, devices, organize groups and connect to external resources such as LDAP. | | C6 Administration II Part 1 provides users with the ability to create and manage platforms and safes, configure master policies as well as an in-depth look into safe design. | | C6 Administration II Part 2 provides users with the ability to create and manage platforms and safes, configure master policies as well as an in-depth look into safe design. | | C7 Administration III covers how to run reports in the PVWA, operate the PrivateArk Client and how to locate and manage log files. | | C8 Administration IV provides users with an understanding of how to manage disaster recovery features. |
|
|
|
| Cisco CCENT Self-Study Prep 13 hours | Skill Level: Intermediate | | | + Description | | | This course is a self-study resource to help prepare for the Cisco CCENT certification, one of the prerequisites for the Cisco CCNA certification. Installing, operating, configuring, and verifying a basic IPv4 and IPv6 network will be discussed. The course focuses on configuring a local area network (LAN) switch, configuring an internet protocol (IP) router, and identifying basic security threats. It includes several reinforcing video demonstrations of concepts discussed, as well as a quiz.
Learning Objectives:
- Review of objectives for the Cisco Certified Entry Networking Technician certification
- Supplemental preparation for the Cisco CCENT certification exam
Date: 2016
Training Purpose: Operate and Maintain
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Services Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
|
| | + Course Modules/Units | | | | Switched Networks Part 1 of 2 | | Switched Networks Part 2 of 2 | | Collisions and Broadcasts | | DEMO: Viewing an ARP Table | | Basic Switch Configuration | | SSH Operation and Configuration | | Configuring Switch Ports | | Switch Troubleshooting | | Securing a Switch | | Best Practices for Switched Networks | | DEMO: Making an RJ-45 Cable | | VLAN Segmentation Part 1 of 2 | | VLAN Segmentation Part 2 of 2 | | VLAN Implementations | | VLAN Security and Design | | DEMO: Configuring VLANs | | DEMO: Demonstrating VLAN Connectivity | | Functions of a Router Part 1 of 2 | | Functions of a Router Demo | | Functions of a Router Part 2 of 2 | | Configuring Basic Router Settings | | DEMO: IPv4 and IPv6 Subnetting | | Basic Router Settings_IPv6 and Loopback Interfaces | | Verifying Connectivity of Directly Connected Networks | | Switching Packets Between Networks | | Routing Tables and Protocols | | DEMO: IPv6 Header Analysis | | DEMO: MAC Address Table | | DEMO: IPv4 Addresses and Router Interfaces | | DEMO: IPv6 Addressing on Router Interfaces | | Inter-VLAN Routing Configuration | | Layer 3 Switching | | Static Routing | | Configure Static Routing | | Classful Addressing and Routing | | Configuring Summary Routes | | Troubleshooting Static and Default Routes | | DEMO: Static Routing | | Dynamic Routing Protocol Operation | | Routing Protocol Operating Fundamentals | | Types of Routing Protocols | | Types of Distance Vector Routing Protocols | | Configuring the RIP Protocol | | RIPng and Link-State Routing | | DEMO: RIP Version 1 and IPv4 | | DEMO: RIP Version 2 Improvements | | DEMO: Setting up RIP for IPv6 | | Characteristics of OSPF | | OSPF Messages | | OSPF Router IDs | | Configuring and Verifying OSPF | | OSPFv2 versus OSPFv3 | | DEMO: Configuring OSPF | | DEMO: Troubleshooting OSPFv2 | | DEMO: Configuring OSPFv3 | | DHCPv4 Operation | | Configuring and Troubleshooting DHCPv4 | | DEMO: DHCPv4 | | SLAAC and DHCPv6 | | Stateless and Stateful DHCPv6 | | DEMO: Stateless DHCPv6 | | NAT Characteristics and Benefits | | Types of NAT | | Configuring Static and Dynamic NAT | | Configuring PAT and Port Forwarding | | DEMO: Enabling IPv4 NAT | | Configuring and Troubleshooting NAT for IPv6 | | CCENT Prep Practice Exam |
|
|
|
| Cisco CCNA Security Self-Study Prep 15 Hours | Skill Level: Intermediate | | | + Description | | | This course is the follow-up to Cisco CCENT and is aimed to prepare learners for the Cisco CCNA Security exam. Content covered in this course includes protocol sniffers, analyzers, TCP/IP, desktop utilities, Cisco IOS, the Cisco VPN, a Cisco simulation program called Packet Tracer, and some web-based resources. The course focuses on a theoretical understanding of network security, knowledge, and skills designed to implement it. This course contains several reinforcing video demonstrations and final exam.
Learning Objectives:
- Review of objectives for the Cisco Certified Network Associate certification
- Supplemental preparation for the Cisco CCNA certification exam
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Security Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Analyst |
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
|
| | + Course Modules/Units | | | | Securing Network Devices | | Secure Administrative Access Part 1 of 2 | | Secure Administrative Access Part 2 of 2 | | DEMO: Securing Router Access Methods | | Role-Based CLI Overview | | Password Recovery | | Management Reporting and Logging Considerations | | Implementing Log Messaging for Security | | Configuring NTP | | Disabling Unused Cisco Router Network Services and Interfaces | | AAA Authentication Methods | | Implementing Local AAA Authentication | | Implementing Server-Based AAA Authentication | | Cisco Secure ACS | | Configuring Server-Based AAA Authentication | | Server-Based Authorization and Accounting | | Implementation Firewall Technologies | | Access List Controls (ACLs) | | Extended ACLs and ACL Caveats | | ACL Placement | | Complex ACLs | | Troubleshooting ACLs | | Securing Networks with Firewalls | | Zone-Based Policy Firewalls | | CCP Firewall Wizard and Manual ZPF using CCP | | DEMO: Enabling IOS Firewall | | Implementing Intrusion Prevention Intro | | IPS Signatures | | Signature Trigger and Action for IPS | | Managing and Monitoring IPS | | Configuring and Verifying IOS IPS | | Securing the Local Area Network Intro | | Layer 2 Security Part 1 of 2 | | Layer 2 Security Part 2 of 2 | | Mitigating MAC Spoofing and MAC Table Overflow Attacks | | Mitigating STP Manipulation | | Configuring Storm Control | | Mitigating VLAN Attacks | | Configuring Cisco Switch Port Analyzer | | Private VLAN Edge | | Advanced Technology Security Considerations | | Wireless Networks | | VoIP and SAN Networks | | DEMO: Enabling STP with Voiceover | | Cryptographic Systems and Hashes | | Encryption and Confidentiality | | Public Key Cryptography and PKI | | VPN Terminology and Topologies | | IPSec Frameworks and Key Exchange | | IPSec Tasks | | Configuring IPsec VPN using CCP | | Remote-Access VPNs | | Managing a Secure Network and Addressing Risks | | Operations Security | | Network Security Testing | | Continuity Planning | | SDLC | | Security Policy | | ASA Models and Features | | Basic ASA Configuration and Settings | | Introduction to ASDM | | ASA Objects and Object Groups | | ACLs for ASA | | ASA and NAT | | ASA and PAT | | ASA AAA | | Modular Policy Framework | | ASDM Service Policies Demo | | ASA VPN Features | | ASDM AnyConnect VPN Wizard | | DEMO: ASA Console Config | | DEMO: ASA GUI Config | | DEMO: ASA Traffic Management | | CCNA Security Prep Practice Exam |
|
|
|
| Cloud Computing Security 2.5 Hours | Skill Level: Intermediate | | | + Description | | | This course explores the guidance from the Cloud Security Alliance (CSA), National Institute of Standards and Technology (NIST), National Security Agency (NSA), and several Cloud Service Providers (CSPs). Objectives cover cloud security risks and threats, basic operations, incident response considerations, along with application, data and infrastructure security concepts. Where applicable, demonstrations of cloud provider tools and capabilities will be used to reinforce key points.
Learning Objectives:
- Define cloud models and components.
- Apply CSA security guidance and other best practices to cloud deployments.
- Understand cybersecurity requirements within the Shared Responsibilities model.
- Prepare for cloud computing governance and compliance challenges.
- Relate traditional cybersecurity controls to popular cloud solutions.
- Recognize and prepare for cloud computing threats.
- Review additional cloud security tools and use cases.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Securely Provision |
Systems Architecture |
Security Architect |
| Securely Provision |
Systems Development |
Secure Software Assessor |
|
| | + Course Modules/Units | | | | Cloud Computing Security Course Overview | | Cloud Computing Overview | | Cloud Computing Overview Knowledge Check | | Building a Cloud | | Building a Cloud Knowledge Check | | Securing Your Cloud | | Cloud Security Basics | | Review of Multifactor Authentication | | Review of Monitoring and Security Configurations | | Options for Securing Within the Cloud | | VPC Network ACs and CloudWatch Monitoring | | Compute Instance in Google's Cloud Platform | | Monitoring and Alerting Options in Google Cloud | | Web App and Security Configs in Google Cloud | | Use of Microsoft's Platform as a Service | | Azure Compute Instance Setup | | Securing Your Cloud Knowledge Check | | Review of Two NIST Publications on Cloud Computing | | Guidance for Critical Areas in Cloud Computing | | Cloud Computing Risk Assessment by ENISA | | Resources Knowledge Check |
|
|
|
| ud Computing Concepts | Skill Level: Intermediate | | | + Description | | | The Cloud Computing Concepts course highlights concepts and best practices for cloud architecture, design, security, and operations. Topics include leveraging cloud environments for critical assets or operations, and the impacts on data and application security, as well as legal, risk, and compliance considerations.
Learning Objectives:
- Compare cloud service and deployment models and each’s impact on customer control and responsibilities
- Identify data security strategies within cloud environments
- Explain secure data center design concepts including example risks and security controls
- Describe the Secure Software Development Life Cycle (SDLC) and its relation to applications within cloud environments
- Summarize concepts for building, operating, and managing physical and logical infrastructure for cloud environments
- Outline privacy, legal, and audit requirements with cloud environments, and how it relates to evaluating providers
Date: 2021
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
Systems Architecture |
Enterprise Architect |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
|
| | + Course Modules/Units | | | | Cloud Computing Concepts Course Intro | | Introduction to Cloud Computing | | Cloud Architecture and Deployment Models | | Security in the Cloud (Cloud Security) | | Securing Your Cloud | | Cloud Threats and Attacks | | Data Security Technologies and Classification | | Auditing in a Cloud Environment | | Building a Cloud | | Phys. & Logical Infrastructure for Cloud Environs | | Secure Coding for Cloud Deployments | | Review of Multifactor Authentication | | Anatomy of a Supply Chain Attack | | Options for Securing Within the Cloud | | VPC Network Access Controls and CloudWatch Monitrg | | Compute Instance in Google’s Cloud Platform | | Monitrg and Alerting Options in Google Cloud | | Web Apps in Google Cloud and Adding Security | | Use of Microsoft’s Platform as a Service | | Azure Compute Instance Setup | | Secure Data Center Design | | Review of Monitoring and Security Configurations | | Overview of Two NIST Publications on Cloud Comp | | Security Guidance for Critical Areas in Cloud Comp | | Cloud Security Basics | | Implications of Cloud to Enterprise Risk Mgmt | | DR/BC and Risks with Cloud Strategy | | Evaluating and Legal Requirements for Cloud Services | | Cloud Computing Risk Assessment by ENISA |
|
|
|
| ud Monitoring | Skill Level: Beginner | | | + Description | | | This course introduces concepts around Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Sofware as a Service (SaaS), Multiple Cloud Hosting and Hybrid Cloud Hosting.
Date: 2021
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| | + Course Modules/Units | | | | Introduction - Lecture 1 of 5 | | Shared Responsibility Model - Lecture 2 of 5 | | Use Cases - Lecture 3 of 5 | | Case Study - Lecture 4 of 5 | | Cloud Architectures & Summary - Lecture 5 of 5 | | IaaS Overview - Lecture 1 of 5 | | IaaS: Monitoring Services and Capabilities - Lecture 2 of 5 | | IaaS: Best Practices - Lecture 3 of 5 | | IaaS: Gaps and Considerations - Lecture 4 of 5 | | IaaS: Use Cases, Reflection and Summary - Lecture 5 of 5 | | PaaS Overview - Lecture 1 of 6 | | PaaS: Monitoring Services and Capabilities - Lecture 2 of 6 | | PaaS: Monitoring Examples - Lecture 3 of 6 | | PaaS: Best Practices - Lecture 4 of 6 | | PaaS: Gaps and Considerations - Lecture 5 of 6 | | PaaS: Reflection and Summary - Lecture 6 of 6 | | SaaS Overview - Lecture 1 of 5 | | SaaS: Monitoring Services and Capabilities - Lecture 2 of 5 | | SaaS: Best Practices - Lecture 3 of 5 | | SaaS: Gaps and Considerations - Lecture 4 of 5 | | SaaS: Reflection and Summary - Lecture 5 of 5 | | What is Multiple Cloud - Lecture 1 of 5 | | Security Issues - Lecture 2 of 5 | | Monitoring Capabilities - Lecture 3 of 5 | | Gaps- Lecture 4 of 5 | | Multiple Clouds - Lecture 5 of 5 | | Hybrid Cloud: Security Issues - Lecture 1 of 4 | | Monitoring Capabilities - Lecture 2 of 4 | | Gaps - Lecture 3 of 4 | | Hybrid Clouds in Operation - Lecture 4 of 4 | | Conclusion - Lecture 1 of 1 |
|
|
|
| ud Security – What Leaders Need to Know (Professors in Practice Series) | Skill Level: Beginner | | | + Description | | | This course features National Defense University Professor Robert Richardson who discusses important security and oversight requirements for commercial cloud solutions.
Learning Objectives:
- Overview of the cloud physically, logically, and architecturally.
- Discuss cloud deployment models and characteristics.
- Overview of cloud infrastructure characteristics.
- Cloud Supply Chain Risk Management and considerations of commercial cloud as third-party cloud services; senior leaders should "beware of the gaps and seams."
- Cloud software components - microservices & APIs.
- The driving forces and key technology enablers of commercial cloud services in the Federal Government.
- Must-have security requirements and policies for cloud solutions.
- The top ten cybersecurity cloud risks such as: loss of service, data breaches, human error. As well as non-cybersecurity risks such as: outsourcing risks, personnel security, and supply chain risk management.
- Where Federal Government adoption of commercial cloud is now and predictions for the future.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Special |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
| Securely Provision |
Systems Requirement Planning |
Systems Requirements Planner |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
|
| |
|
| CMaaS Overview 0.5 Hours | Skill Level: Beginner | | | + Description | | | This course is designed for managers, staff, and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). This course explains how Continuous Monitoring as a Service (CMaaS) relates to the Continuous Diagnostics and Mitigation (CDM) program.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 0 - Introduction
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Lesson 1 - Continuous Diagnostics and Mitigation (Video) | | Lesson 2 - The Problem (Infographic) | | Lesson 3 - How CDM Phase 1 Capabilities Support CDM Goals (Infographic) | | Lesson 4 - How CDM Phase 1 Capabilities Work Together (Infographic) | | Lesson 5 - CDM Phase 1 Capabilities Scope (Infographic) | | Lesson 6 - Overview of Continuous Monitoring as a Service (Video) | | Lesson 7 - How the CDM Capabilities Were Defined | | Lesson 8 - ISCM Policy and Guidance Timeline |
|
|
|
| CMaaS Technical Overview Course 0.5 Hours | Skill Level: Beginner | | | + Description | | | This course is designed for managers, staff, and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the learner better understand how Continuous Monitoring as a Service (CMaaS) will be implemented in DHS Component networks.
Date: 2017
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Basic
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Lesson 1: CMaaS Technology Stack Overview (Video) | | Lesson 2: Central Management Enclave Firewall Requirements (Infographic) | | Lesson 3: Component Management Enclave Firewall Requirements (Infographic) | | Lesson 4: Hardware Sensors Firewall Requirements 1 of 2 (Infographic) | | Lesson 5: Hardware Sensors Firewall Requirements 2 of 2 (Infographic) | | Lesson 6: Software Sensors Firewall Requirements (Infographic) | | Lesson 7: Considerations for Initial CMaaS Deployment (Infographic) | | Lesson 8: CMaaS Deployment Overview (Infographic) |
|
|
|
| CMaaS Transition Classroom Sessions 5 Hours | Skill Level: Beginner | | | + Description | | | This course is part of the CMaaS transitional webinar series conducted via WebEx. Each video focuses on a single tool within the CMaaS solution stack and includes two major Use Cases for each tool.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Basic
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| |
|
| Coding 101 5 Hours | Skill Level: Beginner |  | | + Description | | | This course focuses on the basics of computer programming and how to give a machine a set of instructions to produce a desired behavior. This course also provides information on the elements of programming and programming languages, frameworks, and models. The course includes an interactive programming game, interactive knowledge checks, and the chance to write a fully functional code.
Learning Objectives:
- Define programming.
- Describe the structure and purpose of major programming paradigms.
- Explain the difference between high-level and low-level languages.
- Describe the uses of scripting and compiled languages.
- State the elements of programming.
- Explain when to use a variable in programming.
- List basic data types.
- State how operators are used in programming.
- Explain why logic and flow are important in programming.
- State the purpose of programming frameworks.
Date: 2017
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
Systems Development |
Systems Developer |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Systems Architecture |
Security Architect |
| Securely Provision |
Technology R&D |
Research & Development Specialist |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
| CompTIA A+ (220-1001) Certification Prep 14 Hours | Skill Level: Beginner | | | + Description | | | This course is a self-study resource to prepare learners for the CompTIA A+ certification exam. Objectives in the CompTIA A+ 220-1001 cover mobile devices, networking technology, hardware, virtualization and cloud computing, and network troubleshooting.
Learning Objectives:
- Identify installation, configuration, and maintenance details for PC components, mobile devices, and user applications.
- Recall basics of networking and security fundamentals.
- Apply troubleshooting techniques and satisfactory customer support.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialis |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
|
| | + Course Modules/Units | | | | Laptops and Mobile Devices | | Laptop Expansion Options, Docking and Locks | | Laptop Hardware Replacement | | Laptop Special Functions and Features | | DEMO: Laptop Computer Components | | Characteristics of Various Mobile Device Types | | Mobile Device Ports and Accessories | | Network Services and Protocols | | IP Address, Ports, and Protocols Part 1 of 3 | | IP Address, Ports, and Protocols Part 2 of 3 | | IP Address, Ports, and Protocols Part 3 of 3 | | DEMO: Windows Command-Line Tools | | Patch Panels, Ethernet Standards and LAN | | Wireless Networks and WiFi Standards | | Network Devices: Routers | | Network Devices: Hubs, Switches and Firewalls | | SOHO Network | | Network Types | | Technologies that Facilitate IoT | | IoT Attacks and Mitigation | | Wireless Protocols and Signal Modulation | | Fiber, Coaxial Cables and Connectors | | Display Connector and Cable Types | | Computing System Components | | Hard Drive Interfaces | | Power Supply and Connectors | | RAM Basics and Types of RAM | | Upgrading and Installing RAM | | DEMO: RAM Installation and Verification | | Hard Drive Basics | | Hard Drive RAID Types | | Removable Media | | Motherboard Form Factor, Chipset and Components | | Motherboard Expansion Slots and Card Installation | | Installing New Motherboard | | BIOS Components, Configuration, and Settings | | DEMO: BIOS Overview | | DEMO: Hard Drive Installation and Initializing | | PC Configurations | | DEMO: Inside Desktop Computer | | Central Processing Unit (CPU) | | Sockets and Processors | | Virtualization and Temperature Monitoring | | DEMO: CPU Characteristics and Installation | | Common Peripheral Devices | | Display Types and Features | | Audio/Video Standards | | Configuring a SOHO Network | | Printer Types | | Printer Languages and Installation | | Introduction to Cloud Computing | | Cloud Architectures | | Cloud Security | | Virtual Environments | | Network Troubleshooting Process | | Network Troubleshooting Methodology | | PC Troubleshooting Tools | | Troubleshooting Common Symptoms of System Issues | | Troubleshooting Hardware, Video, Networks and OS | | DEMO: Troubleshooting Hard Drives | | Troubleshooting Common Video and Display Issues | | Troubleshooting Mobile Device Issues | | Hardware Tools for Connectivity Issues | | Printer and Scanner Maintenance and Troubleshooting | | DEMO: Troubleshooting Network Issues | | CompTIA A+ 220-1001 Practice Exam |
|
|
|
| CompTIA A+ (220-1002) Certification Prep 7.5 Hours | Skill Level: Beginner | | | + Description | | | This course is a self-study resource to help learners prepare for the CompTIA A+ certification exam. Topics in the A+1002 cover installing and configuring operating systems, expanded security, software troubleshooting, and operational procedures.
Learning Objectives:
- Apply diagnostic and resolution processes to hardware and software issues.
- Employ device installation and sound troubleshooting and customer support practices.
- Recall fundamentals of cloud and virtualization deployment strategies.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
|
| | + Course Modules/Units | | | | Microsoft Operating System Versions | | Understanding Windows Compatibility Risks | | File System for iOS Devices | | Understanding the Basics of iOS | | Understanding iOS Security Architecture | | Windows Command-line Tools | | DEMO: Windows Command-Line Tools | | Demonstration: Windows OS GUI Tools Part 1 of 2 | | Demonstration: Windows OS GUI Tools Part 2 of 2 | | Windows Operating System Features Part 1 of 2 | | Windows Operating System Features Part 2 of 2 | | Windows OS GUI Tools Best Practices | | Demonstration: Creating and Managing Disk Folders | | Demonstration: Windows Hidden File Properties | | Demonstration: File Structure and Paths | | Windows Firewall Zones | | Application Events and Security Events | | Windows Event Forwarding | | Windows Networking and Resource Sharing | | Demonstration: Image Backup and Restore on Windows | | Demonstration: Linux Commands | | Best Practices and Common Features of OS X | | Physical Security Concerns and Controls | | DEMO: Physical Security | | Infrastructure Physical Security | | Identification and Authentication Methods | | Demonstration: Installing Antivirus | | Authentication Services | | Malware and Social Engineering Threats | | Symptoms, Troubleshooting and Preventing PC Infections | | Host Security Controls Part 1 of 2 | | Host Security Controls Part 2 of 2 | | Windows 10 Security Features | | Mobile Based Social Engineering | | Mobile Device Security Best Practices | | Data Destruction and Disposal Methods | | Configuring a SOHO Network | | PC Troubleshooting Tools | | Troubleshooting Common Symptoms of System Issues | | Troubleshooting System Crash and Failure-to-Boot Issues | | Troubleshooting Mobile Device Issues | | Safety Procedures and Personal Safety | | IT Environmental Controls | | Incident Response Concepts | | Intellectual Property and Licensing | | Professional Communication and Troubleshooting Theory | | Procedures Supporting Policy | | Scripting Basics Overview | | CompTIA A+ 220-1002 Practice Exam |
|
|
|
| Critical Infrastructure Protection 2 Hours | Skill Level: Beginner | | | + Description | | | This course discusses the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.
Learning Objectives:
- Define and give examples of critical infrastructure.
- Identify possible cyber threats to critical infrastructure.
- Describe U.S. cybersecurity policies and programs.
- Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.
Date: 2017
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Analyst |
| Operate and Maintain |
Systems Development |
Information Systems Security Developer |
| Oversee and Govern |
Strategic Planning and Polic |
Cyber Policy and Strategy Planner |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Securely Provision |
Systems Architecture |
Systems Architect |
| Securely Provision |
Technology R&D |
Research & Development Specialist |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Systems Development |
Systems Developer |
|
| |
|
| Creating a Computer Security Incident Response Team (CSIRT) 3 Hours | Skill Level: Beginner | | | + Description | | | This course was developed for organizations and individuals who are at the beginning of their planning and implementation process for creating a computer security incident response team or an incident management capability. This course begins with definitions and context for defining a CSIRT framework, followed by services that may be provided and building an action plan. An attendee workbook is included with questions and exercises to use in conjunction with the training.
Learning Objectives:
- Understand the function of Computer Security Incident Response Teams (CSIRTs) and the philosophy behind them.
- Understand the role of CSIRT in the incident management process.
- Identify the requirements to establish an effective CSIRT.
- Appreciate the key issues and decisions that must be addressed when creating a CSIRT.
- Learn to strategically plan the development and implementation of your CSIRT.
Date: 2017
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
|
| | + Course Modules/Units | | | | Create a Computer Security Incident Response Team | | Defining Incident Management Part 1 of 2 | | Defining Incident Management Part 2 of 2 | | Defining CSIRTs | | Types of CSIRTs | | Setting the Context | | Defining Your Framework Part 1 of 2 | | Defining Your Framework Part 2 of 2 | | Capability Strategies | | CSIRT Components | | CSIRT Components: Organizational Issues | | CSIRT Components: Resources | | Range and Level of Services | | Policy and Procedure Examples | | Range and Level of Services Summary | | Ideas for Your Action Plan | | Taking the Next Steps | | CSIRTs Resource Overview |
|
|
|
| Cryptocurrency for Law Enforcement 2 hours | Skill Level: Beginner | | | + Description | | | This course covers the history, risks, and legality of cryptocurrency as well as discusses what cryptocurrency items can be seized by law enforcement.
Learning Objectives:
- Define cryptocurrency and compare it to traditional currency.
- Describe the history of cryptocurrency.
- State the elements of a cryptocurrency transaction and their roles.
- Describe safety measures taken to protect cryptocurrency.
- Identify items that serve as wallets for cryptocurrency and could be seized by law enforcement.
- Evaluate apps and websites that could be linked to cryptocurrency.
- Compare degrees of anonymity of various cryptocurrencies.
- Compare legal and illegal uses of cryptocurrency.
- Evaluate the legality of different cryptocurrency scenarios.
- Identify notable cases of illegal uses of cryptocurrency found in recent headlines.
Date: 2019
Training Purpose: Investigate
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Investigate |
Cyber Investigation |
Cyber Crime Investigator |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
|
| |
|
| Cyber Awareness Challenge 2019 1 hour | Skill Level: Beginner | | | + Description | | | This course provides an overview of cybersecurity threats and best practices to keep information and information systems secure. Every year, authorized users of certain information systems must complete the Cyber Awareness Challenge to maintain awareness of and stay current on new cybersecurity threats. The training also reinforces best practices to keep personal information and information systems secure and stay abreast of changes in general cybersecurity policies.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
|
| |
|
| Cyber Dark Arts 3 Hours | Skill Level: Intermediate | | | + Description | | | This course highlights 'dark' or deceptive activities that are employed by malicious users via the Internet. Several legitimate purpose technologies and techniques and how they are leveraged, or manipulated for fraudulent purposes, is discussed. Threats from topics such as zero-day attacks, dark web, alternate OSs, VPN/TOR, weaponized psychology, and anonymous services will be detailed, as well as methods for concealing one’s identity. These methods are taught in order for cybersecurity experts to defend against such attacks. The course includes reinforcing video demonstrations.
Learning Objectives:
- Explain several techniques for obfuscating online activities.
- List examples of technologies leveraged for deceptive purposes.
- Detail best practices for prevention and protection from malicious cyber activities.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operations |
Cyber Operator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| | + Course Modules/Units | | | | Cyber Dark Arts | | Weaponized Psychology | | DEMO: Password Cracking Using Hydra | | Scanning for Vulnerable Devices and Networks | | Anonymous Web Hosting, Searching, and Browsing | | Alternative Operating Systems | | Tails, Whonix, and Qubes | | Secure Messaging Services | | Blockchain and Cryptocurrency | | DEMO: Blockchain and Cryptocurrency | | DEMO: Iodine IP over DNS | | DEMO: TOR versus Traditional Tunneling | | Advanced Persistent Threats | | Cyber Dark Arts Exam |
|
|
|
| CyberEssentials 1 Hour | Skill Level: Beginner | | | + Description | | | This course focuses on how leaders can develop actionable items to start implementing organizational cybersecurity practices and introduces the six essential elements of building a culture of cyber readiness.
Learning Objectives:
- Identify actionable items to reduce your organization's cyber risks through a holistic approach.
- Identify the six essential elements of building a culture of cyber readiness.
- Identify the steppingstones to building a culture of cyber readiness.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Oversee and Govern |
Strategic Planning and Policy |
Strategic Planning and Policy Planner |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
|
| |
|
| Cyber Fundamentals for Law Enforcement Investigations 8 Hours | Skill Level: Beginner | | | + Description | | | This course serves as an introduction and overview of several concepts and technologies that may be encountered as part of an investigation with a digital or cyber component. Starting with the basics of how devices communicate, the course continues with technical concepts and applications that may be used to facilitate or investigate incidents. Content includes lab exercises and practical application takeaways to reinforce concepts, and a course exam.
Learning Objectives:
- Describe essential computing communication concepts.
- Identify digital evidence sources and handling.
- Apply techniques to examine applications for target information.
Date: 2017
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
| Investigate |
Cyber Investigation |
Cyber Crime Investigator |
|
| | + Course Modules/Units | | | | Cyber Investigation Course Intro | | Cyber Crimes versus Traditional Crimes | | Cyber Laws Overview | | Logical and Physical Addresses | | Dissecting a Data Packet | | How Computers Connect | | IP Addresses and Domain Names | | IP Addresses | | Domain Naming | | NSlookup Dig Google Toolbox | | Digital Artifacts Basics | | Site Survey and Collection | | Determining Sophistication | | Time Standardization | | Requesting Digital Forensic Artifacts | | Footprinting | | Handling Untrusted or Unknown Files | | Setting Up an Analysis Environment | | Examining Images | | Intro to Encryption | | Detecting Encryption | | Malware Awareness | | Malware Propagation | | Malware History | | Remote Access | | Understanding Insider Threat | | Introduction to Peer-to-Peer | | Advanced IP Tunneling Overview | | TOR versus Traditional Tunneling | | Iodine IP over DNS | | Email Analysis | | Phishing Message Analysis | | Online Auctions | | Open Source Searches Using Facebook | | Open Source Searches Using Twitter | | Google FU | | Cyber Investigations Exam | | Domain Information Lookup | | Examining EXIF Data and Images | | Computing and Comparing Hash Values | | File Search Techniques | | Open Source Twitter Searches |
|
|
|
| Cybersecurity Analyst 12.5 Hours | Skill Level: Intermediate | | | + Description | | | The Cybersecurity Analyst course is designed to help reinforce concepts for cyber work roles that require monitoring and information analysis to respond to suspicious events. This intermediate-level course focuses on defense techniques leveraging data and tools to identify risks to an organization, and apply effective mitigation strategies to detect and respond to threats.
Learning Objectives:
- List common cyber threats and examples of scanning and assessment tools and techniques to identify potential vulnerabilities.
- Analyze data from various sources to identify vulnerabilities and recommend strategies for mitigation.
- Configure and implement threat detection tools to detect incidents, and effectively respond and recover.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat Analyst |
| Protect and Defend |
Cybersecurity Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analysts |
|
| | + Course Modules/Units | | | | Reconnaissance | | Port Scanning for Active Reconnaissance | | Environmental Reconnaissance Tools | | Social Engineering for Reconnaissance | | Network Mapping for Active Reconnaissance | | Syslog | | Reviewing Alerts/Detecting Attack Phases | | Common Tasks in Environmental Reconnaissance | | Environmental Reconnaisannce Variables | | Basic Packet Analysis | | Methods of Network Traffic Analysis | | Network Traffic Analysis | | Netflows | | Working with Netflows | | Netflow Tools | | Examining Log Files | | Data Correlation and Analytics | | Analyzing Device Data | | SIEM | | DEMO: Wireshark Packet Analyzer | | Hardening Network Devices | | Network Segmentation and Design | | Honeypot | | Endpoint Security | | Windows Group Policy | | Access Control Models | | Remote Authentication - Radius and Tacacs+ | | Hardening Host and Networked Systems | | Compensating Controls | | Corporate Penetration Testing | | Reverse Engineering Purpose and Practice | | Team Training and Exercises | | Risk Evaluation and Security Controls | | Vulnerability Assessment Introduction | | Vulnerability Management Requirements | | Vulnerability Scanner Configuration | | Vulnerability Assessment Tools | | Scanning and Enumeration with Nmap | | Intro to Vulnerability Scanning with Nessus | | Vulnerability Remediation | | Scanning and Report Viewing with OpenVAS | | Endpoint and Protocol Analysis | | Logging Strategies and Sources | | Reviewing, Analyzing and Correlating Logs | | Network Vulnerabilities | | System Vulnerabilities | | Web Application Vulnerabilities | | Wireless Network Vulnerabilities | | Virtual Infrastructure Vulnerabilities | | Threats to Mobile Devices | | ICS and SCADA Systems Security | | Malware and Social Engineering Threats | | Preparing for Impact Analysis | | Forensics Kit and Incident Response | | Forensic Investigation Suite | | Setting Up an Analysis Environment | | Communication During Incident Response | | Common Symptoms of Host Infection | | Incident Response and Recovery Part 1 of 2 | | Incident Response and Recovery Part 2 of 2 | | Regulatory Compliance and Frameworks | | Control Selection Tailoring and Implementation | | Verification and Quality Control | | Procedures Supporting Policy | | Enterprise Network Authentication Part 1 of 2 | | Enterprise Network Authentication Part 2 of 2 | | Cross-site Scripting and Other Exploits | | Privilege Escalation Exploit | | Technical Processes and Controls | | Software Development Models and SDLC | | Code Review and Testing | | Secure Coding Best Practice Resources | | Preventative Cyber Tools | | Collective Cyber Tools | | Analytical Cyber Tools | | Exploit Cyber Tools | | Forensics Cyber Tools | | Course Test |
|
|
|
| Cyber Security Investigations 9 Hours | Skill Level: Beginner | | | + Description | | | This course discusses the basic concepts of cybersecurity and digital forensics investigation practices. Topics include performing collection and triage of digital evidence in response to an incident, evidence collection methodologies, and forensic best practices. This is an introductory course reviewing the processes, methods, techniques, and tools in support of cyber security investigations.
Learning Objectives:
- Understand the process of integrating forensics collection and analysis program into an organization.
- Recognize concepts involved in the Forensic Process.
- Apply necessary preparation to perform collections and incident response according to best practices.
- Understand methods, goals and objectives for digital forensic collection activities.
- Apply techniques and tools for conducting evidence collection, triage, and log analysis.
Date: 2015
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operations |
Cyber Operator |
| Investigate |
Cyber Investigation |
Cyber Crime Investigator |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| | + Course Modules/Units | | | | Purpose of Computer and Network Forensics | | Digital Forensics Tools | | Forensics Team Staffing Considerations | | Digital Forensics Guidelines, Policies, and Procedures | | Digital Forensics Life Cycle | | Digital Forensics Best Practices | | Digital Forensics Concepts | | Locard's Exchange Principle | | Incident Response Phases Part 1 of 3 | | Incident Response Phases Part 2 of 3 | | Incident Response Phases Part 3 of 3 | | Computer Forensics Process Part 1 of 2 | | Computer Forensics Process Part 2 of 2 | | Digital Forensic Planning and Preparation | | IR and Digital Forensics Tools | | Forensically Prepared Media, Tools and Equipment | | Incident Response Information Gathering | | Incident Response Acquisition Considerations | | Incident Response Notes and Documentation | | Auditing Windows Event Logs | | Volatile Data Collection | | Storage Media Collection | | Network Data Collection | | Log Collection | | Data Carving using FTK | | Digital Forensic Triage Overview | | Incident Triage Process | | Incident Triage Methodology | | Attacker Methodology Overview Part 1 of 3 | | Attacker Methodology Overview Part 2 of 3 | | Attacker Methodology Overview Part 3 of 3 | | Triage: Light and General Collections | | Triage Analysis | | Triage Analysis of Volatile Data | | Program Execution | | Analyzing Services | | Malware Vectors and Detection | | Mobile Device Triage Analysis | | IR: Following a Trail | | Hash and File Signature Analysis | | Time Analysis | | Registry Analysis | | File Analysis Demonstration | | Hashing with md5deep | | Hash Analysis with Autopsy | | Lessons Learned from an Incident | | Lessons Learned from Objective and Subjective Data | | Evidence Retention and Information Sharing Post Incident | | Cyber Security Investigations Exam |
|
|
|
| Cyber Security Overview for Managers 6 Hours | Skill Level: Beginner | | | + Description | | | This course is designed for managers and other stakeholders who may be involved in decision making regarding their cyber environment, but do not have a strong technical background. Discussions will not focus on specific technologies or implementation techniques, but rather cybersecurity methodologies and the framework for providing a resilient cyber presence. The course aims to help managers better understand how people and devices work together to protect mission-critical assets and more effectively evaluate their cyber posture.
Date: 2012
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Management |
| Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
|
| | + Course Modules/Units | | | | Cyber Security Overview Course Introduction | | Key Concepts in Cyber Security Part 1 of 2 | | Key Concepts in Cyber Security Part 2 of 2 | | Cyber Security Role in Culture, Vision, and Mission | | Roles and Responsibilities in Cyber Security Part 1 of 2 | | Roles and Responsibilities in Cyber Security Part 2 of 2 | | Cyber Security Governance | | Cyber Security and Federal Guidelines | | Impact and Limitations of Laws | | Threat Actors | | Common Threats to Cyber Security Part 1 of 2 | | Common Threats to Cyber Security Part 2 of 2 | | Mobile Security and Mobile Threats | | Cyber Security and Cloud Computing | | Controls, Countermeasures, and Cyber Security | | Risk Management Overview | | Determining Critial Assents and Processes | | Asset Criticality Demo | | Risk and Threats and Vulnerabilities | | Determining Risk and Impact | | Risk Mitigation Strategy | | Risk Assessment Methodologies | | Incident Handling and Business Continuity | | Business Continuity Plans and Procedures | | Disaster Recovery Plans and Procedures | | Cyber Security Overview Course Quiz |
|
|
|
| Cybersecurity for Technical Staff 17.5 Hours | Skill Level: Beginner | | | + Description | | | This course highlights best practices applicable to a wide variety cybersecurity job roles. Topics include risk management, architecture and design, and tools and technologies. This course also covers key concepts for detecting, protecting, and defending from security threats.
Learning Objectives:
- List common cyber threats and how scanning and assessment tools and techniques identify potential vulnerabilities.
- Explain how various tools and technologies are configured or deployed to support an organization's security posture.
- Detail risk management best practices and mitigation strategies.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Malware: Viruses | | Malware: Rootkits, Trojans, Botnets | | MITM, DoS, Packet Flooding and Other Attacks | | Backdoor, Spoofing, Replay and Other Attacks | | Password, Birthday, Crypto and Application Attacks | | Social Engineering Techniques | | Wireless Attacks | | Application Attacks | | Threat Actors | | Assessment Tools and Techniques | | Active and Passive Reconnaissance | | Security Testing and Assessment | | Firewall Implementations | | Proxy Server Implementations | | Hubs and Switches | | Routers and Routing Protocols | | Remote Access and VPNs Part 1 of 2 | | Remote Access and VPNs Part 2 of 2 | | Network Intrusion Detection Systems | | Host-Based Intrusion Detection Systems | | Password Cracking Categories and Tools | | Password Cracking Techniques | | DEMO: Local Information Gathering Tools | | DEMO: Network Connectivity Testing Tools | | DEMO: Remote Information Gathering Tools | | Mobile Device Security | | Mobile Device Deployment | | Network Security Protocols | | Network Services and Protocols | | Frameworks and Reference Architectures | | Network Zones | | Demilitarized Zones (DMZ) Implementations | | Security Device and Technology Placement | | Host Security: OS Hardening and Firewalls | | Host Security: Anti Virus, Malware and Spam | | Host Security: Pop Ups and Patch Management | | Secure Static Environment | | Secure Staging Deployment Concepts | | Cloud and Virtualization Concepts | | Cloud Architectures | | Host Security: Virtualization | | Resiliency and Automation to Reduce Risk | | Physical Security and Environmental Controls | | Access Control Categories | | Authentication Services | | Access Control Models | | Authentication and Authorization Concepts | | Biometric Authentication | | Account Management | | Identity Management | | Security Awareness and Training | | Risk and Related Concepts | | Risk and Asset Identification | | Threat and Risk Calculation | | Risk Control Types | | Security Control Types and Categories | | Basic Forensics Procedures | | Incident Handling and Forensics | | Incident Response Preparation | | Risk Management: Business Continuity | | Risk Management: Redundancy and Fault Tolerance | | Risk Management: Disaster Recovery | | Risk Mitigation Strategies | | Data Security | | Data Destruction and Disposal Methods | | Data Sensitivity and Handling | | Mitigation and Deterrence: Logging | | Mitigation and Deterrence: Hardening | | Mitigation and Deterrence: Network Security | | Mitigation and Deterrence: Attack Countermeasures | | Cryptography Part 1 of 2 | | Cryptography Part 2 of 2 | | Wireless Security Evolution | | Wireless Security Best Practices | | Cryptographic Keys and PKI | | Course Test |
|
|
|
| Cyber Supply Chain Risk Management 2 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on cyber supply chain risk management, also known as C-SCRM, and the role it plays within our society today. This course will explain how to securely provision, analyze, oversee and govern, protect and defend a supply chain.
Learning Objectives:
- Describe product supply chains and life cycles.
- Identify the role of adversaries in supply chain risk management.
- Define the risks associated with supply chains.
- State the principles of supply chain management.
- Identify security measures taken to protect a supply chain.
- Apply suggested tools to address supply chain vulnerabilities.
- Explain how knowledge of the "internet of things" (IoT) is used to evaluate products as IoT devices.
- Recognize potential dangers posed by various devices brought to work.
- Identify the threats outlined for acquisitions personnel through the Federal Acquisition Regulation (FAR).
- Define how to personally safeguard your organization’s cybersecurity.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Analyze |
Threat Analysis |
Threat/Warning Analysis |
| Analyze |
Targets |
Target Developer, Target Network Analyst |
| Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Securely Provision |
Software Development |
Software Developer |
| Securely Provision |
Systems Development |
Systems Developer |
|
| |
|
| DB Evaluations using AppDetectivePro and dbProtect 1.5 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on basic database security concepts and methodology. This course demonstrates how tools such as AppDetectivePRO and DbProtect can be used to scan databases in order to uncover configuration mistakes, identification and access control issues, missing patches or any toxic combination of settings that could lead to escalation-of-privilege or denial-of-service attacks, data leakage, or unauthorized modification of data.
Learning Objectives:
- Understand importance of database security.
- Understand how tools such as AppDetectivePRO and db-Protect can be used to evaluate a database's security posture.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
Systems Development |
Systems Developer |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| | + Course Modules/Units | | | | Importance of Databases Security | | Databases Security Methodology | | AppDetectivePRO Overview | | DbProtect Overview | | DbProtect Deployment Model | | DbProtect Features | | DbProtect Demonstration |
|
|
|
| p DNS | Skill Level: Beginner | | | + Description | | | This course is an introduction to the Domain Name System, or DNS. DNS is a core infrastructure protocol of the internet, and one of the oldest internet application protocols still in use. In this course, you will learn why DNS was created; the main purposes it currently serves; and how it works. This course is intended for security operations professionals. |
| | + Course Modules/Units | | | | Deep DNS: Purpose, History, and Structure of DNS - Module 1.1 | | Deep DNS: DNS Applications - Module 1.2 | | Deep DNS: DNS Analysis Tools - Module 1.3 | | Deep DNS: DNS Transport Mechanisms - Module 2.1 | | Deep DNS: DNS as a Transport Mechanism - Module 2.2 | | Deep DNS: Subverting DNS Integrity - Module 2.3 |
|
|
|
| Demilitarized Zone (DMZ) with IDS/IPS 9 Hours | Skill Level: Intermediate | | | + Description | | | This course introduces the concept of a network Demilitarized Zone (DMZ) and the security benefits it can provide. This course focuses on best practices for designing and implementing a DMZ and includes a section on Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS) that provides an in-depth look at SNORT for network monitoring. The course concludes with log analysis and management best practices.
Learning Objectives:
- Present an overview of the DMZ security model and key components.
- Discuss DMZ structure, purpose, and operation.
- Present different models for implementation to meet network requirements.
- Discuss the network threats that a DMZ can detect and mitigate.
Date: 2013
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| | + Course Modules/Units | | | | Demilitarized Zone (DMZ) Introduction | | DMZ Architecture | | DMZ Components: Firewalls Part 1 of 2 | | DMZ Components: Firewalls Part 2 of 2 | | Setting up a DMZ using IPTables Demo | | DMZ Components: IDS | | DMZ Components: IDS/IPS Placement | | DMZ Components: Proxy Servers | | DMZ Components: Network Servers | | DMZ Architectures | | Attacking the DMZ Part 1 of 2 | | Attacking the DMZ Part 2 of 2 | | DMZ Attack Types Part 1 of 2 | | DMZ Attack Types Part 2 of 2 | | DMZ: Open Source vs Commercial Implementations | | DMZ: Software Subscription Services | | Open Source DMZ Tools Part 1 of 2 | | Open Source DMZ Tools Part 2 of 2 | | Proxy Concepts | | DNS Concepts | | Web Server Concepts | | E-mail Relay and VPN Concepts | | DMZ and Commercial Software - Part 1 | | DMZ and Commercial Software - Part 2 | | Security Capabilities in a DMZ | | Security Capabilities in Procmail Demo | | Network Security Appliances IDS | | Snort Intro and Overview | | Using BASE w Snort DB | | Snort Demo | | Log Mgmt and Analysis Concepts | | SYSLOG Basics | | Using Swatch Overview | | Log Management Best Practices | | Proxy and DNS Log File Concepts | | Analyzing Proxy and DNS Log Files | | DMZ with IDS/IPS Course Quiz |
|
|
|
| DNSSEC Training Workshop 2 Hours | Skill Level: Advanced | | | + Description | | | This course covers the basics of Domain Name System Security Extensions (DNSSEC), how it integrates into the existing global DNS and provides a step-by-step process to deploying DNSSEC on existing DNS zones.
Learning Objectives:
- Discuss DNSSEC and supporting mechanisms.
- Sign a DNS zone.
- Configure Delegation Signer (DS) resource records.
- Set up a Secure Resolver.
- Discuss server operational considerations.
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
Systems Architecture |
Security Architect |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
|
| | + Course Modules/Units | | | | DNSSEC Introduction | | DNS Resolution Steps | | DNS Vulnerabilities and Security Controls | | DNSSEC Mechanisms | | DNS Resource Records (RR) | | Special DNS Resource Records | | DNS Zone Signing | | Secure DNS Zone Configuration-DNSSEC Key Generation | | Prepare the DNS Zone File for Signing | | Signing the DNS Zone file | | Publishing a signed zone | | Testing a signed zone | | Testing a signed zone through a validator | | DNSSEC Chain of Trust | | Setting Up A Secure Resolver | | Adding a trusted key | | Securing the last hop | | ZSK Rollover | | Using pre-published keys | | KSK Rollover | | Conclusions |
|
|
|
| Don't Wake Up to a Ransomware Attack 1 Hours | Skill Level: Beginner | | | + Description | | | Ransomware attacks hit a new target every 14 seconds: shutting down digital operations, stealing information and exploiting businesses, essential services and individuals alike. "Don't Wake Up to a Ransomware Attack" provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to prevent, mitigate, and respond to the ever-evolving threat of ransomware.
This webinar includes the following information and more:
- Definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time
- Common signs of a ransomware attack and how to respond if an attack is suspected
- Guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack
- Case studies demonstrating the impacts of ransomware attacks
- A concluding Knowledge Check to reinforce understanding and key takeaways
Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from ransomware cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.
- Define ransomware
- Be able to identify signs of a ransomware attack
- Learn mitigation steps of ransomware attacks
- Understand how to recover from a ransomware attack
- Understand impacts of ransomware attacks though case studies
Date: 2020
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
Mission Assessment Specialist |
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Analyze |
Threat Analysis |
Threat/ warning analyst |
| Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
| Operate and Maintain |
Data Administration |
Data analyst, database administrator |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
| Protect and Defend |
Incident Response |
Cyber defense incident responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
| Dynamic Testing using HPE WebInspect 1.5 hours | Skill Level: Beginner | | | + Description | | | This course introduces learners to dynamic testing tools for web applications and demonstrates how they can be used to identify, evaluate, and mitigate a web application’s potential security vulnerabilities. The focus is on using HPE WebInspect to perform and manage dynamic security vulnerability testing and address results from a developer’s perspective/cybersecurity professional's perspective.
Learning Objectives:
- Understand how dynamic testing tools work on web-based applications.
- Utilize dynamic testing tools to find common Weakness Enumeration.
Date: 2014
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
Systems Development |
Systems Developer |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| | + Course Modules/Units | | | | Application Security | | WebInspect Dynamic Analysis | | Installing WebInspect | | Run a WebInspect Scan | | WebInspect Demonstration | | Policy Manager Demonstration | | Default Settings Demonstration | | Reports | | Application Settings and Tools | | Comparing Scans | | Testing in a Closed versus Open Network | | WebInspect Agent, Web Services |
|
|
|
| Elections and IT Embrace your role as a Manager - 3.5 Hours | Skill Level: Beginner | | | + Description | | | This course is a collaboration between the U.S. Election Assistance Commission (EAC) and the U.S. Department of Homeland Security (DHS) and provides an opportunity to learn why election officials must view themselves as IT managers. The course serves as an overview of information technology and how to ensure security is included in the planning, procuring, designing, implementing, and maintaining of interconnected electronic election systems, including public-facing websites. The content introduces the key concepts of identifying vulnerabilities and how to protect election systems from internal and external threats and provides information on cybersecurity resources available from the EAC and DHS.
Date: 2018
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative |
|
| | + Course Modules/Units | | | | Professionalizing Election Admin Intro | | Being an IT Manager | | Election Systems | | Procuring IT | | Testing and Audits | | Election Security | | Principles of Information Security | | Cybersecurity and Elections | | Risk Management and Elections | | Phishing and Elections | | Election Infrastructure Security | | DHS Cyber Security Tools and Services | | EAC Resources |
|
|
|
| The Election Official as IT Manager 4 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on why Election Officials must view themselves as IT systems managers and introduces the knowledge and skills necessary to effectively function as an IT manager. Th ecourse includes a review of Election Systems, Election Night Reporting, and Interconnected Election Systems vulnerabilities and liabilities. The content also covers Social Media and Website best practices, vulnerabilities, and liabilities, and addresses Procuring IT, Vendor Selection, Testing and Audits, Security Measures, and Risk Assessments. In addition, this course includes a review of resources available to the election community from the Department of Homeland Security.
Date: 2018
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative |
|
| | + Course Modules/Units | | | | Professionalizing Election Admin Intro | | Being an IT Manager | | Election Systems | | Technology and the Election Office | | Procuring IT | | Testing and Audits | | Election Security | | Principles of Information Security | | Physical Security | | Cybersecurity and Elections | | Human Security | | Risk Management and Elections | | Incident Response Scenarios and Exercises | | Phishing and Elections | | DDOS Attacks and Elections | | Website Defacing | | Election Infrastructure Security | | DHS Cyber Security Tools and Services | | EAC Resources |
|
|
|
| Emerging Cyber Security Threats 12 Hours | Skill Level: Intermediate | | | + Description | | | This course covers a broad range of cybersecurity elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. It will cover what the policies are, the roles it plays in cybersecurity, how they are implemented. The course will also look at cybersecurity laws, standards, and initiatives. Topics include policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.
Date: 2010
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analysis |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Introduction to Cybersecurity Policy | | Types of Security Policy | | Policy Education and Implementation | | Cybersecurity Laws | | Proposed Legislation | | NIST Cybersecurity Standards | | Other Cybersecurity Standards | | Comprehensive National Cybersecurity Initiatives (CNCI) | | Other Federal Cybersecurity Initiatives | | Implementing Cybersecurity Initiatives | | SPAM | | Malware Trends | | Botnets | | Monetization | | Cyber Attack Profiles | | Cyber Crime | | Cyberwarfare | | Cyber Attack Attribution | | Cyber Threat Mitigation | | Mobile Device Trends | | Mobile Device Threats | | Mobile Device Countermeasures | | Exploited Threats | | What is Cloud Computing? | | Technical Risks | | Operational Risks | | Risk Mitigation Strategies | | DISA Cloud Solutions | | RFID Introduction | | RFID Threats | | RFID Countermeasures | | Exploited Threats | | Introduction and MAC Address Monitoring | | MAC Address Spoofing | | Managing Traffic Flows | | VLANs and Security | | 802.1x Port Authentication | | Network Admission Control | | Securing STP | | Securing VLANs and VTP | | Introduction and Edge Security Traffic Design | | Blocking DoS and DDoS Traffic | | Specialized Access Control Lists | | Routers with Firewalls | | Beyond Firewalls: Inspecting Layer 4 and Above | | Securing Routing Protocols and Traffic Prioritization | | Securing Against Single Point of Failures | | Physical and Operating System Security | | Management Traffic Security | | Device Service Hardening | | Securing Management Services | | Device Access Hardening | | Device Access Privileges | | Name Resolution Introduction | | Name Resolution and Security | | DNS Cache | | DNS Security Standards and TSIG | | DNSSEC | | Migrating to DNSSEC | | Issues with Implementing DNSSEC 1 | | Issues with Implementing DNSSEC 2 | | IPv6 Concepts | | IPv6 Threats | | IPv6 Network Reconnaissance | | DEMO: IPv6 Network Reconnaissance | | IPv6 Network Recon Mitigation Strategies | | IPv6 Network Mapping | | DEMO: IPv6 Network Mapping | | IPv6 Network Mapping Mitigation Strategies | | IPv6 Neighbor Discovery | | DEMO: IPv6 Address Assignment | | IPv6 Attacks | | DEMO: IPv6 Alive Hosts | | DEMO: IPv6 Duplicate Address Detection (DAD) | | DEMO: IPv6 DAD Denial of Services (DOS) | | DEMO: IPv6 Fake Router Advertisement | | DEMO: IPv6 Man-in-the-middle | | IPv6 Attack Mitigation Strategies | | IPv6 Tunneling | | IPv6 Windows Teredo Tunneling | | IPv6 Tunneling Mitigation Strategies | | IPv6 Best Practices |
|
|
|
| Enterprise Cybersecurity Operations 24 Hours | Skill Level: Intermediate | | | + Description | | | This course highlights technical knowledge and skills required for implementing secure solutions in the enterprise. A broad spectrum of disciplines is covered to aid practitioners in applying frameworks and controls to improve the security posture while supporting the business mission.
Learning Objectives:
- Describe risk management's role in the enterprise and mitigation strategies for specific threats.
- Detail implementing network security strategies and controls for connected devices.
- Explain how cloud technologies are leveraged and can support a secure enterprise architecture.
- List sources and methods to help stay current with cybersecurity best practices and threat trends and analyzing potential impact to the enterprise.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Collect and Operate |
Cyber Operations Planning |
Cyber Ops Planner |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Securely Provision |
Risk Management |
Security Control Assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect |
|
| | + Course Modules/Units | | | | Configuration Strategies w/ Spec Compon | | Cryptographic Terms and Implementations | | Cryptographic Tools and Techniques Part 1 of 2 | | Cryptographic Tools and Techniques Part 2 of 2 | | Hybrid Encryption in SSL Demo | | Encryption Limitations and Key Length Part 1 of 2 | | Encryption Limitations and Key Length Part 2 of 2 | | DEMO: Volume and File Encryption | | Hash Functions and Algorithms | | Digital Signatures | | Digital Certificate Elements | | CAs and Public Key Infrastructure | | Origins For Cryptographic Standards | | Virtual Networking | | Intro to Virtualized Computing Part 1 of 2 | | Intro to Virtualized Computing Part 2 of 2 | | VLANs and Switching | | Storage Types and Considerations | | Enterprise Storage | | Enterprise Storage Connection Terms | | Enterprise Storage and RAID | | Securing iSCSI and FCoE and Managing Storage | | Network Security Concepts | | Network Zones and Remote Access | | NW Components Routers and Firewalls Part 1 of 2 | | NW Components Routers and Firewalls Part 2 of 2 | | NW Components Intrusion Detection Systems | | Networked-based IDS and IPS Deployment | | Securing Wireless Part 1 of 2 | | Securing Wireless Part 2 of 2 | | DMZ Components | | Web Services Concepts | | Web Servers and DNS | | Securing DNS Best Practices | | Proxy Servers and SMTP Relay | | NAT and PAT | | Infra Design : Firewalls and Proxies | | Infra Design : IDS and IPS | | Infra Design : Syslog and SIEMs | | Infra Design : Switch and Router Security | | Infra Design : VPNs and SNMP | | SCADA Environments | | Application Security : VTC and VoIP | | Application Security : Databases and Web Services | | Application Security : IPv6 | | Physical Security Concerns and Controls | | Host Security Controls Part 1 of 2 | | Host Security Controls Part 2 of 2 | | Web Application Security Design | | DEMO: Whitelisting and Blacklisting | | Specific Application Issues | | Client side vs Server side Processing | | Analyzing Business Risk | | Risk Management in New Business Models | | Risk Mitigation Strategies and Controls | | Security Impact of Inter Organizational Change | | Calculating Risk Exposure | | Incident Response Concepts | | Incident Response and Recovery Process | | Privacy Policy and Procedures Part 1 of 2 | | Privacy Policy and Procedures Part 2 of 2 | | Assessment Tools | | Assessment Methods | | Assessment Methodologies | | Cybersecurity Benchmarks | | Security Metrics | | Situational Awareness | | Analyzing Industry Trends Part 1 of 3 | | Analyzing Industry Trends Part 2 of 3 | | Analyzing Industry Trends Part 3 of 3 | | Applying Analysis to Improve Enterprise Security Part 1 of 4 | | Applying Analysis to Improve Enterprise Security Part 2 of 4 | | Applying Analysis to Improve Enterprise Security Part 3 of 4 | | Applying Analysis to Improve Enterprise Security Part 4 of 4 | | Integrating Enterprise Disciplines Part 1 of 2 | | Integrating Enterprise Disciplines Part 2 of 2 | | Security Controls for Communication and Collaboration | | Adv Authentication Tools and Techniques | | Software Development Models | | System Dev Life Cycle and CS | | IT Governance | | Cloud based Deploy Models | | Cloud Security | | Identity Management | | Securing Virtual Environments Part 1 of 3 | | Securing Virtual Environments Part 2 of 3 | | Securing Virtual Environments Part 3 of 3 | | Enterprise Storage Advantages and Security Measures | | Enterprise Network Authentication Part 1 of 2 | | Enterprise Network Authentication Part 2 of 2 | | Practice Exam |
|
|
|
| RAMP — A Leader's Dashboard for Compliance (Professors in Practice Series) | Skill Level: Beginner | | | + Description | | | In this hour-long webinar National Defense University Professor Roxanne Everetts discusses some key leadership decisions around using Federal Risk and Authorization Management Program (FedRAMP) solutions. FedRAMP is a unique government cloud - it is a combination of cloud security, cybersecurity, and risk management.
Learning Objectives:
- Explain FedRAMP and why Federal agencies use FedRAMP. (Hint: It's the law!)
- Discuss knowledge key leaders need for cloud solutions, including: FedRAMP structure, how it helps, and how agencies can leverage it.
- Describe the FedRAMP governing bodies.
- Examine the roles of Cloud Service Providers (CSPs) and Third-Party Assessment Organizations (3PAOs) as FedRAMP participants.
- Identify agency responsibilities, which include ensuring they have an Authority to Operate (ATO) letter on file with the FedRAMP Program Management Office (PMO).
- Explore the FedRAMP Security Framework (SAF), based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37.
- Use the FedRAMP Marketplace to find services that meet agency needs. Any service listed in the Marketplace meets federal security requirements and has already been authorized.
Date: 2020
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
| Securely Provision |
Systems Requirement Planning |
Systems Requirements Planner |
|
| |
|
| Foundations of Cybersecurity for Managers 2 Hours | Skill Level: Beginner | | | + Description | | | This course is designed for managers and other stakeholders who may be involved in decision making that would include considerations for security in a cyber environment but do not have a strong technical background. Discussions focus on cybersecurity concepts and methodologies that are part of building a resilient cyber enterprise. This course explains how people and technology work together to protect mission-critical assets, and the frameworks leveraged to assess and apply security controls. Beginning with governance, laws, and regulations, the course progresses into threats to the environment and identifying corresponding controls and countermeasures, concluding with strategies for business continuity.
Learning Objectives:
- Know key concepts of cybersecurity and its relation to the business mission.
- Recall risk management strategies and related frameworks.
- Identify how cloud services are leveraged and pros and cons of doing so.
- Describe common threats, threat actor types, and mitigation techniques.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
|
| | + Course Modules/Units | | | | Cybersecurity Introduction | | Cybersecurity Workforce | | Cybersecurity Governance | | Cybersecurity Guidance Resources | | Laws and Cybersecurity | | Common Cyber Threats | | Threat Actors | | Cybersecurity and Mobile Devices | | Security Controls | | Security Tools and Measures | | Introduction to Cloud Computing | | Cloud Architectures and Deployment Models | | Cloud Threats and Attacks | | Cloud Security | | Risk Management Overview | | Incident Response and Digital Evidence Types | | Risk and Planning Strategies | | Foundations of Cybersecurity for Managers Exam |
|
|
|
| Foundations of Incident Management 10.5 Hours | Skill Level: Beginner | | | + Description | | | This course introduces basic concepts and functions of incident management. This includes where incident management activities fit in the information assurance or information security ecosystem and covers the key steps in the incident handling lifecycle with practices to enable a resilient incident management capability.
Learning Objectives:
- Explain the role of incident management.
- Distinguish between incident management and incident handling.
- Outline the incident handling lifecycle.
- Identify key preparations to be established to facilitate incident handling.
- Distinguish between triage and analysis.
- Identify the basic steps in response.
Date: 2015
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| | + Course Modules/Units | | | | Foundations of Incident Management Course Intro | | Framing The Need For Incident Management | | Incident Management Terms and Processes | | Institutionalizing Incident Management Capabilities | | Stakeholders in Incident Management | | CERT and Other’s Perspective on Threats and Trends | | Incident Management Terminology | | Incident Management Attack Classes and Actors | | Incident Management Malware and DoS Examples | | Incident Management Prevention, Detection, and Response | | Incident Handling Lifecycle - Prepare | | Incident Handling Information | | Analyzing Attack Information | | Incident Management Monitoring Tools | | Incident Management Detection Process | | Process to Support Incident Detection and Reporting | | What is Situational Awareness? | | Non Technical Elements of Situational Awareness | | Technical Elements of Situational Awareness | | Using Sensors for Requirements Gathering | | Incident Handling Lifecycle: Analysis | | Incident Handling Lifecycle: Triage | | Questions Addressed in Triage | | Objectives of Incident Analysis | | Tasks of Incident Analysis Part 1 of 2 | | Tasks of Incident Analysis Part 2 of 2 | | Data Sources for Analysis | | Examples of Data Sources for Analysis | | Incident Analysis Exercise Scenario | | Preparing For Impact Analysis | | Conducting Impact Analysis | | Response and Recovery Part 1 of 2 | | Response and Recovery Part 2 of 2 | | Mission of the Response Process | | Coordinating Response Part 1 of 2 | | Coordinating Response Part 2 of 2 | | Sample Attack Mitigations | | Benefits and Motivations of Information Sharing | | Methods of Information Sharing | | Data Models for Information Sharing | | STIX/TAXII Protocol | | Foundations of Incident Handling Course Summary | | Foundations of Incident Management Course Exam |
|
|
|
| Fundamentals of Cyber Risk Management 6 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on key concepts, issues, and considerations for managing risk. Discussions include identifying critical assets and operations, risk assessment and analysis methodologies, risk management frameworks, and how to determine threats to your business function, mitigation strategies, and response and recovery.
Learning Objectives:
- Describe key concepts related to cyber risk management.
- Detail risk assessment and analysis methodologies and frameworks.
- Identify security controls and countermeasures to mitigate risks and support response and recovery.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Securely Provision |
Risk Management |
Security Control Assessor |
|
| | + Course Modules/Units | | | | Fundamentals of Cyber Risk Management Course Introduction | | Risk Management Overview | | Standards for Risk Management | | OCTAVE | | CERT Resilience Management Model Overview | | Critical Assets and Operations | | Threat Overview | | Vulnerabilities | | Threat Scenarios | | Risk and Impact Analysis | | Considerations for Responding to Risks | | Risk Mitigation Strategies | | Control Methods and Types of Security Controls | | Administrative Controls | | Selecting Security Controls | | Security Control Assessment | | Mitigation Strategy and Maintenance | | Security Testing and Assessments | | Incident Response Terms and Life Cycle | | Incident Response Phase 1 of 6 - Preparation | | Incident Response Phase 2 of 6 – Detection and Analysis | | Incident Response Phase 3 of 6 – Containment | | Incident Response Phases 4-5 of 6 – Eradication and Recovery | | Incident Response Phase 6 of 6 – Lessons Learned | | Business Continuity Plans and Procedures | | Disaster Recovery Plans and Procedures | | Fundamentals of Cyber Risk Management Exam |
|
|
|
| Incident Response 101 1 Hour | Skill Level: Beginner | | | + Description | | | This course focuses on cyberattacks, specifically compromises via ransomware. Implementing strategies to defend against attacks as well as preparations for response and recovery in the event of an incident is critical to an organization’s resilience. This course reviews malware types and vectors for compromise, common issues hindering an effective response, best practices for preparing and responding to an infection incident, and defensive measures to strengthen the cybersecurity posture.
Learning Objectives:
- Identify the various types of disruptionware, vectors for compromise, and the impact of an infection on business operations.
- Recognize the common problems that can hinder effective incident response and prevention activities.
- Know the ordered steps in following documented incident reporting procedures including immediate actions and communication.
- Explain the importance of defense-in-depth layered strategy for protecting the enterprise with examples of implementation.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| | + Course Modules/Units | | | | Malware Attacks and Vectors of Compromise | | Incident Response - Common Problems/Issues | | Ransomware Immediate Infection Response | | Incident Response Backups | | Cyberattack Defensive Strategies | | IR Course Exam |
|
|
|
| Insider Threat Analysis 6 Hours | Skill Level: Advanced | | | + Description | | | This course focuses on helping insider threat analysts understand the nature and structure of data that can be used to prevent, detect, and respond to insider threats. This course focuses on how to work with data from multiple sources to develop indicators of potential insider activity, as well as strategies for developing and implementing an insider threat analysis and response. This course explains the workflow that incorporates expertise and capabilities from across an organization.
Learning Objectives:
- Work with raw data to identify concerning behaviors and activity of potential insiders.
- Identify the technical requirements for accessing data for insider threat analysis.
- Develop insider threat indicators that fuse data from multiple sources.
- Apply advanced analytics for identifying insider anomalies.
- Measure the effectiveness of insider threat indicators and anomaly detection methods.
- Navigate the insider threat tool landscape.
- Describe the policies, practices, and procedures needed for an insider threat analysis process.
- Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Protect and Defend |
Vulnerability and Assessment Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Insider Threat Analysis Introduction | | Insider Threat Hub Overview | | Hub Roles and Responsibilities Part 1 of 2 | | Hub Roles and Responsibilities Part 2 of 2 | | Hub Management and Operations | | Non-Technical Data Sources Part 1 of 2 | | Non-Technical Data Sources Part 2 of 2 | | Technical Data Sources | | A Closer Look at Logs | | Data Source Prioritization | | Indicator Development | | Example Analytics | | Sequence and Model Development | | Insider Threat Anomaly Detection Part 1 of 2 | | Insider Threat Anomaly Detection Part 2 of 2 | | Data Correlation and Entity Resolution Part 1 of 2 | | Data Correlation and Entity Resolution Part 2 of 2 | | Insider Threat Tools | | Insider Threat Mitigation Tools | | Meas. Insider Threat Control Efficacy Part 1 of 2 | | Meas. Insider Threat Control Efficacy Part 2 of 2 | | Incident Threat Analysis Process | | Analyst Workflow | | Conducting Analysis | | Cognitive Bias | | Incident Response | | Where Incident Response Fits | | Incident Response Options | | InTP Incident Response Plans | | Insider Threat Ansys Wrap-Up |
|
|
|
| ider Threat Program Manager: Implementation and Operations - 7 Hours | Skill Level: Intermediate | | | + Description | | | This course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods to develop, implement, and operate program components. The content covered supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance.
Learning Objectives:
- Identify critical assets and protection schemes.
- Coordinate a cross-organizational team to help develop and implement the Insider Threat Program.
- Develop a framework for the Insider Threat Program.
- Identify methods to gain management support and sponsorship.
- Plan the implementation for their Insider Threat Program.
- Identify organizational policies and processes that require enhancement to accommodate insider threat components.
- Identify data sources and priorities for data collection.
- Identify infrastructure changes and enhancements necessary for implementing and supporting an Insider Threat Program.
- Outline operational considerations and requirements needed to implement the program.
- Build policies and processes to help hire the right staff and develop an organizational culture of security.
- Improve organizational security awareness training.
- Identify training competencies for insider threat team staff.
Date: 2020
Training Purpose: Management Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
|
| | + Course Modules/Units | | | | Insider Threat Program Manager Intro | | Principles of Insider Risk Management | | Activities of an Enterprise Risk Mgmt Process | | Controls and Safeguards of Insider Risk Management | | Mitigation Strategies for Insider Risk Management | | Concepts of Initial Planning for an InTP | | Stakeholder Planning and Engagement | | Identify Your Starting Point | | Insider Threat Program Governance | | Roles and Responsibilities in InTP Governance | | Insider Threat Program Governance Challenges | | Building the Insider Threat Program Plan | | Developing a Phased Implementation | | Implementation Options for Insider Threat Program | | Building Your Program with Compliance in Mind | | InTP Placement in Organization | | Naming the InTP | | Developing an InTP in a Classified Environment | | Building the InTP Team | | InTP Team Size | | Key Roles Within the InTP Team | | Insider Threat Hub Operations | | Insider Threat Hub Staffing | | Data Sources Part 1 of 2 | | Data Sources Part 2 of 2 | | Selecting Data Sources | | Using Data Sources | | Protecting Data Sources | | Tools for InTP Teams | | Hub Building Considerations | | Managing Insider Investigations and Incidents | | Considerations: Investigations and Incidents | | Insider Threat Incidents | | Insider Threat Training and Awareness | | General Employee Training and Awareness | | InTP Team and Working Group Training | | Customized Role-Based Training | | Classified Systems and Data Training | | Management and Supervisor Training | | Problems and Considerations | | Measuring Insider Threat Program Effectiveness | | Different Metrics for Different Audiences | | Return on Investment (ROI) | | Making Measurements: Assessments and Evaluations | | Unintended Consequences of InTPs | | Potential Negative Impacts from InTP Activities | | Achieving Balance Using Positive Incentives | | Creating the Proper Culture: Policy and Practice | | InTP Maintenance Part 1 of 3 | | InTP Maintenance Part 2 of 3 | | InTP Maintenance Part 3 of 3 | | Insider Threat Program Manager Wrap-Up |
|
|
|
| Introduction to Computer Forensics 1.5 Hours | Skill Level: Beginner | | | + Description | | | This course introduces the tasks, processes, and technologies to identify, collect and preserve, and analyze data so that it can be used in a judiciary setting. This course begins with obtaining and imaging data and then describes each step in following the forensic process.
Learning Objectives:
- Explain the importance and the processes necessary to handle data to ensure its admissibility in a court of law.
- List steps in the computer forensics process and goals for each step.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
|
| | + Course Modules/Units | | | | Computer Forensics - Introduction | | Computer Forensics - The Process | | Computer Forensics - Following the Process – On-Site | | Computer Forensics - Following the Process – On-Site - Encryption | | Computer Forensics - Following the Process – On-Site - Memory | | Computer Forensics - Following the Process – On-Site - Verification | | Computer Forensics - Following the Process – Analysis | | Computer Forensics - Following the Process – Report Findings | | Computer Forensics - Following the Process – Data Preservation | | Computer Forensics - Laws | | Computer Forensics - Summary | | Computer Forensics - Questions |
|
|
|
| Introduction to Cyber Intelligence 2 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on what cyber intelligence is and how to acquire, process, analyze, and disseminate information that identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making. The course explains the current threat landscape and the importance of cyber intelligence, describes how cyber intelligence differs from cyber security and cyber threat intelligence, and explores intelligence tradecraft fundamentals. The content covers analytical techniques, estimative writing, and briefing within a cyber intelligence construct.
Learning Objectives:
- Discuss the threat and data landscape.
- Apply traditional intelligence tradecraft to the Cyber Domain.
- Define and describe a Cyber Intelligence Framework involving Human-Machine Teaming.
- Describe structured analytical techniques and biases.
- Communicate analytic findings effectively and recommend courses of action to practitioners and decision makers.
Date: 2020
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Investigate |
Cyber Investigation |
Cyber Crime Investigator |
|
| | + Course Modules/Units | | | | What is Cyber Intelligence? | | Cyber Intelligence - Why Should You Care? | | Cyber Intelligence - Skills, Traits, Competencies | | Cyber Intelligence - Conceptual Framework | | Environmental Context | | Data Gathering | | Threat Analysis | | Strategic Analysis | | Reporting and Feedback | | Human and Machine Teaming | | The Art and Science of Cyber Intelligence | | Cognitive Biases | | Logical Fallacies | | Analytical Acumen - The Science | | Analytic Methodologies - Diagnostic Technique | | DC Sniper: Beltway Attacks | | Analytical Methodologies - Contrarian Technique | | Analytical Methodologies - Imaginative Technique | | Analytical Methodologies - Network Analysis | | Analytical Methodologies - ACH | | Analytical Methodology – Systems Dynamics Modeling | | Intelligence Writing - Why It Matters | | Estimative Language | | Briefing Tips | | Intro to Cyber Intelligence Quiz |
|
|
|
|
| Introduction to Investigation of Digital Assets 4 Hours | Skill Level: Beginner | | | + Description | | | This course is designed for technical staff who are new to the area of Digital Media Analysis and Investigations. It provides an overview of the digital investigation process and key activities performed throughout the process.
Date: 2012
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
| Investigate |
Cyber Investigation |
Cyber Crime Investigator |
|
| | + Course Modules/Units | | | | Investigations of Digital Assets | | Exercise Setup | | Exercise Debrief | | What is an Investigation with Digital Assets? | | Digital Investigation Process | | Preparation Phase | | Data Collection Phase | | Data Analysis Phase | | Findings Presentation Phase | | Incident Closure Phase | | Digital Investigation Process Summary | | Introduction to Artifact Analysis | | Artifact Analysis Capabilities | | Artifact Analysis Process | | Surface and Comparative Analysis Process | | Surface and Comparative Analysis Process-Continued | | Runtime Analysis Process | | Static Analysis Process | | Sample Analysis: Runtime | | Sample Analysis: Static | | Malware Analysis Summary | | Analysis Exercise |
|
|
|
| Introduction to Threat Hunting Teams 1.5 hours | Skill Level: Beginner | | | + Description | | | This course provides basic definitions, activities, and examples of teams hunting threats in the cyber domain. The course addresses the differences between hunting team activities and those of incident management teams or penetration testing teams. The content covers how hunting teams establish goals, methods used by threat hunting teams, and sources available to help read and interpret the threat landscape.
Learning Objectives:
- Define threat hunting, what it means to hunt and how to hunt as a team.
- Differentiate between hunting teams and other types of cyber security teams.
- Describe how goals influence the method and success of hunting teams.
- Recognize the types of threat analysis information available and how to interpret the facts presented.
- Understand the three types of threat models and explain one in detail.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Defining Threat Hunting | | Examples and Goals of Threat Hunting | | Differences Between Hunt Teams and Other Cyber Teams | | Threat Landscape | | Types of Threat Modeling | | Hunting Methods on Networks | | Teaming and Automation Example | | Threat Hunting Teams Course Exam |
|
|
|
| Introduction to Windows Scripting 4 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on writing scripts for the Microsoft Windows operating system. It covers fundamentals and syntax for automating administrative and security monitoring tasks. The course presents the basics of Windows BATCH scripting syntax and structure, along with several Windows command line utilities to harness the powerful capabilities built into Windows.
Learning Objectives:
- Understand fundamentals of Windows BATCH scripting, including syntax and structure.
- Perform redirection, piping, standard input / output, error handling, conditional statements, jumps, and command line parameters.
- Apply built-in commands like net, netsh, xcopy, and findstr to perform more complex functions.
- Understand best practices for writing and debugging Windows scripts.
Date: 2015
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
|
| | + Course Modules/Units | | | | Scripting Basics Overview | | Windows BATCH Scripting Basics | | Windows BATCH Scripting_Variables | | Windows BATCH Scripting_Loops | | Windows BATCH Scripting_Functions | | Windows Script Error Handling and Troubleshooting | | Windows Script Best Practices and Examples | | Windows Scripting Demo | | Scripting for Penetration Testing | | Windows Scripting Utilities_xcopy | | Windows Scripting Utilities_findstr | | Windows Scripting Utilities_net Commands | | xcopy Examples Demo | | WMI and WMIC | | PowerShell Commands | | PSExec | | Windows Management Instrumentation Demo | | Intro to Windows BATCH Quiz |
|
|
|
| IPv6 Security Essentials Course 5 Hours | Skill Level: Advanced | | | + Description | | | This course begins with a primer of IPv6 addressing and its current deployment state, discusses Internet Control Manager Protocol version 6 (ICMPv6), Dynamic Host Configuration Protocol version 6 (DHCPv6), and Domain Name System version 6 (DNSv6), and concludes with IPv6 Transition Mechanisms, security concerns, and management strategies. This course includes several reinforcing video demonstrations, as well as a final knowledge assessment.
Learning Objectives:
- Primer of IPv6 addressing
- Describe current deployment state
- Explain ICMPv6, DHCPv6, and DNSv6
- Explore IPv6 Transition mechanisms
- Identify security concerns
- Incorporate management strategies
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administration |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Securely Provision |
Systems Architecture |
Systems Architect |
|
| | + Course Modules/Units | | | | IPv6 Introduction | | IPv6 Adoption | | DEMO: IPv6 Network Reconnaissance | | IPv6 Addressing Part 1 of 2 | | IPv6 Addressing Part 2 of 2 | | IPv6 Packet Header | | DEMO: IPv6 Header Analysis | | ICMPv6 | | IPv6 Address Assignment | | DEMO: IPv6 Address Assignment | | IPv6 Web Browsing | | IPv6 Transition Mechanisms Part 1 of 2 | | IPv6 Transition Mechanisms Part 2 of 2 | | DEMO: IPv6 Tunneling | | IPv6 Security Concerns | | DEMO: IPv6 Network Mapping | | IPv6 Security Mitigation Strategies | | DEMO: IPv6 Network Monitoring Tools | | IPv6 Ready | | IPv6 Security Essentials Key Takeaways | | DEMO: IPv4 and IPv6 Subnetting | | DEMO: IPv6 Addressing on Router Interfaces | | DEMO: Setting up RIP for IPv6 | | DEMO: Configuring OSPFv3 | | DEMO: IPv6 Alive Hosts | | DEMO: IPv6 Duplicate Address Detection (DAD) | | DEMO: IPv6 DAD Denial of Services (DOS) | | DEMO: IPv6 Fake Router Advertisement | | DEMO: IPv6 Man-in-the-middle | | IPv6 Security Essentials Quiz |
|
|
|
| ISACA Certified Information Security Manager (CISM) Prep 11 Hours | Skill Level: Intermediate | | | + Description | | | The self-study resource prepares learners for the CISM exam. This course focuses on information security management expertise through in-depth lecture topics, reinforcing demonstrations, and a practice exam. This course includes concepts from the four job practice areas: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.
Learning Objectives:
- Explain how information security governance and supporting processes are used to align security strategy with organizational goals and objectives.
- Detail strategies to manage risk to an acceptable level in support of organization goals and objectives.
- Describe the information security program's role in the organization's security posture by managing and protecting assets while supporting goals.
- Detail means to minimize the impact to operations in the event of a security incident through establishing detection, response, and recovery capabilities.
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | CISM Course Introduction | | IS Governance Domain Overview | | Information Security (IS) Management | | Importance of IS Governance Part 1 of 2 | | Importance of IS Governance Part 2 of 2 | | IS Management Metrics | | ISM Strategy Part 1 of 2 | | ISM Strategy Part 2 of 2 | | Elements of IS Strategy | | IS Action Plan for Strategy | | DEMO: Key Goal, Risk, Performance Indicator | | Risk Management Overview and Concepts | | Risk Management Implementation | | Risk Assessment: Models and Analysis | | DEMO: Calculating Total Cost of Ownership | | DEMO: Recovery Time Objective (RTO) | | Compliance Enforcement | | Risk Analysis: Threat Analysis | | IS Controls and Countermeasures | | Other Risk Management Considerations Part 1 of 2 | | Other Risk Management Considerations Part 2 of 2 | | DEMO: Cost Benefit Analysis | | Information Security Program Development | | Information Security Program Management | | Outcomes of Effective Management | | IS Security Program Development Concepts | | Scope and Charter of IS Program Development | | IS Management Framework | | IS Framework Components | | IS Program Roadmap | | Organizational Roles and Responsibilities | | Information Security Manager Responsibilities | | Other Roles and Responsibilities in IS | | Information Security Program Resources | | IS Personnel Roles and Responsibilities | | IS Program Implementation Part 1 of 2 | | IS Program Implementation Part 2 of 2 | | Implementing IS Security Management Part 1 of 2 | | Implementing IS Security Management Part 2 of 2 | | Measuring IS Management Performance | | Common Challenges to IS Management | | Determining the State of IS Management | | Incident Management and Response | | Incident Management Part 1 of 2 | | Incident Management Part 2 of 2 | | IMT IRT Members | | Incident Response Planning Part 1 of 2 | | Incident Response Planning Part 2 of 2 | | DEMO: Phishing Emails | | DEMO: Incident Management Workflow | | Recovery Planning Part 1 of 2 | | Recovery Planning Part 2 of 2 | | DEMO: RTIR Incident Response Tool Part 1 of 2 | | DEMO: RTIR Incident Response Tool Part 2 of 2 | | CISM Practice Exam |
|
|
|
| (ISC)2 (TM) CAP Certification Prep Self Study 2014 11 Hours | Skill Level: Intermediate | | | + Description | | | This course prepares learners for the Information Security Certification (ISC)2 Certified Authorization Professional (CAP) certification exam. This course focuses on the process of authorizing and maintaining information systems. Topics include understanding the Risk Management Framework (RMF), selection, implementation, and monitoring of security controls as well as the categorization of information systems. A practice exam is included.
Learning Objectives:
- Provide a review of the 7 (ISC)2 CAP domains.
- Supplemental preparation for the (ISC)2 CAP certification exam.
Date: 2014
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | CAP Course Introduction | | Risk Management Approach to Security Authorization | | Risk Management Framework Steps | | Risk Management Framework Phases | | RMF Roles and Responsibilities | | Organization Wide Risk Management | | Managing Risk | | Assessor Independence and External Environments | | System Development Life Cycle | | Alignment of RMF with SDLC Review | | RMF Legal and Regulatory Requirements | | NIST Publications | | Continuous Monitoring Strategies | | RMF Guidance Review | | Defining Categorization | | Categorization Examples | | Categorization Process | | Security Plans and Registration | | Categorize | | Selection Step Tasks | | Selection Step Definitions | | Security Controls Guidance | | Privacy and Security Controls | | Control Selection and Supplemental Guidance | | Tailoring Security Controls | | Control Assurance and Monitoring | | Control Assurance and Monitoring - Continued | | Select | | Implementing Security Controls Overview | | Integrating Implementation | | Implement | | Preparing for Control Assessments | | Conducting Control Assessments | | Security Assessment Report | | Remediation Actions and Process Review | | Assess | | Authorization Documentation | | Risk Determination and Acceptance Part 1 of 3 | | Risk Determination and Acceptance Part 2 of 3 | | Risk Determination and Acceptance Part 3 of 3 | | Authorization Decisions | | Prioritized Risk Mitigation and Authorization Review | | Authorize | | Assessments and Configuration Management | | Ongoing Security Control Assessments | | Monitor | | CAP Certification Prep Practice Exam |
|
|
|
| (ISC)2 (TM) CISSP (R) Certification Prep 2018 22.5 Hours | Skill Level: Advanced | | | + Description | | | This course prepares learners for the CISSP certification exam. This course focuses on the information security field, exam objectives, and the eight domains upon which the exam is based. This course includes reinforcing video demonstrations and a final practice exam.
Learning Objectives:
- Explain and apply concepts to design, implement, and manage secure cyber operations.
- Develop, document, and implement security policy, standards, procedures, and guidelines.
- Apply risk management concepts.
Date: 2019
Training Purpose: Management Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
| Securely Provision |
Systems Architecture |
Enterprise Architecture |
|
| | + Course Modules/Units | | | | CISSP Course Introduction | | Security and Risk Management Concepts | | Regulatory Compliance and Frameworks | | Organizational Privacy Responsibilities | | Acquisition Strategies | | Computer Crime and Incident Response | | International Laws Pertaining to Security | | Legal Regulations and Privacy | | (ISC)2 Code of Ethics and Ethic Bases | | Legal Regulations and Ethics | | Policy and Components Overview | | BC and DR Initiation and Management | | BCP Business Impact Analysis | | Vendor Management | | System Threats and Countermeasures | | Risk Assessment and Countermeasures | | Access Control Types | | RMF Security Control Assessment Process | | Conducting Security Control Assessments | | Security Assessment Report | | Asset Valuation | | Threat Modeling and Reduction Analysis | | Security Awareness and Training | | DEMO: Security Policy Review | | Data Classification | | Data Ownership and Retention | | Privacy Protection and Data Governance | | Security Control Application and Tailoring | | Security Control Selection | | Data Protection Method (DLP) | | Secure Design Principles | | Secure Design Standards and Models | | Database System | | Key Crypto Concepts and Definitions | | Securing ICS and SCADA Systems | | Industrial Control System Security | | DEMO: SCADA Honeynet | | Cloud Computing | | Cloud Computing Security Issues | | Distributed Systems | | Parallel and Distributed Systems Security Issues | | Internet of Things | | Assess and Mitigate Vulnerabilities in Mobile Systems | | Cryptographic Lifecycle | | Cryptographic Methods | | Symmetric Ciphers | | Asymmetric Ciphers | | Public Key Infrastructure (PKI) | | Key Management Practices | | Digital Signatures | | Hashes and Other Integrity Controls | | Salting Hashes | | Methods of Cryptanalytic Attacks | | Digital Rights Management | | Site and Facility Design Criteria | | Physical Security Controls | | Physical and Environmental Threats | | OSI and TCP/IP Models | | Telecom and NW Security Layer 1 | | Telecom and NW Security Layer 2 | | Telecom and NW Security Layer 3 | | Telecom and NW Security Layer 4 and 5 | | Telecom and NW Security Layer 6 and 7 | | Multilayer and Converged Protocols | | Mobile and Wireless Security | | Content Distribution Networks | | Implementing and Using Remote Access | | Virtualization | | Access Control Technologies | | Access Control Types | | Access Control System Strategies | | Building Access Control | | Operations Area Access Control | | Credential Management Systems | | Third-Party Identification Service | | Cloud Identity | | Data Authorization Mechanisms | | Rule-Based Access Control | | Audit and Assurance Mechanisms | | Synthetic Transactions | | Code Review and Testing | | Misuse Case Testing | | Test Coverage Analysis | | Interface Testing | | Security Audits and Agreements | | Digital Investigation and Evidence Analysis | | Legal System Investigation Types | | Electronic Discovery | | Intrusion Detection and Prevention | | Continuous Monitoring | | Egress Monitoring | | Security Operations Concepts | | Security Operations Incident Management | | Managing Security Services Effectively | | DEMO: Whitelisting and Blacklisting | | Security Operations Resource Protection | | Disaster Recovery Strategy | | Maintaining Operational Resilience | | Managing Recovery Communications | | Test Disaster Recovery Plans (DRP) | | Security Education Training and Awareness | | Perimeter Security | | Perimeter Intrusion Detection | | Biometrics and Authentication Accountability | | Personnel Privacy and Safety | | DEMO: Intro to Dshell Toolkit | | SDLC Phases | | Software Development Models | | System Security Protections and Controls | | Agile Development Models | | Maturity Models | | Integrated Product Teams | | Security Environment and Controls | | SW Development Security and Malware | | Impact of Acquired Software | | DEMO: Automated Code Review | | CISSP Practice Exam |
|
|
|
| (ISC)2 (TM) CISSP Concentration: ISSEP Prep 7 Hours | Skill Level: Advanced | | | + Description | | | This course is focused on applying security and systems engineering principles into business functions. This self-study prep course is designed to help learners prepare for the specialized Information Systems Security Engineering Professional (ISSEP) certification exam. The topics in the course cover the five domain areas of the CISSP-ISSEP.
Learning Objectives:
- Incorporate security into business processes and information systems.
- Demonstrate subject matter expertise in security engineering.
- Apply engineering principles into business functions.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
|
| | + Course Modules/Units | | | | ISSEP Course Introduction | | ISSE Responsibilities and Principles | | ISSE and IATF | | Security Design Principles | | Elements of Defense in Depth | | RMF Characteristics | | Maintaining Operational Resilience | | Risk Management Overview | | Assessing Risk Part 1 of 2 | | Assessing Risk Part 2 of 2 | | Determining Risks | | Categorizing Information Systems | | Stakeholder Roles and Responsibilities | | Requirements Analysis | | Using Common and Tailored Controls | | Assessing Security Controls | | Implementing Security Controls | | Authorizing Information Systems | | Systems Verification and Validation | | Monitor, Manage, and Decommissioning | | Defense Acquisition System Overview | | Acquisitions Process | | System Development Process Models | | Project Processes | | Project Management | | ISSEP Practice Exam |
|
|
|
| (ISC)2 (TM) CISSP:ISSMP Prep 2018 12.5 Hours | Skill Level: Advanced | | | + Description | | | This course is intended for individuals with strong management and leadership skills and interested in focusing on establishing, presenting, and governing information security programs. This self-study prep course reviews the six common body of knowledge domains for the Information Security System Management Professional (CISSP-ISSMP) certification exam.
Learning Objectives:
- Demonstrate ability to apply leadership and management skills to manage an organization information security program.
- Apply the security lifecycle management processes and principles into the system Development lifecycles.
- Apply contingency management practices to plan and implement processes to reduce the impact of adverse events.
Date: 2018
Training Purpose: Management Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
|
| | + Course Modules/Units | | | | ISSMP Course Introduction | | Security’s Role - Culture, Vision and Mission | | Security’s Role – Management, Support and Commitment | | Security’s Role – Board of Dir, Steering Committee | | Security Role – IT, HR and Legal | | Security’s Role – Strategic Alignment | | IS Governance Defined | | IS Governance Goals Part 1 of 2 | | IS Governance Goals Part 2 of 2 | | Importance of IS Governance | | Information Security Strategies | | Data Classification and Privacy | | Threats to Data Privacy | | Data Classification and Privacy Implementations | | Security Policy Framework and Lifecycle | | Security Requirements in Contracts and Agreements | | Security Awareness and Training Programs | | Managing the Security Organization | | Security Metrics | | Security Metrics Indicators | | Integrating Project Management with SDLC | | System Development Life Cycle (SDLC) | | Systems Engineering (CMM) | | Vulnerability Management and Security Controls | | Service Oriented Architecture Controls | | Oversee System Security Testing | | Managing Change Control | | Risk Management | | Risk Management – Threats and Vulnerabilities | | Risk Management – Risk Assessments | | Calculating Risks | | Mitigating Risks | | Cyber Threat Intelligence | | Detection of Attack Sources | | Discovery Challenges and Escalation | | DEMO: Escalating Event to Incident | | Common Attack Vectors | | Root Cause and Investigation | | Incident Management Concepts | | Incident Management Process | | Incident Management Classification | | Financial Impact of Incidents | | Investigation and Forensic Evidence | | Investigations, IH and Response | | DEMO: Ditigal Forensics Investigation | | Security Compliance Frameworks | | Auditing Introduction and Preparation | | Evidence Reporting and Auditors | | Exception Management | | Continuity and Disaster Recovery Planning | | Understanding the Business | | Insurance | | Critical Processes Recovery Objectives | | Recovery Obligation Considerations | | BCM Site and IT Strategies | | Personnel and Recommended Strategies | | Design and Testing BCP and COOP | | Implementing Continuity and Recovery Plans | | Intellectual Property and Licensing | | (ISC)2 Code of Ethics | | DEMO: Verification and Quality Control | | Audit Planning Process | | ISSMP Self Study Practice Exam |
|
|
|
| (ISC)2(TM) Systems Security Certified Practitioner 12 Hours | Skill Level: Beginner | | | + Description | | | This course serves as a preparation for the Systems Security Certified Practitioner (SSCP) certification exam, by demonstrating advanced technical skills and knowledge required to implement and administer infrastructure using security best practices, policies, and procedures.
Learning Objectives:
- Demonstrate knowledge of security operations and administration.
- Implement risk monitoring, analysis, and mitigation strategies.
- Develop and implement incident response and recovery plans.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
|
| | + Course Modules/Units | | | | SSCP Introduction | | Authentication Methods | | Single Sign-On and Federated Access | | Attribute Based Access Control | | Device Authentication | | Trust Architectures | | Identity Management Lifecycle | | Implementing Access Controls | | (ISC)2 Code of Ethics | | Security Concepts and Controls | | Asset Management | | Security Control Implementation | | Assessing Physical Security | | Physical Security Defenses | | Administrative Controls | | Auditing | | System Development and Change Cycle | | Change Control and Patch Management | | Security Awareness and Training | | Risk Management | | Risk and Security Assessment | | Security Testing and Assessment | | Monitoring and Analysis | | Monitoring Employees | | Log Management | | Integrity Checking | | Testing and Analysis | | Auditing Methodologies | | Communicate Findings | | Continuous Monitoring and CAESARS | | Introduction to Continuous Monitoring | | Incident Handling, Response and Recovery | | Incident Handling Knowledge Areas Part 1 of 2 | | Incident Handling Knowledge Areas Part 2 of 2 | | Incident Handling Response | | Incident Handling Countermeasures | | DEMO: OpenVAS | | Forensics | | Business Continuity Planning | | Business Impact Analysis | | Backup and Recovery Strategies | | Redundancy and Storage | | Cryptography Terms | | Requirements for Cryptography Part 1 of 2 | | Requirements for Cryptography Part 2 of 2 | | Steganography | | Hashes, Parity and Checksum | | Secure Protocols and Cryptographic Methods | | Symmetric Cryptosystems | | Symmetric and Asymmetric Cryptosystems | | Public Key Infrastructure (PKI) | | Key Management | | Web of Trust | | Secure Protocols | | OSI and TCP/IP Models | | Network Topology | | Transmission Media | | TCP, UDP and Common Protocols | | ARP, DHCP and ICMP | | Routers and Routing Protocols | | Network Security Protocols | | SSCP Exam |
|
|
|
| LAN Security Using Switch Features 2 Hours | Skill Level: Intermediate | | | + Description | | | This course focuses on different methods of how to secure Local Area Networks (LANs) at the connectivity level. Topics include monitoring media access control (MAC) addresses and port security, limiting MAC & IP spoofing, controlling traffic flows, implementing and enhancing security in virtual local area networks (VLANs), enabling authentication on connection points, and determining host security health. Examples are used throughout to reinforce concepts.
Learning Objectives:
- Identify the vulnerabilities and best practices in securing LAN connections.
- Understand the management and decision-making processes within the NAC Framework.
- Discuss methods of defending against attacks to STP, VLAN, and VTP switch configurations.
Date: 2010
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| | + Course Modules/Units | | | | Introduction and MAC Address Monitoring | | MAC Address Spoofing | | Managing Traffic Flows | | VLANs and Security | | 802.1x Port Authentication | | Network Admission Control | | Securing STP | | Securing VLANs and VTP |
|
|
|
| eader's Approach to Assessment & Authorization (A&A) (Professors in Practice Series) | Skill Level: Beginner | | | + Description | | | This hour-long webinar recorded on July 31, 2020 features National Defense University Professor Mark Duke discussing some key leadership decisions when assessing and authorizing systems. The Assessment & Authorization (A&A) process is a comprehensive assessment of policies, technical and non-technical security components, and a system's technical controls followed by leadership agreement that the system meets adequate risk levels before the system is authorized to go into full production.
Learning Objectives:
- Explain why we have to do Assessment & Authorization.
- Explain Roles & Responsibilities of Assessment & Authorization.
- Introduce seven major components of Assessment & Authorization.
- Establish Authorization Boundaries.
- Introduce Assessment Scanning Tools.
- Explain the Role of Security Technical Implementation Guides (STIGs) as potential criteria for Assessment activities.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
| Securely Provision |
Systems Requirement Planning |
Systems Requirements Planner |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
|
| |
|
| Linux Operating System Security 9 Hours | Skill Level: Advanced | | | + Description | | | This course focuses on the security features and tools available in Linux as well as the considerations, advantages, and disadvantages of using those features. This course is based on Red Hat Linux and is designed for IT and security managers, and system administrators who want to increase their knowledge on configuring and hardening Linux from a security perspective.
Learning Objectives:
- Describe the basic architecture of a Linux system (e.g. kernel, file system formats, permissions, etc.).
- Characterize a Linux system (identify distribution, installed packages, active accounts, etc.).
- List and explain how to use common command line utilities on a Linux system for analysis purposes.
- Operate a Linux system, including patching, modifying services, and other administration tasks.
- Use a Linux system to perform analysis work such as malware and incident response analysis.
Date: 2013
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Linux OS Security Introduction | | Booting Linux | | Linux Recovery | | Linux Startup Scripts | | Linux Startup Processes | | Linux Runlevels Demo | | Chkconfig_and_Upstart Demo | | Linux Processes and Signals | | Linux Process Monitoring | | PS_and_Netstat Demo | | Linux PS and TOP Demo | | Working with Linux PIDs | | Linux File System Overview | | Linux File Security | | Linux File Access Controls | | File Integrity Demo | | Linux Kernel Tuning | | Linux Host Access Controls | | Linux User and Group Definition | | User Management | | Linux Privilege Escalation | | Sudoers Demo | | Linux Authentication Methods | | Linux Viruses and Worms | | Linux Trojan Horses | | Linux Rootkits | | Linux Misconfigurations | | Linux Software Vulnerabilities | | Linux Social Engineering | | Linux Automated Installation | | Managing Linux Packages | | Package Management Tools Demo | | Repositories and System Management | | Custom Repository Demo | | Linux IPv4 and IPv6 | | Linux Network Configuration | | Linux Tunneling | | Kernel Tuning Demo | | Linux X11 Forwarding | | Linux File Sharing | | Linux Grand Unified Bootloader (GRUB) | | Configuring GRUB Demo | | Security Enhanced Linux | | Introduction to IPTables | | IPTables Rules | | IPFilter | | Linux Packet Sniffers | | Linux NIDS | | Linux HIDS | | Linux Antivirus | | Linux Secure Shell | | Linux Log Management | | Linux Scripting Basics | | BASH Scripting Demo | | IF Statements | | Pipes and Redirection | | Variables and Regular Expressions | | Custom Scripting | | Linux Hardening | | NSA Hardening Guides | | National Vulnerability Database (NVD) | | Common Vulnerabilities and Exposures (CVE) | | Vulnerability Scanning | | Linux Operating System Security Quiz |
|
|
|
| Managing Computer Security Incident Response Teams (CSIRTs) 8.5 Hours | Skill Level: Intermediate | | | + Description | | | This course focuses on the type and nature of work the CSIRTs may be expected to handle. It provides an overview of the incident response field, including the nature of incident response activities and an overview of the incident handling processes. The course focuses on foundation material, staffing issues, incident management processes, and other issues such as working with law enforcement, insider threat, and publishing information.
Learning Objectives:
- Provide an overview of the incident response arena, the nature of incident response activities, and incident handling processes.
- Guide learners to understand technical issues from a management perspective, problems and pitfalls to avoid, and best practices where applicable.
- Emphasize the importance of CSIRT management predefined policies and procedures.
- Discuss what is needed to operate an effective CSIRT.
Date: 2020
Training Purpose: Management Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
|
| | + Course Modules/Units | | | | Managing CSIRTS Introduction | | CSIRT Management Issues | | CSIRT Environment Introduction Part 1 of 2 | | CSIRT Environment Introduction Part 2 of 2 | | Formalization of Incident Management | | The Incident Handling Process | | CSIRT Environment Terms | | The Incident Handling Roles and Responsibilities | | CSIRT Environment Summary | | CSIRT Environment Resources and Summary | | CSIRT Staffing | | How to Grow & Retain Staff | | CSIRT Code of Conduct Part 1 of 2 | | CSIRT Code of Conduct Part 2 of 2 | | Media Issues Part 1 of 2 | | Media Issues Part 2 of 2 | | Managing the CSIRT Infrastructure Components | | Data Security | | Physical Security | | Equipment for CSIRT Staff | | Network and Systems for CSIRT Staff | | CSIRT Tools | | Incident Management Processes Introduction | | IM Processes: Prepare, Sustain, and Improve | | IM Processes: Protect Infrastructure | | IM Processes: Detect | | Situational Awareness | | Network and System Monitoring | | Critical Information | | IM Process: Triage | | Triage Activities | | IM Process: Response | | Response Actions | | Response Process Issues | | Handling Major Events Part 1 of 2 | | Handling Major Events Part 2 of 2 | | Building a Crisis Communication Plan | | Publishing Information | | Publishing Document Types | | Information Sharing | | Publishing Information Summary | | General Guidance for Measuring and Evaluating | | Types of Evaluations | | Building a Quality Assurance Framework | | Issues to Consider in Your Framework | | Resources for Building an Assurance Framework | | What Is Insider Threat? | | Types of Insider Threat Activities | | Malicious Insider Activity Examples | | How Bad Is Insider Threat? | | CERT Insider Threat Research | | Insider Threat Mitigation | | Mitigation Security Controls and Practices | | Insider Threat Summary | | Working with Law Enforcement Part 1 of 2 | | Working with Law Enforcement Part 2 of 2 | | Managing CSIRTs Wrap-Up | | Video [CSIRTs Resource Overview] (required) |
|
|
|
| Measuring What Matters: Security Metrics Workshop 1.5 Hours | Skill Level: Beginner | | | + Description | | | This workshop focuses on how to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty, and doubt (FUD), and the latest attack. The Measuring What Matters: Security Metrics Workshop, the learner will learn how to refine a strategic or business objective that meets that S.M.A.R.T.E.R. criteria: Specific, Measurable, Achievable, Relevant, Time-bound, Evaluated, Reviewed, and can be used to initiate the Goal - Question - Indicator - Metric (GQIM) process.
Learning Objectives:
- Identify a core set of business goals, based on the business objective, to which the cybersecurity risk measurement program will be applied.
- Formulate one or more key questions for each business goal, and use them to help determine the extent to which the goal is being achieved.
- Identify one or more indicators for each business goal key question.
- Identify one or more metrics for each indicator that most directly inform the answer to one or more questions.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Securely Provision |
Risk Management |
Security Control Assessor |
|
| | + Course Modules/Units | | | | Measuring What Matters Course Introduction | | Why Measure? | | Measurement Defined | | GQIM Overview | | Selecting Business Objectives | | Objectives to Goals | | Goals to Question | | Questions to Indicators | | Indicators to Metrics | | The Big Picture: Putting It All in Context | | Validate Current Questions or Metrics | | Getting Started with GQIM | | Appendix Cybersecurity Metrics Template | | GQIM Process Template |
|
|
|
| ration and Security Strategies for FedRAMP Cloud Computing | Skill Level: Intermediate | | | + Description | | | The Migration and Security Strategies for FedRAMP Cloud Computing course is designed to introduce students to the structure and employment of cloud computing using the Federal Risk and Authorization Management Program, or FedRAMP. Topics include cloud computing architecture, FedRAMP structure and roles, FedRAMP security implementations, and FedRAMP-approved cloud deployment options.
Learning Objectives:
- Describe the three major deployment models for cloud computing
- Discuss cybersecurity issues related to cloud computing
- Explain the authority, structure, and roles of major parties that make up FedRAMP
- Explain how Cloud Service Providers (CSPs) and FedRAMP processes work to meet federal security requirements
- Describe how the FedRAMP framework of "do once, use many times" allows government agencies to reuse previously-approved security documents and structures to simplify data deployments to the cloud
- Describe how FedRAMP processes enable a second agency to use a previously approved CSP.
- Identify how FedRAMP processes map to and are designed to assure compliance with applicable standards outlined by the National Institute for Standards and Technology (NIST) in its Special Publications 800 series of documents.
Date: 2021
Training Purpose: Management Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| | + Course Modules/Units | | | | Cloud Security Through FedRAMP | | The FedRAMP Authorization Process | | FedRAMP Security Assessment Framework (SAF) |
|
|
|
| Mobile and Device Security (2015) 22 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on mobile devices, how they operate, and their security implications. This course includes topics such as signaling types, application stores, managing mobile devices, and emerging trends and security and privacy concerns with social media.
Learning Objectives:
- Discover mobile device technology components and architectures and how to properly secure them.
- Examine historical and current threats to mobile devices and methods for remediating against them.
- Establish best practices and procedures for performing mobile device forensic investigations.
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Legal Advice and Advocacy |
Privacy Officer/Privacy Compliance Manager |
|
| | + Course Modules/Units | | | | Mobile Security Course Introduction | | Cellular Network Generations | | Network Standards Introduction | | CDMA TDMA and GSM Introduction | | GPRS Edge and UMTS Introduction | | Additional Network Standards | | Bluetooth and Wi-Fi | | Cellular Network Components | | Mobile Switching Center Database | | Authentication and Government Standards | | 4G LTE | | Mobile Device Components | | Mobile Device Operating Systems | | Android Customization | | Wireless Technology Introduction | | WiFi Standards | | Wi-Fi Standards : 802.11ac | | WiFi Types | | Wireless Fidelity Part 2 | | WiFi Channels and SSIDs | | WiFi Signals and Hardware | | Bluetooth | | WiMAX | | Additional Standards | | Near Field Communication | | Introduction to Threats | | Lost and Stolen Devices | | Additional Device-Level Threats | | Near Field Communications and Mobile Threats | | Application-Level Threats | | Rogue Applications | | Network-Level Threats | | Pineapple Router | | Malicious Hotspot | | Malicious Use Threats | | Mobile Hacking Tools | | Mobile Device Security Introduction | | Mobile Device Security Introduction Cont. | | Android Introduction | | Android Security | | Android Application Security | | Google Android OS Features | | Installing Antivirus | | iOS Security Model and Platform | | iOS Application Security | | Jailbreaking iOS | | iOS Application Security Cont. | | Apple iOS Update Part 1 of 2 | | Apple iOS Update Part 2 of 2 | | Windows Phone Security Model and Platform | | Windows Implementation and Application Security | | Windows Phone Update | | WiFi Security | | WiMax and Bluetooth | | Bluetooth Attack | | Protecting Data | | Encryption | | Android Encryption | | iOS Encryption | | Email Security | | Android and iOS Email Security | | Windows Email Security | | iOS Hardening | | iOS Hardening Cont | | Blackberry Hardening | | Android Hardening | | Android Hardening Cont. | | Windows Phone Hardening | | Windows Phone Password and Cookies | | Windows Phone Wi-Fi | | Windows Phone - Find, Wipe, and Backup | | Device Security Policies | | Exchange and BES | | Mobile Device Management | | Mobile Device Management Cont. | | McAfee Mobility Management | | Forensics Overview | | Forensics Role and Framework | | Device Identification | | Device Identification Cont. | | Network Data | | Network Data Cont. | | Preservation | | Preservation Cont. | | Acquisition | | Acquisition Cont. | | Device Specific Acquisition | | Hashing | | Hashing Cont. | | Analysis | | Archiving and Reporting | | Cellebrite | | Forensics Demonstration | | XRY/XACT | | Oxygen and CellXtract | | Paraben and MOBILedit! | | Additional Methods | | Subscriber Data | | Benefits of Social Media | | Risks of Social Media | | Liabilities Associated with Social Media | | Social Media Controls | | Emerging Trends | | Emerging Trends Cont. | | New Technologies in Mobile Devices | | Mobile Devices and the Cloud | | Mobile Security Course Quiz |
|
|
|
| Mobile Forensics 4 Hours | Skill Level: Advanced | | | + Description | | | This course provides an overview of mobile forensics, the branch of digital forensics that focuses on forensically sound extraction and analysis of evidence from mobile devices. Cell phone investigations have grown exponentially with data from mobile devices becoming crucial evidence in a wide array of incidents. The course begins with highlighting details of the field and then focuses on the iOS architecture, concluding with data acquisition and analysis.
Learning Objectives:
- Describe the impact of mobile devices on investigations.
- Identify iOS device filesystem, operating system, and security architecture basics.
- Explain acquisition and analysis tools and techniques for iOS devices.
Date: 2017
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
| Investigate |
Cyber Investigation |
Cyber Crime Investigator |
|
| | + Course Modules/Units | | | | Introduction to Mobile Forensics | | Importance of Mobile Forensics | | Challenges of Mobile Forensics | | Handling and Preserving Evidence | | File System for iOS Devices | | Understanding the Basics of iOS | | Understanding iOS Security Architecture | | Mobile Forensics Tool Classification | | Data Acquisition Types | | iOS Jailbreaking | | Idenifying an iOS Device | | Physical Acquisition of iOS Devices | | iTunes Backup Acquisition | | Apple File Conduit Acquisition | | iTunes Backup Analysis | | iCloud Data Acquisition and Analysis | | Analyzing Data on iOS Devices | | Mobile Forensics Quiz |
|
|
|
|
| Network Layer 1 & 2 Troubleshooting 3 Hours | Skill Level: Beginner | | | + Description | | | This course reviews troubleshooting methods used in Layer 1 and Layer 2 of the Open Systems Interconnection (OSI) Model. This course covers how to detect, trace, identify, and fix network connectivity issues at the Physical and Data Link layers of the OSI stack. The basics of the Physical and Data Link layers will be covered along with a review of the devices, signaling, and cabling which operate at these layers. Learners will be presented with methods for tracing connectivity issues back to the source and identifying mitigation solutions.
Learning Objectives:
- Understand basic overview of components of the first two layers of the OSI model.
- Recognize common issues associated with Layer 1 & 2 of the OSI model.
- Apply troubleshooting methods associated with the Physical and Data Link Layer.
Date: 2015
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
| Securely Provision |
Systems Architecture |
Security Architect |
|
| | + Course Modules/Units | | | | Network Layer 1 and 2 Troubleshooting Introduction | | OSI Physical Layer 1 Overview | | Data Transmission Medium Cables and Connectors | | Patch Panels | | Fiber Optic Cables | | Encoding and Signaling Functions | | Network Components | | Physical Network Design/Topology | | Network Troubleshooting Methodology | | Common Layer 1 Issues Part 1 of 2 | | Common Layer 1 Issues Part 2 of 2 | | Layer 2 Data Link Layer Components Overview | | MAC Addresses/Logical Link Control | | Layer 2 Protocols | | Physical Network Design/Topology | | Network Troubleshooting Methodology Review | | Common Layer 2 Issues | | Layer 2 Troubleshooting Tools | | NW Layer 1 and 2 Troubleshooting exam |
|
|
|
| Network Security 18 Hours | Skill Level: Beginner | | | + Description | | | This self-study resource is designed to help learners prepare for the Networking certification exams. This course is focused on IT infrastructure and networking concepts for junior to mid-level IT professionals in the cyber workforce. Objectives include network operations, security, troubleshooting and tools, as well as infrastructure support.
Learning Objectives:
- Design and implement a functional network.
- Configure, manage, and maintain network security, standards, and protocols.
- Troubleshoot network issues.
- Create and support virtualized networks.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
|
| | + Course Modules/Units | | | | Ports and Protocols Part 1 of 2 | | Ports and Protocols Part 2 of 2 | | OSI Layers | | Properties of Network Traffic | | VLANs and VTP | | Routers and Routing Protocols | | Routing Tables and Types | | IP Addressing – IPv6 | | Traffic Filtering and Port Mirroring | | Network Performance Optimization | | IP Addressing Components | | Subnetting | | Network Topologies | | Technologies that Facilitate IOT | | Wireless Standards Part 1 of 2 | | Wireless Standards Part 2 of 2 | | DEMO: Wireless Architecture | | Introduction to Cloud Computing | | Cloud Security | | DNS Service | | Dynamic Host Configuration Protocol (DHCP) | | Ethernet Standards | | Cables and Wires | | Cable Termination and Fiber Optic | | DEMO: Cables and Connectors | | Firewall Implementations | | Network Components – Hubs and Switches | | DEMO: Contrasting Hubs, Switches,VLANS | | Router Setup and MAC Filtering | | Installing and Configuring Wireless Networks | | SOHO Network | | Telephony, VoIP | | Network Security Appliances IDS | | Advanced Security Devices | | Virtual Environments | | Network Storage Connection Types | | Network Storage and Jumbo Frames | | Wide Area Network Technologies | | Configuration Management Documentation | | Business Continuity and Disaster Recovery | | Fault Tolerance and Availability Concepts | | Maintainability: MTTR and MTBF | | Security Device and Technology Placement | | DEMO: Introduction to SNMP | | Network Access Security | | Remote Access Methods | | Operations Policies and Best Practices | | Mobile Device Deployment Models | | Physical Security Devices | | Authentication Services | | PKI Public Key Infrastructure | | Examples of PKI Use | | Network Access Control | | Wireless Encryption and Authentication | | DoS and MITM Attacks | | Wireless Threats and Mitigation | | Understanding Insider Threat | | DEMO: Malware and Social Engineering Threats | | Hardening Network Devices | | Switch Loop Protocol | | Network Segmentation and Design | | Honeypot | | Corporate Penetration Testing | | Network Troubleshooting Methodology | | Hardware Tools for Connectivity Issues | | Software Tools for Connectivity Issues | | DEMO: NSlookup Dig Google Toolbox | | Physical Connectivity Problems | | Cable Troubleshooting | | Wireless Troubleshooting | | Troubleshooting Routers and Switches | | Technologies that Facilitate IOT | | Practice Exam |
|
|
|
| Offensive and Defensive Network Operations 13 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on fundamental concepts for offensive and defensive network operations. It covers how offensive and defensive cyber operations are conducted and details U.S. government doctrine for network operations. Topics include network attack planning, methodologies, and tactics and techniques used to plan for, detect, and defend against network attacks.
Learning Objectives:
- Apply U.S. government network operations background and doctrine.
- Describe offensive and defensive network operations.
- Determine offensive network operation missions, planning, and exploitation phases and methodologies.
- Derive defensive network operation missions, planning, and methods to detect and defend against network attacks and attackers' methods.
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Collect and Operate |
Cyber Operations |
Cyber Operator |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| | + Course Modules/Units | | | | Cyberspace As A Domain | | Joint Publication 3-12(R), Cyberspace Operations Overview Part 1 of 3 | | Joint Publication 3-12(R), Cyberspace Operations Overview Part 2 of 3 | | Joint Publication 3-12(R), Cyberspace Operations Overview Part 3 of 3 | | Joint Communications Overview and Information Environment | | Joint Force Communication, System Operations, and Management Planning | | Legal Considerations for Cyber Operations Part 1 of 2 | | Legal Considerations for Cyber Operations Part 2 of 2 | | Adversaries in Cyberspace Part 1 of 3 | | Adversaries in Cyberspace Part 2 of 3 | | Adversaries in Cyberspace Part 3 of 3 | | Offensive Cyber Operations Background | | Offensive Cyberspace Operations Definitions | | Offensive Cyberspace Operations Planning and Legal Considerations | | Offensive Methodology Planning Examples 1 of 2 | | Offensive Methodology Planning Examples 2 of 2 | | Reconnaissance Methodology Overview | | Social Engineering for Reconnaissance | | Reconn with Automated Correlation Tools and Search Engines Part 1 of 2 | | Reconn with Automated Correlation Tools and Search Engines Part 2 of 2 | | Network Mapping for Active Reconnaissance | | Port Scanning for Active Reconnaissance | | Windows Enumeration Basics | | Linux Enumeration Basics | | Scanning and Enumerating with Nmap | | Exploitation using Direct Exploits and System Misconfiguration | | Exploitation with SET Example | | Exploitation | | Entrenchment | | Exploitation Basics | | Post-Exploitation | | Abuse and Attacks | | Defensive Cyberspace Operations (DCO) | | DCO Types of Operations | | DCO Operational Goals | | DCO Best Practices | | Defensive Methodology: Understanding the Threat | | Defensive Methodology: Tactics | | Defensive Methodology: Defense-in-Depth | | Incident Management Overview | | Incident Management Policies, Plans and Procedures | | Incident Management Team Configuration | | Incident Response Lifecycle | | Defending the Domain | | Perimeter and Host Defenses | | IDS/IPS Defined Including Advantages and Disadvantages | | IDS/IPS Types and Functions | | IDS/IPS Location Placements | | Intrusion Detection using Snort | | Reviewing Alerts and Detecting Attack Phases | | Network Traffic Analysis | | Methods of Network Traffic Analysis | | Wireshark | | Log Analysis Methods and Techniques Part 1 of 2 | | Log Analysis Methods and Techniques Part 2 of 2 | | Detecting Offensive Operations using Log Analysis | | Digital Forensics Overview and Tools | | Digital Forensics Methods and Techniques Part 1 of 2 | | Digital Forensics Methods and Techniques Part 2 of 2 | | Identifying Phases of Attack Using Digital Forensics | | Incident Data: Profile and Analysis | | Incident Reporting | | Offensive and Defensive Network Operations Exam |
|
|
|
| Overview of Creating and Managing Computer Security Incident Response Teams (CSIRTs) 4 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on what is needed to create and operate a Computer Security Incident Response Team (CSIRT). The intended audience is individuals tasked with creating a CSIRT and those who may be new to CSIRT issues and processes. Objectives within the course include the benefits and limitations of a CSIRT, CSIRT requirements, services, common policies and procedures, and operational best practices. Previous incident handling experience is not required to partake in this course.
Learning Objectives:
- Identify managerial, organizational, procedural, and operational issues regarding the CSIRT role and function.
- Describe the issues involved with creating and operating a CSIRT.
- Discuss specific topics regarding CSIRT benefits and limitations, requirements and framework, services, policies and procedures, and operational best practices.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications Security Manager |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| | + Course Modules/Units | | | | Creating and Managing CSIRTS Introduction | | Defining the Problem | | Defining Incident Management | | Effective Incident Management Processes | | Defining Terms Used Throughout the Course | | Institutionalizing IM Capabilities | | Incident Handling Terms Used Throughout the Course | | Defining CSIRTs | | Creating an Effective CSIRT | | Building a CSIRT: Action Plan Part 1 of 2 | | Building a CSIRT: Action Plan Part 2 of 2 | | Building a CSIRT: Where to Begin | | Lessons Learned and Team Maturity | | CSIRT Components | | CSIRT Organizational Models Part 1 of 2 | | CSIRT Organizational Models Part 2 of 2 | | CSIRT Policies and Procedures | | CSIRT Staffing and Hiring | | CSIRT Facilities and Infrastructure | | Incident Management Processes Overview | | IM Process: Prepare, Sustain, and Improve | | IM Process: Protect Infrastructure | | IM Process: Detect Events | | IM Process: Triage Events | | IM Process: Triage Best Practices | | IM Process: Respond | | IM Process: Respond Issues | | IM Process: Best Practices | | Creating and Managing CSIRTs Summary | | Creating and Managing CSIRTs Resources |
|
|
|
|
| Radio Frequency Identification (RFID) Security 1 Hour | Skill Level: Beginner | | | + Description | | | This course focuses on securing radio frequency identification (RFID), different components of RFID, how it works, applications in which it is being used, benefits and weaknesses, and the communication range over which it works will be reviewed. Topics include specific concerns with RFID, recommendations for RFID, and security issues that have come to light.
Learning Objectives:
- Explain the components, operation, and application of RFID technology.
- Understand the privacy implications with using RFID-embedded items.
- Differentiate across threat categories.
- Describe different security recommendations to secure RFID.
- Familiarity with real-world examples of how RFID has been exploited.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| |
|
| Reverse Engineering 2 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on the basics of reverse engineering, the process of analyzing a technology to determine how it was designed or how it operates. By starting with a finished product, in this case computer software, and working backwards to determine its component parts.
Learning Objectives:
- Identify common uses for reverse engineering.
- Explain the process and methodology of reverse engineering.
- Understand some of the legal questions involved in reverse engineering.
Date: 2017
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
Systems Development |
Systems Developer |
| Securely Provision |
Technology R&D |
Research & Development Specialist |
|
| |
|
| Risk Management Framework for Leaders (Professors in Practice Series) 1 Hour | Skill Level: Beginner | | | + Description | | | This webinar recorded on July 10, 2020 features National Defense University Professor Mark Duke discussing key leadership decisions to implement the NIST Risk Management Framework (RMF). The RMF is a risk-based approach to implement security within an existing enterprise - it is leadership’s responsibility to ensure adequate and effective system security.
Learning Objectives:
- How to prepare your component or organization to initiate the RMF.
- How to define, understand, and manage risk to your Information Systems by identifying your threats and vulnerabilities.
- Understand the link to the RMF with Supply Chain Risk Management (SCRM) and the Software Development Life Cycle (SDLC).
- Understand the new "Prepare" step of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 v2 RMF.
- Explain managers’ roles and involvement in each step of the RMF.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirement Planning |
Systems Requirements Planner |
|
| |
|
| Root Cause Analysis 1 hour | Skill Level: Beginner | | | + Description | | | This course explains the root cause analysis for cybersecurity incidents and provides an overview of two different root cause analysis models (and approaches used in these models). This course also describes how root cause analysis can benefit other incident management processes (response, prevention, and detection), and details general root cause analysis techniques that can be adopted as methods for analysis of cyber incidents.
Learning Objectives:
- Explain the benefits and challenges of reverse engineering.
- Perform basic tasks with reverse engineering tools.
- Understand basics of Intel x86 assembly code.
- Describe the Microsoft Windows executable file format and understand the basics of the Windows API.
- Extract actionable information from ta malicious binary file that can be used in analysis reports.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| | + Course Modules/Units | | | | Root Cause Analysis Fundamentals | | Root Cause Analysis Methods | | Cyber Kill Chain Model for Root Cause Analysis | | Sample Incident Cause Analysis Workflow | | Root Cause Analysis Course Exam |
|
|
|
| Securing Infrastructure Devices 1 Hour | Skill Level: Intermediate | | | + Description | | | This course focuses on physical security, operating system security, management traffic security, device service hardening, securing management services, and device access privileges.
Learning Objectives:
- Understand considerations for securing physical assets, patch management and change management.
- Apply methods for securing network management traffic.
- Understanding of securing management services such as NTP, SNMP, Syslog.
- Understand hardware device hardening.
Date: 2010
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Securely Provision |
Systems Architecture |
Security Architect |
|
| | + Course Modules/Units | | | | Physical and Operating System Security | | Management Traffic Security | | Device Service Hardening | | Securing Management Services | | Device Access Hardening | | Device Access Privileges |
|
|
|
| Securing Internet- Accessible Systems 1 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on Internet-accessible systems or "Internet of Things" (IoT). Each of these systems and devices can be targeted by threat actors and used to conduct malicious activity if they are unsecured, or worse, these systems can leave vulnerabilities and sensitive information open to exploitation if not properly configured and maintained. This course explains the vulnerabilities of internet-accessible systems and how to prepare for, mitigate, and respond to a potential attack. This course provides key knowledge to inform organizational awareness of internet-accessible system attacks as well as best practices that minimize the likelihood of a successful attack and enable effective response and recovery if an attack occurs.
This webinar is accessible to non-technical learners including managers and business leaders and offers an organizational perspective useful to technical specialists.
Learning Objectives
Enable learners to better defend their internet-accessible systems through awareness of common vulnerabilities, best practices, CISA guidance, and resources:
- Define Internet-Accessible Systems and common vulnerabilities
- Explain cyber hygiene best practices that prevent attacks.
- Understand the impacts of real-life cyberattacks and what an effective organizational response looks like.
- Learn steps to identify, mitigate, and recover from Internet-Accessible System attacks.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Data Administration |
Data Analyst, Database Administrator |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications Security Manager; Information Systems Security Manager |
| Oversee and Govern |
Program Management and Acquisition |
IT Investment Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner; Cyber Workforce Developer and Manager |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment Analyst |
| Securely Provision |
Risk Management |
Authorizing Official/Designating Representative; Security Control Assessor |
| Securely Provision |
System Requirements Planning |
System Requirements Planner |
|
| |
|
| Securing the Network Perimeter 1 Hour | Skill Level: Intermediate | | | + Description | | | This course focuses on edge security traffic design, blocking Denial of Service / Distributed Denial of Service (DoS/DDoS) traffic, specialized access control lists, routers and firewalls, securing routing protocols, securing traffic prioritization, and securing against Single Point of Failure (SPOF).
Learning Objectives:
- Identify perimeter and the approach to protecting that perimeter.
- Understand methods to consider for blocking DoS and DDos traffic.
- Apply specialized Access Control List considerations.
- Implement firewalls and differentiate types to protect the perimeter.
- Understand routing protocols and traffic prioritization for networks.
Date: 2010
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| | + Course Modules/Units | | | | Introduction and Edge Security Traffic Design | | Blocking DoS and DDoS Traffic | | Specialized Access Control Lists | | Routers with Firewalls | | Beyond Firewalls: Inspecting Layer 4 and Above | | Securing Routing Protocols and Traffic Prioritization | | Securing Against Single Point of Failures |
|
|
|
| Security and DNS 1 Hour | Skill Level: Advanced | | | + Description | | | This course discusses name resolution principles, name resolution and security, DNS security standards, securing zone transfers with Transaction Signature (TSIG), and DNS Security Extension (DNSSEC) principles, implementation, and resources.
Learning Objectives:
- Understand DNS (Doman Name System) and its purpose.
- Familiarity with DNS Standards documents, DNS deployment best practices and TSIG.
- Explain DNSSEC and its origins, role and implementation.
- Understand migrating to DNSSEC and its challenges.
Date: 2010
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analyst |
Systems Security Analyst |
| Securely Provision |
Systems Architecture |
Security Architect |
|
| | + Course Modules/Units | | | | Name Resolution Introduction | | Name Resolution and Security | | DNS Cache | | DNS Security Standards and TSIG | | DNSSEC | | Migrating to DNSSEC | | Issues with Implementing DNSSEC 1 | | Issues with Implementing DNSSEC 2 |
|
|
|
|
| SiLK Traffic Analysis 7 Hours | Skill Level: Intermediate | | | + Description | | | This course is designed for analysts involved in daily response to potential cybersecurity incidents, and who have access to the Einstein environment. The course begins with an overview of network flow and how the SiLK tools collect and store data. The next session focuses specifically on the Einstein environment. The basic SiLK tools are covered next, giving the analyst the ability to create simple analyses of network flow. Advanced SiLK tools follow and cover how to create efficient and complex queries. The course culminates with a lab where learners use their new skills to profile a network.
Learning Objectives:
- Use of the SiLK network flow analysis tool suite to perform tasks such as querying for records related to a specific incident or indicator, creating sets of indicators for batch analysis, and leveraging network flow to provide basic network situational awareness.
Date: 2013
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Introduction to SiLK | | iSiLK | | What is Network Flow? | | Interpreting SiLK Network Flow | | SiLK Flows | | SiLK Traffic Analysis Quiz 1 | | The SiLK Repository | | Basic SiLK Tools | | SiLK Traffic Analysis Quiz 2 | | rwfilter | | rwfilter Examples | | rwfilter Demo | | rwfilter Continued | | SiLK Traffic Analysis Quiz 3 | | rwcount | | rwcount Demo | | rwstats | | rwstats Demo 1 | | rwstats Continued 1 | | rwstats Demo 2 | | rwstats Continued 2 | | rwuniq | | SiLK Traffic Analysis Quiz 4 | | PySiLK | | Python Expressions and SilkPython | | SiLK Traffic Analysis Quiz 5 | | IP Sets | | Bags | | SiLK Traffic Analysis Quiz 6 | | Prefix Maps | | Tupples | | SiLK Traffic Analysis Quiz 7 | | rwgroup | | rwmatch | | SiLK File Utilities | | IPv6 in SiLK | | SiLK Traffic Analysis Quiz 8 | | Network Profiling Introduction |
|
|
|
| Software Assurance Executive Course (SAE) 10 Hours | Skill Level: Intermediate | | | + Description | | | This course is designed for executives and managers who wish to learn more about software assurance as it relates to acquisition and development. The purpose of this course is to expose participants to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.
Learning Objectives:
- Understanding of software assurance practices and challenges.
- Advice for organizations and the future of software assurance.
- Understanding of software supply chain risk management.
- Awareness of agile methods and adopting software trustworthiness.
Date: 2013
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Cybersecurity Management |
Cybersecurity Manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leader |
| Securely Provision |
Software Development |
Software Developer |
|
| | + Course Modules/Units | | | | Interview with William Scherlis: Introduction and Background | | Software Assurance Challenges | | Encouraging Adoption of Software Assurance Practices Through People and Incentives | | The Path Toward Software Assurance: Advice for Organizations | | Learning from Failure | | The Future of Software Assurance | | Introduction, Current Software Assurance Activities by DHS, and Current SW Assurance Environment | | Managing Risks in a Connected World | | A Need for Diagnostic Capabilities and Standards | | Changing Behavior: Resources | | Establishing a Foundation for Software Assurance | | Conclusion: The Rugged Manifesto and Challenge | | Introduction to Software Assurance | | Software Assurance Landscape | | Software Assurance Principles | | Current Software Realities | | Introduction to Software Assurance, Part 2 | | Building Security In | | Microsoft Secure Development Lifecycle (MS SDL) | | Requirements Engineering | | Security Requirements Methods | | Threat Modeling: STRIDE (used by Microsoft) | | Industry Case Study in Threat Modeling: Ford Motor Company | | Topic Summary | | Creating and Selling the Security Development Lifecycle (SDL) | | Managing the Process | | Making a Difference | | Introduction and Key Components of Agile Development | | Traditional & Agile Acquisition Life Cycles | | Common Agile Methods and Scrum - the Most Adopted Agile Method | | Challenges to Agile Adoption | | Suggestions for Successful Use of Agile Methods in DHS Acquisition | | Agile Summary | | Software Assurance, Introduction to Part 3: Mission Assurance | | What Does Mission Failure Look Like? | | Mission Thread Analysis for Assurance | | Applying Mission Thread Analysis Example 1 | | Applying Mission Thread Analysis Example 2 | | Applying Mission Thread Analysis | | Software Assurance, Introduction to Part 4: SwA for Acquisition | | Software Supply Chain Challenges | | Supply Chain Risk Mitigations for Products | | System Supply Chains | | SCRM Standards | | Summary | | Software Assurance in the Software Development Process and Supply Chain: Introduction | | Scope of the Problem | | Governance for System and Software Assurance | | Strategy Solutions: System Security Engineering, Software Sustainment | | Process Solutions | | Introduction, History, and Current State of Software | | Trustworthy Software | | The UK Trustworthy Software Initiative (TSI) | | Trustworthy Software Framework | | Current Focus and Future Direction of UK TSI | | Questions and Answers |
|
|
|
|
| Static Code Analysis using HPE Fortify 2 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on integrating static code analysis tools into the software development process from a developer's/cybersecurity professional's perspective. The course demonstrates how Fortify is used to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available.
Learning Objectives:
- Understand how static code analysis tools work.
- Utilize integrated development environment (IDE) plugins in order to find CWE in source code during the development phase.
- Apply visualization tools available to developers and security professionals.
- Participate in accreditation reporting.
Date: 2014
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Legal Advice and Advocacy |
Privacy Officer/Privacy Compliance Manager |
| Securely Provision |
Systems Development |
Systems Developer |
|
| | + Course Modules/Units | | | | AppSec with HPE Product Overview and Workflow | | HPE Fortify Static Code Analyzer Suite Overview | | HPE Static Code Analyzer Command Line Demo | | Audit Workbench Demo | | Fortify SCA Process Flow | | Audit Workbench Demo Continued | | STIG Reporting with Audit Workbench | | IDE Plugin | | Questions and Answers | | Fortify Priority | | Software Security Center |
|
|
|
| Static Code Analysis using Synopsis Coverity 1.5 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on integrating static code analysis tools into the software development process. This course explains how developers can use tools such as Coverity to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available, prior to deployment.
Learning Objectives:
- Understand how static code analysis tools work.
- The use of integrated development environment (IDE) plugins in order to find CWE in source code during the development phase.
- Visualization tools available to developers and security.
Date: 2014
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Legal Advice and Advocacy |
Privacy Officer/Privacy Compliance Manager |
| Securely Provision |
Systems Development |
Systems Developer |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| | + Course Modules/Units | | | | Overview of Synopsis Software Integrity Platform | | Demonstration | | Questions and Answers | | Closing |
|
|
|
| Supply Chain Assurance using Sonatype Nexus 2.5 Hours | Skill Level: Beginner | | | + Description | | | This course focuses on integrating static code analysis tools into the software development process from both a developer's and a security professional's perspective. This course demonstrates how tools such as Sonatype can be used to evaluate the software supply chain in order to identify and remove components with known Common Vulnerabilities and Exposures (CVE) from applications in which the source code is available.
Learning Objectives:
- Understand why software supply chain is important.
- Utilize integrated development environment (IDE) plugins in order to identify and avoid the use of libraries, applications, tools, etc. with known CVE used by an application.
- Apply tools to enforce organizational security policies and governance.
Date: 2014
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Oversee and Govern |
Legal Advice and Advocacy |
Privacy Officer/Privacy Compliance Manager |
| Securely Provision |
Systems Development |
Systems Developer |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| | + Course Modules/Units | | | | Overview of Sonatype Success Engineering | | Developer Perspective | | Policies | | Dashboard | | Repository Manager | | Questions and Answers | | Success from the Start | | Preparing for Deployment - Overview | | Preparing for Deployment - Licenses | | Preparing for Deployment - Architectural Risk | | Preparing for Deployment - Evaluation | | Preparing for Deployment - Policy Elements | | Preparing for Deployment - Default Policy Demo | | Preparing for Deployment - Policy Demo |
|
|
|
|
|
|
| Trusted Internet Connections 1 Hours | Skill Level: Beginner | | | + Description | | | The Trusted Internet Connections (TIC) 3.0 course is designed to provide students with an overview of the modernized TIC initiative as defined by the Office of Management and Budget (OMB) Memorandum (M) 19-26 and how agencies can leverage the new TIC 3.0 guidance to secure their networks. The training also explains how the TIC 3.0 guidance can be used to securely transition to the cloud and as a pathway to implementing zero trust.
Learning Objectives:
- Identify the goals of the modernized TIC initiative and the guidance available to help agencies.
- Learn about how to implement the TIC 3.0 guidance and how it complements other federal initiatives.
- Leverage the flexibilities available in TIC 3.0 to secure hybrid and cloud environments.
- Understand how to use the TIC 3.0 guidance as a pathway to implementing zero trust.
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Securely Provision |
Risk Management (RSK) |
Authorizing Official/Designating Representative, Security Control Assessor |
| Securely Provision |
Systems Architecture (ARC) |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning (SRP) |
Systems Requirements Planner |
| Securely Provision |
Systems Development (SYS) |
Information Systems Security Developer, Systems Developer |
| Oversee and Govern |
Cybersecurity Management (MGT) |
Information Systems Security Manager |
| Oversee and Govern |
Strategic Planning and Policy (SPP) |
Cyber Policy and Strategy Planner |
| Oversee and Govern |
Executive Cyber Leadership (EXL) |
Executive Cyber Leadership |
|
| | + Course Modules/Units | | | | Module 1 - Introduction to TIC | | Module 2 - How can Agencies Implement TIC? | | Module 3 - TIC and Other Federal Initiatives | | Module 4 - TIC and the Cloud | | Module 5 - TIC the Roadmap to Zero-Trust |
|
|
|
| Understanding DNS Attacks 1 Hours | Skill Level: Beginner | | | + Description | | | The Domain Name System, commonly known as DNS, is often referred to as the "phone book" of the Internet. Every time we access the Internet to visit our favorite websites, shop and pay bills online, or access online portals for healthcare or banking, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly powerful and useful, it also presents a rich attack surface for threat actors: allowing them to shut down websites and online services, replace legitimate website content with threats and extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal any information entered by users intending to conduct business as usual. "Understanding DNS Attacks" provides key information you need to know to protect yourself and your organization from DNS infrastructure tampering including common vulnerabilities, how to identify a potential attack, and guidance and best practices to mitigate the likelihood and impact of a successful DNS attack.
This webinar is accessible to non-technical learners including managers and business leaders, and offers an organizational perspective useful to technical specialists.
Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from DNS infrastructure attacks through awareness of common attack schemes, best practices, CISA guidance, and resources.
- Define DNS Tampering and explain common attack methods
- Identify signs of a DNS attack
- Learn mitigation steps for DNS attacks
- Understand the process to recover from a DNS attack
- Explore impacts of DNS attacks through case studies
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
Mission Assessment Specialist |
| Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
| Operate and Maintain |
Data Administration |
Data analyst, database administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operation Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber policy and strategy planner; cyber workforce developer and manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
| Understanding Web and Email Server Security 1 Hours | Skill Level: Beginner | | | + Description | | | Web and email servers are the workhorses of the Internet: we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers. Participants can request 1 CPE credit for completing this course.
This webinar includes the following information and more:
- Attack methods: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed, or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.
- Key Guidance for Organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.
- Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
- Incident Response overview: Key steps to identify a potential attack, mitigate damage through proper preparation and response, and recover after an attack occurs.
Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from web and email server cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.
- Define web and email server infrastructure, and explain common attack methods
- Identify signs of a potential attack
- Learn mitigation steps for web and email server attacks
- Understand the process to recover from a web or email server attack
- Explore impacts of web and email server attacks through case studies
Date: 2020
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-source analysis |
| Analyze |
Threat Analysis |
Threat/ warning analyst |
| Collect and Operate |
Collection Operations |
All Source Collection Manager; All Source Collection Requirements Manager |
| Collect and Operate |
Cyber Operational Planning |
Cyber Intel Planner; Cyber Ops Planner; Partner Integration Planner |
| Operate and Maintain |
Data Administration |
Data analyst, database administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber policy and strategy planner; cyber workforce developer and manager |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
| Protect and Defend |
Incident Response |
Cyber defense incident responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect; Security Architect |
| Securely Provision |
System Requirements Planning |
System requirements planner |
|
| |
|
| Windows Operating System Security 16 Hours | Skill Level: Intermediate | | | + Description | | | This course focuses on the security aspects of Microsoft Windows. The class begins with an overview of the Microsoft Windows security model and some of the key components such processes, drivers, the Windows registry, and Windows kernel. An overview of the users and group permission structure used in Windows is presented along with a survey of the attacks commonly seen in Windows environments. Patching, networking, and the built-in security features of Windows such as the firewall, anti-malware, and BitLocker are all covered in light detail.
Learning Objectives:
- Understanding of the Windows security model and its key components.
- Introduction and best practice recommendations for using and configuring users and groups.
- Overview of the Data Access Control technology in Windows Server 2012.
- Survey common attacks seen in a Windows environment.
- Understanding of the Microsoft update and patching process
Date: 2012
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Windows OS Security Course Introduction | | Windows Security Module Introduction | | Windows Architecture Overview | | Windows Subsystems Part 1 of 2 | | Windows Subsystems Part 2 of 2 | | Windows Security Development Lifecycle | | Windows API | | Windows Registry | | Viewing Windows Registry Demo | | Windows Services Part 1 of 2 | | Windows Services Demo | | Windows Services Part 2 of 2 | | Multi-tasking | | Sessions, Windows Stations and Desktops | | Programs and Drivers Part 1 of 2 | | Reviewing Drivers in Windows | | Programs and Drivers Part 2 of 2 | | Updating Widows Drives Demo | | Applications, Processes, and Threads | | Buffer Overflow Protection | | Authenticode Part 1 of 2 | | Digital Certificate Details Demo | | Authenticode Part 2 of 2 | | Windows Action Center | | Windows Users and Groups Introduction | | User Account Control | | Windows Users and Groups Part 1 of 2 | | Windows Users and Groups Part 2 of 2 | | Windows Interactive Logon Process | | NTLM Authentication Overview | | Kerberos Authentication Overview | | Types of Authentication | | File Permissions | | Dynamic Access Controls | | Threats and Vulnerabilities Introduction | | OS Vulnerabilities | | CVE Details Demo | | CVE Samples | | Misconfigurations | | Password Configuration Options | | Password DDOS Demo | | Common Misconfigurations | | CCE and the NVD Demo | | Social Engineering | | Viruses and Worms | | Impersonation | | Microsoft Updates and Patching Process Part 1 of 2 | | Double Decode | | Microsoft Updates and Patching Process Part 2 of 2 | | Securing the Update Process | | Update Process Circumvention | | Windows Server Update Service | | Internet Explorer Patching | | Windows Network Connectivity | | Windows Network Profiles | | Windows Network Adapter Settings | | Windows Wireless Settings | | Windows Networking Protocols | | Other Windows Protocols | | Microsoft VPN Part 1 of 2 | | Microsoft VPN Part 2 of 2 | | Microsoft Network Access Protection Part 1 of 2 | | Microsoft Network Access Protection Part 2 of 2 | | How to Configure Windows Update Settings Demo | | Windows Security Features Introduction | | Windows Firewall | | Windows Firewall Wizard Demo | | Windows Firewall with Advanced Security | | Windows Firewall with Advanced Security Demo | | Configuring Windows Firewall Demo | | Windows Defender | | Windows AD and PKI Demo | | Windows Active Directory Certificate Services | | Windows Group Policy | | Windows AppLocker | | Configuring And Using App Locker Demo | | Windows BitLocker | | Configuring And Using Bitlocker Demo | | Windows Secure Boot | | Windows Security Auditing | | Windows Audit Settings and Examples | | SCW Introduction | | Hardening Windows Introduction | | Windows Templates | | Microsoft Baseline Security Analyzer | | Microsoft Security Configuration Wizard | | Microsoft Security Compliance Manager | | Hardening with Group Policy | | NVD Search Demo | | Other Guidelines and Recommendations | | Using Windows Mgmt Intstrumentation Demo | | Using The Security Config Wizard Demo | | PowerShell Introduction | | PowerShell Key Commands | | PowerShell Demo | | Administrative Functions with PowerShell | | Computer and Network Management with PowerShell | | Basic Scripts in PowerShell | | PowerShell Security Settings and Configurations | | Using Powershell Demo | | Windows OS Security Quiz |
|
|
|
| Wireless Network Security (WNS) 9 Hours | Skill Level: Intermediate | | | + Description | | | This course focuses on the technologies of the 802.11 family of wireless networking, including the principles of network connectivity and network security.
Learning Objectives:
- Understand the difference between Wi-Fi and other wireless technologies.
- Identify the major protocols within the family of 802.11 protocols.
- Understand how radio frequency properties affect Wi-Fi network design and operation.
- Understand the operation of enterprise Wi-Fi networks and the evolution of CAPWAP.
- Understand the major Wi-Fi security and methods and be able to create a Wi-Fi security monitoring plan.
Date: 2013
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Securely Provision |
Systems Architecture |
Systems Architect |
|
| | + Course Modules/Units | | | | Wi-Fi Communication and Security Intro | | How Wi-Fi Became Ubiquitous | | Wi-Fi Standards - 802.11b | | Wi-Fi Standards - 802.11a | | Wi-Fi Standards - 802.11g n and ac | | Bluetooth Standards | | WiMAX Standards | | LTE HSPA EvDO Network Types | | Spread Spectrum Technology | | 802.11 Transmissions and Wireless Channels | | 802.11 Data Rates | | Wireless Network Topologies | | Wireless Network Hardware | | RF Propagation Principles | | Impacts on Signal Radiation | | Signal Propagation and Objects | | Additional Signal Effects | | Measuring Signal Strength | | Signal Strength and Antennas | | Wireless Coverage and Frequency Reuse | | Wireless Network Design Issues | | Wireless Modes and Service Sets | | Wireless Authentication and Association | | Wireless and Roaming 1 of 2 | | Wireless and Roaming 2 of 2 | | Enterprise 802.11 Solutions | | Key Points of CAPWAP | | Advantages of CAPWAP | | CAPWAP Demo | | 802.11 Security Flaws | | Fixing 802.11 Security | | 802.1x Authentication Protocols | | Additional Issues with 802.11 Encryption | | Additional 802.11 Security Measures | | Other Wireless Threats | | Wireless Best Practices | | Wireless Network Assessment Part 1 of 2 | | Wireless Network Assessment Part 2 of 2 | | Wireless Network Security Quiz |
|
|
|