|
0.25 Hours An Overview of High Value Assets (HVAs) | Skill Level: Intermediate | | + Description | | The May 2018, Binding Operational Directive (BOD) 18-02 tasked CISA to guide federal agencies on the dynamic threats to the security and resilience of High Value Assets (HVAs). In December 2018 Memorandum 19-03 (M-19-03) was released by the Office of Management and Budget (OMB) to further assist agencies with the identification and designation of HVAs.
The Continuous Diagnostics and Migration (CDM) Program has developed HVA Dashboards to help agencies reduce their risk posture and provide them with ongoing visibility into known exploited vulnerabilities (KEVs), common vulnerabilities and exposures (CVEs), and misconfigurations for their HVA assets.
This video will discuss the functionality within the CDM Agency Dashboard related to HVAs answer important questions such as: What is an HVA, the mandates to protect HVAs, the new functionality associated with HVAs, and how HVA data is being identified within the CDM Dashboard
Learning Objectives:
- Understand what an HVA is.
- Learn how federal mandates help to protect HVAs.
- Provide the learner what the new functionality associated with HVAs are and how HVA data is being identified within the CDM Dashboard
Date: April 2024
Course length: 14 minutes
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty | Area Work Roles |
Oversee and Govern | Cybersecurity Management | Information Systems Security Manager/td> |
Oversee and Govern | Program/Project Management and Acquisition | IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
|
| |
|
1 Hour CDM Program Manager Matt House Q&A about the CDM Dashboard version 6 and beyond | Skill Level: Basic | | + Description | | Webinar – CDM Program Manager Matt House Q & A about the CDM Dashboard version 6 and beyond Description: Matt House describes the new capabilities of the CDM Dashboard version ES-6x, including Cyber Hygiene, CDM Enabled Threat Hunting, STIG reporting, FISMA automation and HVA reporting. This video will describe the various capabilities of the CDM Dashboard and how it can provide many benefits to federal agencies. Learning Objective: - Understanding the capabilities of the ES-6x version of the CDM Dashboard, with focus on the FISMA automation, Binding Operating Directives (BOD), HVA reporting, the Known Exploited Vulnerabilities (KEV) catalog, plus much more!
Date: March 2024 Length: 67 minutes Training Proficiency Area: Level 1 - Beginner Training Purpose: Skill Development Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework Category | Specialty Area | Work Roles | Operate and Maintain | Systems Administration, Systems Analysis | System Administrator, Systems Security Analyst | Oversee and Govern | Cybersecurity Management | Information Systems Security Manager | Oversee and Govern | Program/Project Management and Acquisition | IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager | Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
|
| |
|
0.3 Hours Micro Learn: Understanding FISMA Automation with the CDM Dashboard | Skill Level: Basic | | + Description | | Micro Learn: Understanding FISMA Automation with the CDM Dashboard
Description:
The next evolution of the CDM Agency Dashboard includes FISMA dashboard automation and this course provides agencies with the understanding how CDM data is automated. The FISMA dashboard provides agencies with the insight of FISMA metrics that can be supported using CDM data. The metrics that are CDM automated, agencies can follow the same steps taken by federal analysts shown in this course.
Learning Objective:
- Understand the basic principles of FISMA dashboard automation and the CDM Agency Dashboard
- How FISMA metrics can used to support CDM data
- Provide a demonstration of how FISMA Automation functions
Date: April 2024
Length: 20 minutes
Training Proficiency Area: Level 2 – Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category |
Specialty Area |
Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
|
| |
|
0.25 Hours AWARE Scoring Algorithm Details | Skill Level: Beginner | | + Description | | This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.
Learning Objectives:
- Provide an overview on the AWARE Scoring Algorithm 1.0
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.5 Hours Micro Learn: AWARE 1.5s and the CDM Dashboard | Skill Level: Basic | | + Description | | In this video, the updated AWARE 1.5 supplemental overview is described and how it can benefit the federal agencies. Discussion questions include: What are the changes to the scoring algorithm; what are flipping scores; how are scores prioritized; what benchmarks are being accessed. Date: March 2023 Training Purpose: Skill Development Training Proficiency Area: Level 1 - Beginner Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework Category | Specialty Area | Work Roles |
---|
Operate and Maintain | Systems Administration, Systems Analysis | System Administrator, Systems Security Analyst | Oversee and Govern | Cybersecurity Management | Information Systems Security Manager | Oversee and Govern | Program/Project Management and Acquisition | IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager | Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
|
| |
|
2 Hours Data Analytics Using the CDM Dashboard | Skill Level: Intermediate | | + Description | | Data Analytics Using the CDM Dashboard
Description:
This two-hour self-paced course takes your experience using the CDM Dashboard and Kibana to the next level. Tailored for advanced Dashboard users, this eLearning consists of nine modules with hands-on activities that will boost your skills. Learn how to apply Kibana and the CDM Dashboard in real-world scenarios to become a pro at data visualization and analysis.
Objectives:
- Describe how data sources correspond to data targets in the CDM Dashboard Ecosystem.
- Explain how data views (previously known as index patterns) are used within the CDM Dashboard Ecosystem.
- Explain the purpose and create, modify, and share spaces, dashboards, visualizations, searches, and objects.
- Use the discover tool and best search practices.
- Apply knowledge of the CDM Dashboard Ecosystem and Kibana to use cases.
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| + Course Modules/Units | | Module 1: Introduction | Module 2: Data Sources | Module 3: Data Views | Module 4: Discover | Module 5: Visualizations | Module 6: Dashboards | Module 7: Saving Queries and Searches | Module 8: Saved Objects | Module 9: Assessment |
|
|
|
1 Hour CDM Cross-cluster Search Queries | Skill Level: Beginner | | + Description | | Cross-cluster Search Queries
Description:
This one-hour self-paced course is required for account provisioning on the CDM Federal Dashboard. This eLearning consists of two modules. At the successful conclusion of this course you are be able to download a certificate of complete from your transcript.
Learning Objective:
- Construct precise and specific queries using the cross-cluster search functionality.
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.5 Hours Micro Learn: CDM Agency Dashboard Videos (4 Videos) | Skill Level: Intermediate | | + Description | | This short CDM Agency Dashboard video will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the Elastic dashboard.
Learning Objectives:
- Become familiar with the Kibana User Interface of the CDM Agency Dashboard
- Better understand the CDM Agency Dashboard architecture and data flow
- Understand the general architecture, data flow, and data structure and schema
- Become familiar with JSON Documents
Date: 2022
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| + Course Modules/Units | | CDM Agency Dashboard – Kibana User Interface | CDM Agency Dashboard Architecture and Data Flow | CDM Agency Dashboard Data Structure and Schema | Understanding JSON Documents |
|
|
|
0.25 Hours Micro Learn: CDM Dashboard Interface ES-5 Overview | Skill Level: Beginner | | + Description | | This CDM Agency Dashboard video will provide a foundation level of knowledge and background that will help end users of the dashboard better understanding the functionality of ES-5 of the CDM Agency Dashboard.
Learning Objectives:
- Understand the Header Section of the CDM Agency Dashboard ES-5
- Utilize the Tool Bar feature the dashboard
- Provide an overview of the Query Bar
- Become familiar with the Time Filter of the dashboard
- Understand the Navigation Panel and Navigation Drawer features of the dashboard
Date: May 2022
Length: 10 minutes
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.5 Hours Micro Learn: CDM Dashboard version ES-6 Demonstration and Overview | Skill Level: Basic | | + Description | | Description:
Ms. Judy Baltensperger, Project Manager for the CDM Dashboard at CISA, provides a demonstration of the new capabilities of version ES-6 of the CDM Dashboard. She expands upon the Exploited Vulnerability (KEV) catalog and information provided within the catalog; delivers an overview of the reporting asset capability related to Binding Operational Directives (BOD) 22-01 and 23-01; explains the Agency Inventory Metrics (AIM), and much more! |
| |
|
0.25 Hours Micro Learn: CDM PMO Matt House speaks about the CDM Agency Dashboard | Skill Level: Basic | | + Description | | CDM PMO Matt House provides an update of ES-6 version of the CDM Dashboard and its capabilities
Description:
Learn about the capabilities of the CDM Dashboard version ES-6. This video will describe the Federal Dashboard, use case scenarios, and how Cross Cluster Searching can provide its many benefits to federal agencies.
Learning Objectives:
Understanding the capabilities of the ES-6 version of the CDM Dashboard, with focus on the FISMA directives, Binding Operating Directives (BOD), Database as a Service, cross cluster searching, Known Exploited Vulnerabilities (KEV) catalog, plus much more!
Date: May 2023
Length: 34 minutes
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.25 Hours Micro Learn: CDM PMO speaks about the CDM Agency Dashboard | Skill Level: Basic | | + Description | | This video explains the features of the current ES-3 version of the CDM Agency Dashboard.
Date: 2021
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.25 Hours Micro Learn: CISA’s Binding Operative Directive (BOD) 22-01 and the Known Exploited Vulnerabilities (KEV) catalog | Skill Level: Basic | | + Description | | In this video, Mr. Dave Otto, the Risk expert of the CDM program, explains the Binding Operational Directive 22-01, the CISA KEV (Known Exploited Vulnerabilities) Catalog, and how agencies can better protect their assets.
Date: 2022
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| + Course Modules/Units | | Micro Learn: CISA’s Binding Operative Directive (BOD) 22-01 and the Known Exploited Vulnerabilities (KEV) catalog |
|
|
|
0.5 Hours Micro Learn: Configuration Settings Management (CSM) with the CDM Agency Dashboard | Skill Level: Basic | | + Description | | This video explains the CSM features of the current ES-3 version of the CDM Agency Dashboard.
Date: October 2022
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.5 Hours Micro Learn: CSM | Skill Level: Beginner | | + Description | | This video provides an overview of the configuration settings management (CSM) capability and how CSM helps to reduce cyber-attacks in software and hardware assets within the Continuous Diagnostics and Mitigation (CDM) Program.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.5 Hours Micro Learn: CSM – Understanding Benchmarks and STIGS | Skill Level: Beginner | | + Description | | This video discusses the need for standardized benchmarks in the federal government and the use of Defense Information Systems Agency’s (DISA) Security Technical Implementation Guides (STIGs) for integration within the CDM solution. A review of DISA’s role, authority, and DISA STIG compliance levels is provided as well.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.75 Hours Micro Learn: AWARE 1.5 and the ES-3 version of the CDM Agency Dashboard | Skill Level: Basic | | + Description | | This video explains the features of AWARE 1.5 on the current ES-3 version of the CDM Agency Dashboard.
Date: 2021
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.2 Hours Micro Learn: DBaaS | Skill Level: Basic | | + Description | | The next evolution of the CDM Agency Dashboard is being offered in a cloud-based format, which provides agencies with the same functionality but relieves them from having to manage and continue to fund all of the aspects of an “on-prem” security solution. CISA is making this dashboard tool available in a Dashboard as a Service format, or DBaaS. This video will describe DBaaS and its many benefits to federal agencies.
Learning Objectives:
- Understand the basic principals of DBaaS and the CDM Agency Dashboard
- How DBaaS can help minimize agency vulnerabilities
- Provide a demonstration of how DBaaS works
Date: October 2022
Length: 7 minutes
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.5 Hours Micro Learn: IdAM- Identity and Access Management with the CDM Agency Dashboard | Skill Level: Intermediate | | + Description | | This 39 minute video is an interview recording of a Mr. Ross Foard, subject matter expert for DHS/CISA, and Identity and Access Management (IAM) . This video provides participants with the essential knowledge of IAM and the CDM Agency Dashboard.
Learning Objectives:
- Understand CDM Agency Dashboard basic features and IAM functionality.
Date: 2021
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.5 Hours Micro Learn: System Security Analyst Methodology | Skill Level: Beginner | | + Description | | This video presents cybersecurity concepts associated with continuous monitoring of issues that affect networks. A review of workplan concepts, checks and reviews, and mitigation recommendations is also covered.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.5 Hours Micro Learn: System Security Analyst Overview | Skill Level: Beginner | | + Description | | This video presents an overview of the System Security Analyst role and the six key responsibilities associated with that role. The importance of these six key responsibilities is covered including adherence to agency policy and assessing metrics and data.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.25 Hours Micro Learn: The AWARE 1.5 Risk Scoring Overview Using the CDM Agency Dashboard | Skill Level: Beginner | | + Description | | In this video, the AWARE 1.5 risk scoring overview is described and how it can benefit the federal agencies.
Date: May 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.25 Hours Micro Learn: The CDM PMO speaks about CDM Enabled Threat Hunting (CETH) and the CDM Agency Dashboard | Skill Level: Basic | | + Description | | In this video, Mr. Richard Grabowski, acting CDM PMO, explains CDM Enabled Threat Hunting (CETH) and how CETH benefits the federal agencies. He also discusses how the CDM Dashboard supports the implementation of Endpoint Detection and Response (EDR).
Date: 2022
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| + Course Modules/Units | | Micro Learn: The CDM PMO speaks about CDM Enabled Threat Hunting (CETH) and the CDM Agency Dashboard |
|
|
|
0.25 Hours Micro Learn: The Federal Dashboard and Cross Cluster Search | Skill Level: Beginner | | + Description | | Micro Learn: The Federal Dashboard and Cross Cluster Search
Description:
Learn about the concepts and features of the CDM Federal Dashboard. This video will describe the Federal Dashboard, use case scenarios, and how Cross Cluster Searching can provide
its many benefits to federal agencies.
Learning Objectives:
- Learning the new features of the Federal Dashboard and the primary use cases of the dashboard.
- Understanding the data trends within the Federal Dashboard
- What are the primary user roles of the Federal Dashboard?
- Learn about Cross Cluster Searching and how the federal dashboard increases the security of the .GOV domain
Date: April 2023
Length: 13 minutes
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category |
Specialty Area |
Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.5 Hours Micro Learn: Understanding AWARE 1.5 and the CDM Agency Dashboard | Skill Level: Beginner | | + Description | | This video explains the new AWARE 1.5 scoring and features.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.02 Hours Introduction to the AWARE Scoring Algorithm | Skill Level: Beginner | | + Description | | This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.
Learning Objectives:
- Provide an overview on the AWARE Scoring Algorithm 1.0
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.1 Hours API Key Self-Creation | Skill Level: Intermediate | | + Description | |
Course Title: API Key Self-Creation
Length (mins): 5 minutes
Description: Learn how to create an API key yourself using Kibana.
Learning Objectives:
- Perform the steps to create an API key using Kibana.
Training Purpose: Skill Development
Training Level: Advanced
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.1 Hours Change Number Format with Kibana | Skill Level: Intermediate | | + Description | |
Course Title: Change Number Format with Kibana
Length (mins): 5 minutes
Description: Kibana allows for custom number formatting. Learn how to display values as whole numbers and not as rounded ones. This MicroLearn demonstrates how to do this by changing general and custom settings.
Learning Objectives:
- Change the number format in Kibana.
Training Purpose: Skill Development
Training Level: Intermediate
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.1 Hours Create a Dashboard with Existing Visualizations | Skill Level: Advanced | | + Description | |
Course Title: Create a Dashboard with Existing Visualizations
Length (mins): 4 minutes
Description: This MicroLearn demonstrates how to create a dashboard and quickly add existing visualizations to the dashboard. Before beginning, please read the following restrictions.
Learning Objectives:
- Create a new dashboard with existing visualizations.
Training Purpose: Skill Development
Training Level: Intermediate
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.1 Hours Create a Visualization with Lens | Skill Level: Intermediate | | + Description | |
Course Title: Create a Visualization with Lens
Length (mins): 4 minutes
Description: Kibana's Lens feature makes it easy to create visualizations. This MicroLearn demonstrates how to create a simple graph using the Lens feature.
Learning Objectives:
- Create a line graph using Lens.
Training Purpose: Skill Development
Training Level: Intermediate
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours Dashboard Navigation – An Introduction | Skill Level: Beginner | | + Description | |
Course Title: Dashboard Navigation – An Introduction
Length (mins): 2 minutes
Description: Finding data that’s meaningful to you shouldn’t be challenging. Following these four easy steps will allow you to navigate seamlessly through the CDM Dashboard to find exactly what you are looking for.
Learning Objectives:
- Identify ways to navigate the CDM Dashboard.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours Federal Benchmark Subscores | Skill Level: Beginner | | + Description | |
Course Title: Federal Benchmark Subscores
Length (mins): 3 minutes
Description: This MicroLearn is a demonstration of how to view Federal Benchmark metrics. These metrics consist of Averages, Maximum Values, and Minimum Values. Metrics are derived from Agency Dashboard data reported to the Federal Dashboard.
Learning Objectives:
- View the Federal Benchmarks used in the CDM Dashboard.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.1 Hours FireEye Reporting – Search for the Latest CVE Data from FireEye | Skill Level: Beginner | | + Description | |
Course Title: FireEye Reporting – Search for the Latest CVE Data from FireEye
Length (mins): 4 minutes
Description: This MicroLearn teaches you how to search and view the latest FireEye enriched NIST CVE reference data shared by the Federal Dashboard.
Learning Objectives:
- Retrieve the NIST CVE data that is enriched by FireEye.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours Interface Overview – Discover, Dashboard, and Visualize | Skill Level: Beginner | | + Description | |
Course Title: Interface Overview – Discover, Dashboard, and Visualize
Length (mins): 2 minutes
Description: This MicroLearning introduces three important Kibana interface tools: Discover, Dashboard, and Visualize.
Learning Objectives:
- Identify the Discover, Dashboard, and Visualize areas of the CDM Dashboard.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours Manual Filtering (Add Filter) – Filter by Critical Severity | Skill Level: Beginner | | + Description | |
Course Title: Manual Filtering (Add Filter) – Filter by Critical Severity
Length (mins): 2 minutes
Description: Add filters to display only those documents that contain a particular value in a field. You can also create negative filters that exclude documents that contain the specified field value.
- Perform the steps to create a negative filter, also known as filter out.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours Manual Filtering – Adding Multiple Filters on One Dashboard | Skill Level: Beginner | | + Description | |
Course Title: Manual Filtering – Adding Multiple Filters on One Dashboard
Length (mins): 2:30 minutes
Description: Add filters to display only those documents that contain a particular value in a field. In this MicroLearn, you will learn how to add multiple filters to the same dashboard.
- Add multiple filters to a dashboard.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.25 Hours Introduction to the New CDM Agency Dashboard | Skill Level: Beginner | | + Description | | This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.
Learning Objectives:
- Understand the New CDM Agency Dashboard
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours Search Function – Search for Mac Machines | Skill Level: Beginner | | + Description | |
Course Title: Search Function – Search for Mac Machines
Length (mins): 2 minutes
Description: In this MicroLearn, you will perform a Free Text Search – a search performed on all fields. The KQL Search bar allows you to search the indices that match the current index pattern. You will learn how to enter search criteria in the query bar and why to avoid Elastic's Global Search Bar.
- Create a filter using the KQL Search bar to locate Mac end points.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours STIG Dictionary Filter Sort and View Details | Skill Level: Beginner | | + Description | |
Course Title: STIG Dictionary Filter Sort and View Details
Length (mins): 3:30 minutes
Description: This MicroLearn demonstrates how to use Kibana's Discover feature to Filter, Sort, and View STIG information. This tutorial begins with the Discover feature within the CDM Agency Dashboard space. The steps used in this tutorial are the same for the CDM Federal Dashboard.
- Locate STIG information in the CDM Agency or Federal Dashboard using Kibana's Discover feature.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.1 Hours The Data Dictionary | Skill Level: Beginner | | + Description | |
Course Title: The Data Dictionary
Length (mins): 5 minutes
Description: This MicroLearn demonstrates how to view the CDM Dashboard's Data Dictionary to lookup field descriptions and view the fields that compose a data view using the Discover tool.
- Use the Discover tool to view field definitions.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours The KQL Search Bar – An Introduction to Field Level Searches | Skill Level: Beginner | | + Description | |
Course Title: The KQL Search Bar – An Introduction to Field Level Searches
Length (mins): 5 minutes
Description: The Kibana Query Language (KQL) makes it easy to find the fields and syntax for your Elasticsearch query. Learn more about data fields and field level searches in this MicroLearn.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours Time Filter – Show ‘Absolute’ Dates | Skill Level: Beginner | | + Description | |
Course Title: Time Filter – Show ‘Absolute’ Dates
Length (mins): 1:30 minutes
Description: Learn how to filter for time in the CDM Dashboard using the Absolute feature. Use the Absolute tab in the Show Dates dropdown menu to choose a specific date range. By default, the time filter on the CDM Dashboard is set to the last 30 Days.
- Locate and select absolute date ranges.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours Time Filter – ‘Commonly Used’ Feature | Skill Level: Beginner | | + Description | |
Course Title: Time Filter – ‘Commonly Used’ Feature
Length (mins): 1:30 minutes
Description: By default, the time filter on the CDM Dashboard is set to the last 30 Days. Learn how to use the time filter to change the date range to meet your data analysis needs. The time filter is a powerful tool with a multitude of features. This MicroLearn focuses on how to filter for time within the Commonly Used date feature.
- Locate and select the Commonly Used date ranges.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours Trend Chart Filtering | Skill Level: Beginner | | + Description | |
Course Title: Trend Chart Filtering - Filtering for Time
Length (mins): 1 minute
Description: It is possible to change the Time Range from within a Trending Chart without using the Time Filter. Learn how in this MicroLearn.
- Change the data range in a Trend graph without using the Time Filter.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.05 Hours Using Multiple Filter Types | Skill Level: Beginner | | + Description | |
Course Title: Using Multiple Filter Types
Length (mins): 2:30 minutes
Description: There are a multitude of ways to filter data in Kibana. This MicroLearn walks you through four variations in one dashboard experience.
- Apply four different methods of applying filters in Kibana.
Training Purpose: Skill Development
Training Level: Beginner
Alignment to NICE Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.02 Hours What is CDM and the CDM Agency Dashboard? | Skill Level: Beginner | | + Description | | This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.
Learning Objectives:
- Understand what are CDM and the CDM Agency Dashboard
- Understand the New CDM Agency Dashboard
- Provide an overview on the AWARE Scoring Algorithm 1.0
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
2.5 Hours CDM 141 | Skill Level: Beginner | | + Description | | Introduction to the CDM Agency Dashboard
Course Length: 3 hours
Description:
This course is a recording of a virtual 3-hour course which provides participants with the essential knowledge of the ES-6 version of the CDM Agency Dashboard. It explains basic features and navigation within the environment and includes demonstrations using the CDM Agency Dashboard to identify and report on asset vulnerabilities and other key features of the dashboard.
Register to join the next live iteration of this course via https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-training.
Learning Objectives:
- Understand CDM Agency Dashboard basic features and functionality
- Instructor demonstrates the CDM Agency Dashboard
Date: March 2024
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
|
0.5 Hours Ransomware Overview | Skill Level: Beginner | | + Description | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This training course focuses on basic Ransomware concepts and methodology. This course will explain what ransomware is, preventative measures that can be used to prevent a ransomware attack, and ransomware incident response and recovery.
Learning Objectives:
- Present an overview of ransomware attacks
- Identify preventative measures to block ransomware attacks
- Discuss incident response best practices for ransomware attacks
- Detail ways to implement recovery measure after a ransomware attack
- Learn to strategically plan the development and implementation of your CSIRT.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
1 Hour Incident Response Training: Preventing Web and Email Server Attacks (IR 105) | Skill Level: Beginner | | + Description | | This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Web and email servers are the workhorses of the Internet — we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers. This webinar includes the following information and more:
- Common attacks and vulnerabilities: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.
- Key guidance for organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.
- Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
- Knowledge checks: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.
This awareness webinar is designed for both technical and non-technical audiences.
Date: 2022
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend | Incident Response | Cyber Defense Incident Responder | Protect and Defend | Vulnerability Assessment and Management | Vulnerability Assessment Analyst | Operate and Maintain | Systems Analysis | Systems Security Analyst | Securely Provision | Systems Requirements Planning | System Requirements Planner | Oversee and Govern | Program Management and Acquisition | IT Project Manager | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
1 Hour Understanding Indicators of Compromise (IR 108) | Skill Level: Beginner | | + Description | | This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit:
https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Major cyber-attacks have made headlines for years and the pace of threat activity faced by government and private sector organizations is accelerating. Often, the most damaging attacks reported are traced to Advanced Persistent Threats (APTs): groups of sophisticated hackers who gain entry into an unauthorized system and remain undetected for extended periods of time, allowing them to surveil and gather information, test security, or execute malicious activity without tripping network defenses.
Indicators of Compromise (IOCs) are the digital and informational "clues" that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. This webinar provides an overview of IOCs for incident responders and those who work with them, introduces example scenarios and how IOCs can be used to trace activity and piece together a timeline of the threat, and discusses tools and frameworks to help incident responders use IOCs to detect, analyze, respond to, and report cyber threat activity.
This webinar includes the following information and more:
-
Define IOCs and why tracking, investigating, and reporting IOCs are crucial to enterprise cybersecurity.
-
Understand how IOCs are used for threat hunting and incident response, different types of indicators, and how to collect different categories of IOCs.
-
Learn about the MITRE ATT&CK® framework and how it supports the analysis of IOCs, potential threat actors related to the activity and their associated strategies and tactics.
-
Introduce free CISA cybersecurity tools, services, and resources to help organizations further advance their cybersecurity capabilities.
This awareness webinar is designed for both technical and non-technical audiences.
Date: 2022
Training Proficiency Area: Level 1 – Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend
|
Incident Response
|
Cyber Defense Incident Responder
|
Protect and Defend
|
Vulnerability Assessment and Management
|
Vulnerability Assessment Analyst
|
Operate and Maintain
|
Systems Analysis
|
Systems Security Analyst
|
Securely Provision
|
Systems Requirements Planning
|
System Requirements Planner
|
Oversee and Govern
|
Program Management and Acquisition
|
IT Project Manager
|
|
| |
|
1 Hour Defend Against Ransomware Attacks (IR109) | Skill Level: Beginner | | + Description | |
This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Ransomware attacks hit a new target every 14 seconds–shutting down digital operations, stealing information and exploiting businesses, essential services, and individuals alike. This one-hour webinar provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to mitigate and respond to the ever-evolving threat of ransomware.
This webinar includes the following information and more:
- Common attack methods: Learn the definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time. The webinar will discuss common signs of a ransomware attack and how to respond if an attack is suspected.
- Key guidance for organizations: CISA provides guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack.
- Case studies: Explore the methods and impacts of real-life cyber-attacks, and how the victims responded and recovered.
- Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.
This awareness webinar is designed for both technical and non-technical audiences.
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Systems Requirements Planning |
System Requirements Planner |
Oversee and Govern |
Program Management and Acquisition |
IT Project Manager |
|
| |
|
2 Hours Preventing Web and Email Server Attacks Cyber Range Training (IR205) | Skill Level: Beginner | | + Description | |
This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Participants will be introduced to common web and email vulnerabilities, as well as the technologies of encryption and authentication to enhance web and email security. This course uses an active participation approach to facilitate realistic technical training and interaction opportunities for learners.
Experience these benefits and more:
- Learn how to implement CISA guidance: Course exercises include implementation of the recommendations in BOD 18-01.
- Identify and mitigate vulnerabilities in real time: Students identify common web and email vulnerabilities and mitigate them by reconfiguring the web server and Domain Name System (DNS) settings.
- Expert facilitation: Throughout the course, expert cybersecurity engineers moderate discussion and conduct a recovery debrief for the exercises.
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Systems Requirements Planning |
System Requirements Planner |
Oversee and Govern |
Program Management and Acquisition |
IT Project Manager |
|
| |
|
1.5 Hours Understanding Indicators of Compromise Cyber Range Training (IR208) | Skill Level: Beginner | | + Description | |
This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Cyberattacks have made headlines for years, and the pace of threat activity faced by government and private sector organizations is accelerating. Indicators of compromise (IOCs) are the digital and informational “clues” that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks. In this training, participants will be introduced to common IOCs and common protocols used to find them in their own systems.
Experience these benefits and more:
- Importance of IOCs: Define IOCs and why tracking, investigating, and reporting IOCs are crucial to enterprise cybersecurity. Students will understand how IOCs are used for threat hunting and incident response, different types of indicators, and how to collect different categories of IOCs.
- Learn about the MITRE ATT&CK® Framework and how it supports the analysis of IOCs, potential threat actors related to the activity, and their associated tactics, techniques, and procedures (TTPs).
- Expert facilitation: Throughout the course, expert cybersecurity engineers moderate discussion and conduct a recovery debrief for the exercises.
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Systems Requirements Planning |
System Requirements Planner |
Oversee and Govern |
Program Management and Acquisition |
IT Project Manager |
|
| |
|
1.5 Hours Defend Against Ransomware Attacks Cyber Range Training (IR209) | Skill Level: Beginner | | + Description | |
This is a recorded version of an Incident Response Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Ransomware is the fastest growing malware threat targeting home, business, and government networks. Anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a network’s defense. If just one computer becomes infected with ransomware, infection could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure. In this training, participants will be introduced to common applications and process that harden network defenses, as well as key concepts used in the prevention of ransomware attacks.
This training includes the following information and more:
- Common attack methods: Define ransomware and identify best practices and preventive measures to mitigate the impact of ransomware attacks.
- Lab Demonstrations: Learn how to apply specific tools to configure and back up Active Directory policies, reset Kerberos Ticket Granting Ticket (KRBTGT) account passwords, and create application allow-listing policies.
- Expert facilitation: Throughout the course, expert cybersecurity engineers’ moderate discussions and conduct a recovery debrief for the exercises.
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Systems Requirements Planning |
System Requirements Planner |
Oversee and Govern |
Program Management and Acquisition |
IT Project Manager |
|
| |
|
1 Hour Incident Response Training: Defending Internet Accessible Systems (IR 104) | Skill Level: Beginner | | + Description | | This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Internet-accessible systems have become the backbone of modern business and communication infrastructure, from smartphones to web applications, to the explosive growth of the “Internet of Things” (IoT). Each of these systems and devices, however, can be targeted by threat actors and used to conduct malicious activity if they are unsecured. Worse, these systems can leave vulnerabilities and sensitive information freely available to exploit if not properly configured and maintained. This webinar includes the following information and more: - Common attacks and vulnerabilities: Understand common vulnerabilities of internet-accessible systems, how they are exploited by threat actors, and how to mitigate them to prevent attacks from succeeding.
- CISA guidance: Learn key guidance, resources, and best practices to address vulnerabilities and prepare effective incident response and recovery.
- Case studies: Examine the methods and impacts of real-life cyberattacks, and how the targets responded and recovered.
- Knowledge checks: Knowledge check questions will be asked throughout the course to reinforce key concepts and important takeaways.
This awareness webinar is designed for both technical and non-technical audiences. Date: 2022 Training Proficiency Area: Level 1 - Beginner Training Purpose: Skill Development Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5) Category | Specialty Area | Work Roles | Protect and Defend | Incident Response | Cyber Defense Incident Responder | Protect and Defend | Vulnerability Assessment and Management | Vulnerability Assessment Analyst | Operate and Maintain | Systems Analysis | Systems Security Analyst | Securely Provision | Systems Requirements Planning | System Requirements Planner | Oversee and Govern | Program Management and Acquisition | IT Project Manager |
|
| |
|
1.5 Hours Defending Internet Accessible Systems Cyber Range Training (IR204) | Skill Level: Beginner | | + Description | |
This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Participants will be introduced to tactics and strategies that enable them to protect their organizations from attacks against internet-accessible system(s) (i.e., internet-accessible system attacks or IAS) through awareness of individual and organizational points of vulnerability.
Experience these benefits and more:
- Learn how to implement CISA guidance: Course exercises include implementation of the recommendations in BOD 19-02.
- Identify and mitigate vulnerabilities in real time: Students will identify common methods of scanning for vulnerabilities, analyzing event logs, and modifying firewall rules.
- Expert facilitation: Throughout the course, expert cybersecurity engineers will moderate discussion and conduct a recovery debrief for the exercises.
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Systems Requirements Planning |
System Requirements Planner |
Oversee and Govern |
Program Management and Acquisition |
IT Project Manager |
|
| |
|
0.5 Hours How to Backup and Restore Active Directories | Skill Level: Beginner | | + Description | | Active Directory (AD) is one of the most vital components in a Windows network. Cybercriminals today are targeting AD, performing reconnaissance to discover users, servers, and computers in an enterprise network, and then moving laterally to carry out multi-stage attacks to gain access and abuse organization resources and data. An AD backup and restoration disaster recovery strategy is vital for operation continuity. Backing up AD regularly is important, sometimes the backup is the only way for an organization to recover its data after a cyberattack.
This interactive training module focuses on basic AD concepts and methodologies. This module will explain how to identify the Primary Domain Controller (PDC) of the domain, explain how to make changes to AD without backing up again, and provide an opportunity for you to practice confirming the changes made after the backup are replaced with the information in the backup file.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The AD Backup Restore Demo provides a walkthrough of the tasks you'll need to complete, the AD Backup Restore Try allows you the opportunity to test out the tasks presented in the AD Backup Restore Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Backup Active Directory on a Domain Controller
- Restore Active Directory on a Domain Controller
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
0.5 Hours Securing Systems: How to Block Malicious IPs | Skill Level: Beginner | | + Description | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This interactive training module provides mitigation strategies and techniques as it relates to firewall rules. This module will explain what firewalls are, present the importance of implementing firewall rules and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Block Malicious IPs Demo provides a walkthrough of the tasks you'll need to complete, the Block Malicious IPs Try allows you the opportunity to test out the tasks presented in the Block Malicious IPs Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Identify the purpose of firewalls
- Present the importance of implementing firewall rules
- Identify specific firewall rules to apply
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
0.5 Hours Securing Systems: How to Create Application Allowlisting Policies | Skill Level: Beginner | | + Description | | Application Allowlisting is a controlled list of applications and components such as libraries, configuration files, etc. that are authorized to be present or active on a host according to a well-defined baseline. It is a highly effective security strategy that acts as a preventative file execution policy to allow only certain programs to run and prevents others from executing. Every organization must verify and trust each and every application they allow on their network. They do this by adapting allowlisting to help block the execution of malware, unlicensed software, and other unauthorized software.
This interactive training module focuses on basic Application Allowlisting concepts and methodologies. This module will explain what Application Allowlisting is, present the importance of implementing Application Allowlisting, and provide an opportunity for you to practice applying specific Application Allowlisting rules in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Application Allowlisting Demo provides a walkthrough of the tasks you'll need to complete, the Application Allowlisting Try allows you the opportunity to test out the tasks presented in the Application Allowlisting Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Create Windows Defender Application Control (WDAC) allowlisting policies with PowerShell
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| + Course Modules/Units | | Application Allowlisting - Video | Application Allowlisting - Demo | Application Allowlisting- Try |
|
|
|
0.25 Hours How to Disable SMBv1 | Skill Level: Beginner | | + Description | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This interactive training module provides information on how to disable SMBv1 using the group policy mitigation technique. This module will explain Server Message Block (SMB), provide an overview of the versions of SMB, present the importance of blocking SMBv1, and provide an opportunity for you to practice applying group policies that disable SMBv1 in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The SMBv1 Demo provides a walkthrough of the tasks you'll need to complete, the SMBv1 Try allows you the opportunity to test out the tasks presented in the SMBv1 Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Define Server Message Block
- Identify the three versions of SMB
- Present the importance of disabling SMBv1
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
0.25 Hours How to Reset a KRBTGT Account Password | Skill Level: Beginner | | + Description | | Kerberos Ticket Granting Ticket (KRBTGT) is a local default account used for Microsoft’s implementation of Kerberos, the default Microsoft Windows authentication protocol for granting access to network applications and services. KRBTGT acts as a service account for the Key Distribution Center (KDC) service. KRBTGT account in Active Directory (AD) plays a key role that encrypts and signs all Kerberos tickets for the domain.
This interactive training module focuses on basic KRBTGT concepts and methodology. This module will explain how to reset the KRBTGT account password using the Active Directory Users and Computers app in the Administrative tools in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Reset KRBTGT Account Password Demo provides a walkthrough of the tasks you'll need to complete, the Reset KRBTGT Try allows you the opportunity to test out the tasks presented in the Reset KRBTGT Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Reset the KRBTGT Account password
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| + Course Modules/Units | | Reset KRBTGT Account Password - Video | Reset KRBTGT Account Password - Demo | Reset KRBTGT Account Password - Try |
|
|
|
0.25 Hours Securing Systems: How to Sinkhole a Malicious Domain | Skill Level: Beginner | | + Description | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This interactive training module focuses on sinkholing as a mitigation technique. This module will explain what Domain Name Service (DNS) sinkholes are, present the importance of implementing sinkholes, and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Sinkhole Demo provides a walkthrough of the tasks you'll need to complete, the Sinkhole Try allows you the opportunity to test out the tasks presented in the Sinkhole Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Present the definition of a DNS Sinkhole
- Identify key terms related to the Sinkholing process
- Explain the importance of implementing a DNS Sinkhole
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
2 Hours CDM 142 | Skill Level: Beginner | | + Description | | Course Length: 3 hours
This course is a recording of a virtual 3-hour course and presents an ES-6 overview of how the dashboard provides visibility into the metrics and measurements needed for a continuous monitoring program. It explains how to create queries for hardware (HW) and software (SW) assets and introduces a framework for using data reports to inform risk-based decision-making. Register to join the next live iteration of this course via https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-training.
Learning Objectives:
- Understand CDM agency dashboard functionalities around asset management
- Learn how to create asset management queries
- Learn how to create reports
Date: May 2024
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
|
1 Hour Using the Incident Response Playbook at your Organization (IR 111) | Skill Level: Beginner | | + Description | | Course length: 1 hour
These courses are developed in response to the President’s Executive Order 14028, tasking CISA to “develop a standard set of operational procedures (i.e., playbook) to be used in planning and conducting cybersecurity vulnerability and incident response activity” for federal civilian agency information systems. CISA published the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks. These playbooks are intended to guide and facilitate Federal Civilian Executive Branch (FCEB) agencies by providing standardized processes and procedures for planning and conducting cybersecurity incident and vulnerability response activities. These courses focus on the Incident Response (IR) Playbook and associated checklists that are aligned to the NIST-defined IR phases including preparation, detection and analysis, containment, eradication and recovery, and post-incident activities. The goal of this CISA IR Playbook and courses is for each agency to use a standardized approach to incident response that aligns with guidance and best practices and provides them with processes and procedures to help them be better organized and prepared if an incident is declared. Proactive and thoughtful planning paired with routine exercising of the plan, when used with a continuous process improvement approach (i.e., Plan, Do, Check, Act or Observe, Orient, Decide, Act), is a must for agencies to be prepared and ultimately able to respond to incidents as quickly as possible. Lessons learned and common missteps, as well as roles and responsibilities and internal vs. external communication critical paths, will also be highlighted in these courses.
Learning Objectives:
At the end of the course, the students should be able to:
- Describe why an IR playbook is important for an agency to use
- Identify and describe the sections of the CISA IR Playbook
- Describe how to use the IR checklist in the CISA IR Playbook
- Identify typical roles that are needed during an incident response
- List potential questions or key information that an IR team should consider at each phase of an IR
For Cybersecurity courses: NICE mapping: Analyze, Investigate, and Protect and Defend
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
|
|
|
|
| |
|
1 Hour Introduction to Log Management (IR110) | Skill Level: Beginner | | + Description | |
This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Log files provide the data that are the bread and butter of incident response, enabling network analysts and incident responders to investigate and diagnose issues and suspicious activity from network perimeter to epicenter. This webinar introduces the fundamentals of investigating logs for incidents.
This webinar includes the following information and more:
- Common attack methods: Understand log analysis, and its importance as a crucial component of incident response and network security.
- Key guidance for organizations: Introduce resources and tools that enable organizations and individuals to use log analysis to query for threat activity including SIEM, FPCAP analysis, and using PowerShell and Active Directory to run scripts.
- Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
- Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.
This awareness webinar is designed for both technical and non-technical audiences.
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Systems Requirements Planning |
System Requirements Planner |
Oversee and Govern |
Program Management and Acquisition |
IT Project Manager |
|
| |
|
1 Hour Introduction to Network Diagramming (IR107) | Skill Level: Beginner | | + Description | |
This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.
This webinar includes the following information and more:
- Importance of network diagrams: Students will learn the importance of creating and maintaining network topology diagrams. Students will also understand the importance of identifying data flows and storage, identifying remote access points and external connections, and network segmentation for security.
- Key guidance for organizations: CISA provides guidance on what to include in network diagrams.
- Knowledge check: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.
This awareness webinar is designed for both technical and non-technical audiences.
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Systems Requirements Planning |
System Requirements Planner |
Oversee and Govern |
Program Management and Acquisition |
IT Project Manager |
|
| |
|
0.5 Hours Network Topology 1 | Skill Level: Beginner | | + Description | | To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.
This module introduces viewers to the importance of having a network diagram, types of diagrams, common network diagramming tools, and commonly used network symbols.
Learning Objectives:
- Recognize how networks have evolved to include external cloud-based architectures
- Recognize the importance of creating and maintaining network topology diagrams
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Analyze | All-Source Analysis | Mission Assessment Specialist |
Analyze | Exploitation Analysis | Exploitation Analyst |
Analyze | Threat Analysis | Threat/ warning analyst |
Investigate | Digital Forensics | Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain | Data Administration | Data Analyst, Database Administrator |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Knowledge Management | Knowledge Manager |
Operate and Maintain | Network Services | Network Operations Specialist |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Systems Analysis | Systems Security Analyst |
Oversee and Govern | Cybersecurity Management | Communications security manager; information systems security manager |
Oversee and Govern | Executive Cyber Leadership | Executive Cyber Leadership |
Oversee and Govern | Program Management and Acquisition | IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
Protect and Defend | Cyber Defense Infrastructure Support | Cyber Defense Infrastructure Support specialist |
Protect and Defend | Incident Response | Cyber defense incident responder |
Protect and Defend | Vulnerability Assessment and Management | Vulnerability assessment analyst |
Securely Provision | Risk Management | Authorizing official; security control assessor |
Securely Provision | Systems Architecture | Enterprise Architect, Security Architect |
Securely Provision | Systems Requirements Planning | Systems Requirements Planner |
Securely Provision | Test and Evaluation | System Testing and Evaluation Specialist |
|
| |
|
0.5 Hours Network Topology 2 | Skill Level: Beginner | | + Description | | To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.
This module introduces viewers to the importance of knowing and understanding how networks and assets are connected, segmented, controlled, and architected for representation in network diagram designs.
Learning Objectives:
- Identify the difference between logical and physical topology diagrams
- Identify the common network topology patterns
- Define network architecture
Date: 2023
Training Proficiency Area: Level Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Analyze | All-Source Analysis | Mission Assessment Specialist |
Analyze | Exploitation Analysis | Exploitation Analyst |
Analyze | Threat Analysis | Threat/ warning analyst |
Investigate | Digital Forensics | Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain | Data Administration | Data Analyst, Database Administrator |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Knowledge Management | Knowledge Manager |
Operate and Maintain | Network Services | Network Operations Specialist |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Systems Analysis | Systems Security Analyst |
Oversee and Govern | Cybersecurity Management | Communications security manager; information systems security manager |
Oversee and Govern | Executive Cyber Leadership | Executive Cyber Leadership |
Oversee and Govern | Program Management and Acquisition | IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
Protect and Defend | Cyber Defense Infrastructure Support | Cyber Defense Infrastructure Support specialist |
Protect and Defend | Incident Response | Cyber defense incident responder |
Protect and Defend | Vulnerability Assessment and Management | Vulnerability assessment analyst |
Securely Provision | Risk Management | Authorizing official; security control assessor |
Securely Provision | Systems Architecture | Enterprise Architect, Security Architect |
Securely Provision | Systems Requirements Planning | Systems Requirements Planner |
Securely Provision | Test and Evaluation | System Testing and Evaluation Specialist |
|
| |
|
0.5 Hours Network Topology 3 | Skill Level: Beginner | | + Description | | To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.
This module introduces viewers to the importance of knowing what’s on their networks, where data enters and exits and how the data flows through their network, and how they can use asset discovery and mapping tools to help either gather this information or create a diagram.
Learning Objectives:
- Explain why an asset scanning and mapping tool is used
- Recognize the importance of identifying data flows and storage
- Explain the importance of identifying remote access points and external connections
- Explain the importance of network segmentation for security
Date: 2023
Training Proficiency Area: Level Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Analyze | All-Source Analysis | Mission Assessment Specialist |
Analyze | Exploitation Analysis | Exploitation Analyst |
Analyze | Threat Analysis | Threat/ warning analyst |
Investigate | Digital Forensics | Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain | Data Administration | Data Analyst, Database Administrator |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Knowledge Management | Knowledge Manager |
Operate and Maintain | Network Services | Network Operations Specialist |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Systems Analysis | Systems Security Analyst |
Oversee and Govern | Cybersecurity Management | Communications security manager; information systems security manager |
Oversee and Govern | Executive Cyber Leadership | Executive Cyber Leadership |
Oversee and Govern | Program Management and Acquisition | IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
Protect and Defend | Cyber Defense Infrastructure Support | Cyber Defense Infrastructure Support specialist |
Protect and Defend | Incident Response | Cyber defense incident responder |
Protect and Defend | Vulnerability Assessment and Management | Vulnerability assessment analyst |
Securely Provision | Risk Management | Authorizing official; security control assessor |
Securely Provision | Systems Architecture | Enterprise Architect, Security Architect |
Securely Provision | Systems Requirements Planning | Systems Requirements Planner |
Securely Provision | Test and Evaluation | System Testing and Evaluation Specialist |
|
| |
|
0.2 Hours Network Topology 4 – Diagramming Process | Skill Level: Beginner | | + Description | | To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.
This module introduces viewers to the process of creating a network diagram which includes identifying assets, sketching a diagram, choosing an application, selecting a network template, building the diagram, creating a legend, and maintaining the diagram.
Learning Objectives:
- Describe the steps for building a network diagram
- Identify the generic templates and symbols used in creating network diagrams
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Analyze | All-Source Analysis | Mission Assessment Specialist |
Analyze | Exploitation Analysis | Exploitation Analyst |
Analyze | Threat Analysis | Threat/ warning analyst |
Investigate | Digital Forensics | Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain | Data Administration | Data Analyst, Database Administrator |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Knowledge Management | Knowledge Manager |
Operate and Maintain | Network Services | Network Operations Specialist |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Systems Analysis | Systems Security Analyst |
Oversee and Govern | Cybersecurity Management | Communications security manager; information systems security manager |
Oversee and Govern | Executive Cyber Leadership | Executive Cyber Leadership |
Oversee and Govern | Program Management and Acquisition | IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
Protect and Defend | Cyber Defense Infrastructure Support | Cyber Defense Infrastructure Support specialist |
Protect and Defend | Incident Response | Cyber defense incident responder |
Protect and Defend | Vulnerability Assessment and Management | Vulnerability assessment analyst |
Securely Provision | Risk Management | Authorizing official; security control assessor |
Securely Provision | Systems Architecture | Enterprise Architect, Security Architect |
Securely Provision | Systems Requirements Planning | Systems Requirements Planner |
Securely Provision | Test and Evaluation | System Testing and Evaluation Specialist |
|
| |
|
0.5 Hours Network Topology 5 – Building an Internal Diagram (Interactive) | Skill Level: Beginner | | + Description | | To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.
This module provides a scenario-based demonstration of how to build a basic internal network diagram using Microsoft Visio. Part 1 is demonstration only and Part 2 is the same as part 1 but provides users the ability to click on interactive sections of the screen to simulate the network diagramming build activity.
Learning Objectives:
- Demonstrate how to build an internal LAN Network Diagram using Microsoft Visio
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Analyze | All-Source Analysis | Mission Assessment Specialist |
Analyze | Exploitation Analysis | Exploitation Analyst |
Analyze | Threat Analysis | Threat/ warning analyst |
Investigate | Digital Forensics | Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain | Data Administration | Data Analyst, Database Administrator |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Knowledge Management | Knowledge Manager |
Operate and Maintain | Network Services | Network Operations Specialist |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Systems Analysis | Systems Security Analyst |
Oversee and Govern | Cybersecurity Management | Communications security manager; information systems security manager |
Oversee and Govern | Executive Cyber Leadership | Executive Cyber Leadership |
Oversee and Govern | Program Management and Acquisition | IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
Protect and Defend | Cyber Defense Infrastructure Support | Cyber Defense Infrastructure Support specialist |
Protect and Defend | Incident Response | Cyber defense incident responder |
Protect and Defend | Vulnerability Assessment and Management | Vulnerability assessment analyst |
Securely Provision | Risk Management | Authorizing official; security control assessor |
Securely Provision | Systems Architecture | Enterprise Architect, Security Architect |
Securely Provision | Systems Requirements Planning | Systems Requirements Planner |
Securely Provision | Test and Evaluation | System Testing and Evaluation Specialist |
|
| |
|
0.3 Hours Network Topology 5 – Building an Internal Diagram (Demonstration) | Skill Level: Beginner | | + Description | | To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.
This module provides a scenario-based demonstration of how to build a basic internal network diagram using Microsoft Visio. Part 1 is demonstration only and Part 2 is the same as part 1 but provides users the ability to click on interactive sections of the screen to simulate the network diagramming build activity.
Learning Objectives:
- Demonstrate how to build an internal LAN Network Diagram using Microsoft Visio
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Analyze | All-Source Analysis | Mission Assessment Specialist |
Analyze | Exploitation Analysis | Exploitation Analyst |
Analyze | Threat Analysis | Threat/ warning analyst |
Investigate | Digital Forensics | Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain | Data Administration | Data Analyst, Database Administrator |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Knowledge Management | Knowledge Manager |
Operate and Maintain | Network Services | Network Operations Specialist |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Systems Analysis | Systems Security Analyst |
Oversee and Govern | Cybersecurity Management | Communications security manager; information systems security manager |
Oversee and Govern | Executive Cyber Leadership | Executive Cyber Leadership |
Oversee and Govern | Program Management and Acquisition | IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
Protect and Defend | Cyber Defense Infrastructure Support | Cyber Defense Infrastructure Support specialist |
Protect and Defend | Incident Response | Cyber defense incident responder |
Protect and Defend | Vulnerability Assessment and Management | Vulnerability assessment analyst |
Securely Provision | Risk Management | Authorizing official; security control assessor |
Securely Provision | Systems Architecture | Enterprise Architect, Security Architect |
Securely Provision | Systems Requirements Planning | Systems Requirements Planner |
Securely Provision | Test and Evaluation | System Testing and Evaluation Specialist |
|
| |
|
2 Hours CDM 143 | Skill Level: Beginner | | + Description | | Course Length: 3 hours
This 3-hour course is a recording of the Vulnerability Management course covering ES-6 version of the CDM Agency Dashboard. This course introduces participants to the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) version 1.5 and other vulnerability management topics. With the information provided, dashboard users can identify the most critical vulnerabilities and prioritize mitigation activities at their agency. Register to join the next live iteration of this course via https://www.cisa.gov/resources-tools/programs/continuous-diagnostics-and-mitigation-cdm-training.
Learning Objectives:
- Understand the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) Score
- Walkthrough how to identify vulnerabilities in the CDM Agency Dashboard
Date: May 2024
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
|
0.5 Hours Network Topology 6 – Building an External Diagram (Interactive) | Skill Level: Beginner | | + Description | | To protect the confidentiality, integrity, and availability of an agency’s network and the data contained therein, cybersecurity professionals must be able to identify their network enterprise accurately and completely. Network diagrams are essential and serve to help visualize what is on the network, how the overall network is structured, and how all the devices on the network are connected. Every organization should build and maintain current and accurate network diagrams to help manage their network architecture and ultimately determine how to best mitigate potential or realized risks and vulnerabilities.
This module provides a scenario-based demonstration of how to build an external network diagram using Microsoft Visio. It is a hybrid tutorial that includes demonstration, instruction, and interaction.
Learning Objectives:
- Demonstrate how to build an external Network Diagram using Microsoft Visio
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Analyze | All-Source Analysis | Mission Assessment Specialist |
Analyze | Exploitation Analysis | Exploitation Analyst |
Analyze | Threat Analysis | Threat/ warning analyst |
Investigate | Digital Forensics | Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain | Data Administration | Data Analyst, Database Administrator |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Knowledge Management | Knowledge Manager |
Operate and Maintain | Network Services | Network Operations Specialist |
Operate and Maintain | Systems Administration | System Administrator |
Operate and Maintain | Systems Analysis | Systems Security Analyst |
Oversee and Govern | Cybersecurity Management | Communications security manager; information systems security manager |
Oversee and Govern | Executive Cyber Leadership | Executive Cyber Leadership |
Oversee and Govern | Program Management and Acquisition | IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
Protect and Defend | Cyber Defense Infrastructure Support | Cyber Defense Infrastructure Support specialist |
Protect and Defend | Incident Response | Cyber defense incident responder |
Protect and Defend | Vulnerability Assessment and Management | Vulnerability assessment analyst |
Securely Provision | Risk Management | Authorizing official; security control assessor |
Securely Provision | Systems Architecture | Enterprise Architect, Security Architect |
Securely Provision | Systems Requirements Planning | Systems Requirements Planner |
Securely Provision | Test and Evaluation | System Testing and Evaluation Specialist |
|
| |
|
1 Hour Incident Response Training: Preventing DNS Infrastructure Tampering (IR106) | Skill Level: Beginner | | + Description | |
This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
The Domain Name System, commonly known as DNS, is often referred to as the “phone book” of the Internet. Every time we access the Internet to visit our favorite websites, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly useful, it also presents a rich attack surface. Threat actors have the ability to shut down websites and online services, replace legitimate website content with threats or extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal information entered by users. This recorded webinar provides an organizational perspective and is accessible to a general audience including managers, business leaders, and technical specialists.
This webinar includes the following information and more:
- Common attacks and vulnerabilities: Learn how to identify a potential attack on DNS infrastructure.
- CISA guidance: CISA provides information on best practices to reduce the likelihood and impact of a successful DNS attack.
- Case studies: Examine the methods and impacts of real-life cyberattacks, and how the targets responded and recovered.
- Knowledge checks: The course provides knowledge checks throughout the presentation to reinforce key concepts and takeaways.
This awareness webinar is designed for both technical and non-technical audiences.
Date: 2022
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Systems Requirements Planning |
System Requirements Planner |
Oversee and Govern |
Program Management and Acquisition |
IT Project Manager |
|
| |
|
1.5 Hours Preventing DNS Infrastructure Tampering Cyber Range Training (IR206) | Skill Level: Beginner | | + Description | |
This is a recorded version of an Incident Response Cyber Range Training delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
DNS is one of the core foundations of the internet. However, it continues to be one of the mechanisms attackers use to perform malicious activities across the globe. In this course participants will learn about various concepts associated with DNS, become familiar with DNS tools and mapping information, be introduced to common DNS tampering techniques, and gain an understanding of DNS mitigation strategies to enhance security.
Experience these benefits and more:
- Learn how to implement remediations: Course exercises include remediating vulnerabilities.
- Identify and mitigate vulnerabilities in real time: Students identify DNS infrastructure tampering techniques and mitigate them.
- Expert facilitation: Throughout the course, expert cybersecurity engineers moderate discussion and conduct a recovery debrief for the exercises.
Date: 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Systems Requirements Planning |
System Requirements Planner |
Oversee and Govern |
Program Management and Acquisition |
IT Project Manager |
|
| |
|
3 Hours CDM 201 | Skill Level: Intermediate | | + Description | | This 3-hour course is a recording of a virtual four-hour course covering the ES-6 version of the CDM Agency Dashboard. This course introduces participants to the four identity management capabilities - PRIV, CRED, TRUST, and BEHAVE - and to the use of the new CDM Agency Dashboard to reduce risks associated with each.
Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.
Learning Objectives:
- Overview of how the CDM Agency Dashboard addresses user-centric data in addition to hardware and software information.
- Strategies for integrating PRIV/CRED/TRUST/BEHAVE capabilities into routine processes workflows to drive increased risk awareness and mitigation.
Date: May 30, 2024
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty | Area Work Roles |
Operate and Maintain Systems Administration | Systems Analysis System Administrator | Systems Security Analyst |
Oversee and Govern | Cybersecurity Management | Information Systems Security Manager |
Oversee and Govern | Program/Project Management and Acquisition | IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
|
| |
|
2 Hours BIRT Refresher Course | Skill Level: Beginner | | + Description | | BIRT Refresher Course
Prerequisite(s): BIRT
Course Setting: Online, self-paced
Length: 2 hours
Training Purpose: Maintain Incident Response Qualification (IRQ)
Audience: Threat Hunting (TH) Staff participating in hunt and incident response engagements; detailees assigned to TH participating in hunt and IR engagements
Description:
The purpose of the Basic Incident Response Training (BIRT) is to provide TH Staff a baseline of knowledge and skills regarding processes, procedures, resources, and tools used for onsite IR functions. TH Staff maintain their IRQ by completing the annual BIRT Refresher Course presenting updates to IR processes and procedures. TH Staff are required to complete the BIRT Refresher
annually.
Assessment:
TH Staff will need to complete an end-of-course assessment with minimum 80% accuracy. Upon successful completion TH Staff maintain their IRQ. |
| |
|
2.5 Hours CDM 202 | Skill Level: Intermediate | | + Description | | This 2.5-hour virtual course demonstrates the configuration settings management (CSM) capability within version ES-6 of the CDM Agency Dashboard. In this course students are shown the basic concepts associated with CSM, the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), how CSM scoring is incorporated into the current AWARE calculations, and students will gain an understanding of how the CSM capability of the CDM Agency Dashboard can be used to reduce the misconfiguration of assets in their agency IT inventory.
Learning Objectives:
- Overview of the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and how CSM scoring is incorporated into the AWARE calculations.
- Walkthrough of how CSM scoring affect the AWARE algorithm and can reduce asset misconfiguration.
Date: June 2024
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
|
5 Hours Advanced Computer Forensics | Skill Level: Advanced | | + Description | | This course focuses on building skills to improve the ability to piece together the various components of the digital investigation. The course begins with acquisition planning and preparation, progresses through the investigative process, and concludes with analysis techniques and methods for more manageable investigations.
Learning Objectives:
- Develop an investigative process for the digital forensic investigation.
- Explain methods of focusing investigations through analysis of multiple evidence sources.
- Effectively prepare for incident response of both victim and suspect systems.
- Identify sources of evidentiary value in various evidence sources including network logs, network traffic, volatile data and through disk forensics.
- Identify common areas of malicious software activity and characteristics of various types of malicious software files.
- Confidently perform live response in intrusion investigation scenarios.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
|
| + Course Modules/Units | | Course Objectives | Introduction to Acquisition Preparation | The Preparation Phase | Known Executables | Collection Strategies | Once an Incident Has Occurred | Making Adjustments | Response | Acquisition Summary | Incident Information Gathering | Live Acquisitions | Acquisition Considerations and Risks | Acquisition Preparation and Identification | Using Live Disks, Bootable USBs, and Evidence Storage | Volatile Data Collection | Memory Collection | Memory Collection Tools | WinDD | Hard Drive Collection | Disk Encryption | Network Log Analysis | Log Analysis Tools and Wireshark | Fundamentals of Memory Analysis | Why Should You Care About Memory | Volatile System Information | Virtual Memory | Memory Acquisition Considerations and Tools | Benefits and Limitations of Memory Analysis | Mandiant Redline | Volatility | Using Volatility | Using Strings | Demo of Volatility 1_Using Volatility | Memory Analysis Flow and Techniques | Demo of Volatility 2_Comparing Memory and Volatile System Information | Advanced Memory Analysis | Understanding Attacks and Incidents | Anatomy of an Attack of Infection | Benefits of Malware Analysis | Using Antivirus | Introduction to Windows Artifacts | Prefetch Files | User Assist Entries | Recent, Link, and Shortcut Files | Most Recently Used Files | Shell Bags Entries | Page, Hibernation, and Autorun Files | Persistence | Hash Analysis | Registry Decoder | Timeline Analysis | Forensic Analysis of Timelines | Victim System Analysis | User Level Vs Kernel Level Rootkits | Correlating Incident Response with Forensics | Advanced Analysis Topics 1 | Malware Versus Tools | Advanced Analysis Topics 2 | Identifying a Suspect | Scanning and Fingerprinting the Suspect |
|
|
|
2.5 Hours CDM 203 | Skill Level: Intermediate | | + Description | | This 2.5 hour course demonstrates the continuous monitoring and analysis capability with version ES-6 of the CDM Agency Dashboard. This is a role-based course for those in the cybersecurity workforce that use the dashboard routinely. In this course students are shown concepts associated with continuous monitoring and analysis of the top issues that affect networks. Topics include an overview of the responsibilities of the Security analyst, continuous monitoring, how the CDM Agency Dashboard can be used to identify vulnerabilities, AWARE scoring, the reporting function, and possible courses of action.
Learning Objectives:
- Overview of the importance of the CDM Agency Dashboard role of system security analyst, which includes monitoring and vulnerability identification.
- Strategies for securing agency assets and creating report functionality using the CDM Agency Dashboard.
Date: June 2024
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
|
1 Hour Advanced PCAP Analysis and Signature Development (APA) | Skill Level: Intermediate | | + Description | | This course will introduce rules and go over example syntax, protocols, and expressions. It contains several supporting video demonstrations as well as lab exercises writing and testing basic rules.
Learning Objectives:
- Identify poorly written signatures and revise them.
- Write regular expressions.
- Create signatures.
- Identify information in PCAP data to use for creating alerts.
Date: 2011
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
All-Source Analyst |
Collect and Operate |
Cyber Operations |
Cyber Operator |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| + Course Modules/Units | | Advanced Pcap Analysis And Signature Development | Packet Protocol Dns | Introduction To Rules | Examples Of Sourcefire Rules | Sourcefire Rule Syntax - Protocols | Sourcefire Rule Syntax - Message And Matching | Lab Exercise Writing And Testing Basic Rules | Lab Exercise Writing And Testing Basic Rules Video | Lab Exercise Writing And Testing Basic Rules Continued | Lab Exercise Continued | Regular Expressions | Editing A Poor Rule | How To Write An Ipv4 Regular Expression | Lab Exercise Writing Regular Expression | Lab Exercise Writing Regular Expression Continued | Malware Analysis Reports (Mar) | Demonstration of Mar 131751 Report | Demonstration Of Mar Report Continued | Lab Exercise Writing Rules From Malware Analysis Reports | Lab Exercise Writing Rules From Malware Analysis Reports Continued |
|
|
|
2.5 Hours CDM 210 | Skill Level: Beginner | | + Description | | This 2.5 hour course will define CETH and describe its purpose, benefits, and how CETH is a key component in responding to the current governmental directives such as Executive Orders and Binding Operational Directives. Gain hands-on experience through guided lab activities in the current CDM Agency Dashboard training environment. Discover how to use the CDM Agency Dashboard to identify Known Exploited Vulnerabilities and other specific vulnerabilities currently affecting government. Discuss mitigation and remediation processes at your agency.
Learning Objectives:
- Overview of the importance of the CDM Agency Dashboard role of system security analyst, which includes monitoring and vulnerability identification.
- Strategies for securing agency assets and creating report functionality using the CDM Agency Dashboard.
Date: May 2024
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
8.5 Hours Network Forensics Section 101 (NFS 101) | Skill Level: Beginner | | + Description | | Network Forensics Section 101 (NFS 101)
Prerequisite(s): None
Course Setting: Online, self-paced
Length: 8.5 hours
Training Purpose: Skill Development
Audience: Network Forensic Section (NFS) Analysts and others assigned by management
Description:
The NFS 101 course aims to establish a baseline understanding of the NFS mission, goals, structure, and deployment kits. The course identifies components of a deployment kit and provides an overview of the pre-deployment, onsite, and remote functions of the kit. It also discusses the NFS process for artifacts and data collection, as well as the basic analysis of artifacts and data.
By the end of the course, trainees will be able to:
- State the NFS mission, goals, and structure.
- Identify components of a deployment kit.
- Describe the pre-deployment, onsite, and remote functions of the kit.
- Discuss the NFS process for collecting artifacts and data.
- Discuss the NFS process for basic analysis of artifacts and data.
|
| + Course Modules/Units | | Module 1: Introduction | Module 2:Kit Components | Module 3: Kit Deployment | Module 4: Data Collection & Analysis | Module 5: Conclusion |
|
|
|
6 Hours Advanced Windows Scripting | Skill Level: Beginner | | + Description | | This course focuses on advanced concepts for writing scripts for the Microsoft Windows operating system. The course covers how to string multiple commands together in traditional BATCH scripts, as well as leverage Visual Basic Scripting (VBS) to perform more complex tasks and includes reinforcing video demonstrations and final assessment.
Learning Objectives:
- Understand the fundamentals of Visual Basic Scripting.
- Recognize the concepts of redirection, piping, and how to conduct complex tasks with multiple commands.
- Apply integration of Windows BATCH with Visual Basic Scripting.
- Demonstrate how to access the Windows API from Visual Basic Scripting.
Date: 2015
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Securely Provision |
Software Development |
Software Developer |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
|
| + Course Modules/Units | | Advanced Windows Scripting Introduction | Windows BATCH Scripting Overview | Windows BATCH Advanced Syntax Part 1 of 2 | Windows BATCH Advanced Syntax Part 2 of 2 | Windows Scripting Advanced Uses of FOR | Windows Scripting Syntax Tips and Tricks | Windows Scripting CALL and START Demo | Windows Scripting Subroutine Demo | Windows Scripting SET Demo | Windows Scripting PUSHD and POPD Demo | Manipulating In_Outputs | Stringing Multiple Commands Together | FOR Loop Generating List Demo | FOR Loop Recursive Listing Demo | Taking Action Based on Content of Output | Action Based on Content Output Demo | Scripts in Typical Penetration Testing Tasks Part 1 of 2 | Scripts in Typical Penetration Testing Tasks Part 2 of 2 | Visual Basic Scripting Syntax and Usage | Visual Basic Scripting Merge Demo | VBS Elements_Structure | VBS Elements_Variables, Arguments, and Conditionals | VBS Elements_Loops | VBS Elements_Functions and Operators | VBS Windows Scripting Host | VBS Elements_File I_O | VBS Windows Scripting Demo | VBS Error Handling and Troubleshooting | Visual Basic for Applications | Visual Basic for Application Elements | Visual Basic for Applications Working with Applications | VBA Working with Applications Demo | VBA Error Handling and Troubleshooting | VBA Error Handling and Troubleshooting Demo | Advanced Windows Scripting Quiz |
|
|
|
3 Hours CDM 220 | Skill Level: Beginner | | + Description | | This 3 hour recording focuses on policy origination, provides an historic timeline, describes current directives and will guide the learner on how the CDM Dashboard version ES-6x can be used to address a directive, adhere to policies, and understand how to continuously monitor known exploitable vulnerabilities (KEVs.). Several subject matter experts provide updates on the federal directives, such as Binding Operational Directives (BOD), and an extensive demonstration of the capabilities of version ES-6.2 of the CDM dashboard is provided.
Learning Objectives:
- Describe the federal policy and directive origination process
- Identify the most current / relevant government directives that relate to cybersecurity
- Utilize the CDM Agency Dashboard to identify vulnerabilities in response to federal directives
- Identify characteristics of BOD 22-01 and the response procedures
Date: June 2024
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
10 Hours Network Forensics Section 201 (NFS 201) | Skill Level: Beginner | | + Description | | Network Forensics Section 201 (NFS 201)
Prerequisite(s): NFS 101
Course Setting: Online, self-paced
Length: 10 hours
Training Purpose: Skill Development
Audience: New/current NFS analysts assigned to Threat Hunting
Description:
The NFS 201 course immerses the learner into a scenario as a new analyst who is tasked with analyzing artifacts and data for malicious activity in a Splunk threat emulation environment. This training also encompasses a self-paced module hosted on CISA's Virtual Learning Portal (VLP) where they must move between the threat emulation environment on the TEN and the self-paced module on the VLP to complete the training.
By the end of the course, trainees will be able to:
- Identify servers on a network based on network traffic.
- Investigate indicators of compromise for vulnerabilities in a client’s network.
- Perform analysis of collected data to identify possible threats to client assets.
- Reconstruct a malicious attack or activity based on available network traffic and artifacts.
Assessment:
Trainees will need to complete an end-of-course assessment with 100% accuracy. Upon successful completion trainees will be granted 1.0 CEUs. |
| + Course Modules/Units | | Module 1: Network Forensics Section 201 | Module 2: IP Address Identification Entry | Module 3: Network Map Unlocked | Module 4: The Challenge Realm | Module 5: Conclusion |
|
|
|
|
2 Hours CDM 301 | Skill Level: Intermediate | | + Description | | This 2 hour course provides managers with an overview of the CDM Agency Dashboard. In the course, students are shown concepts associated with the CDM Agency Dashboard and how to create appropriate reports. Additionally, the course includes a presentation by CDM Program Manager Matt House, as he discusses version ES-6 of the CDM Dashboard and the CDM vision for 2024.
Target Audience: This course is applicable to workforce Executives and Senior-level Managers who need to understand how Information Assurance and cybersecurity principles affect their agencies, how the CDM program helps support those principles, and how their CDM Agency Dashboard can help establish a cybersecurity baseline and identify and reduce their attack surface.
The National Initiative for Cybersecurity Education (NICE) roles of: Authorizing Official/Designated Representative, Executive Cyber Leadership, Program Managers, and other senior management roles responsible for cybersecurity within their agency will benefit from this course.
Learning Objectives:
- Discuss the principles of information assurance
- Discuss Federal laws and required executive and Senior-level management responsibilities
- Discuss the purpose and function of the CDM Program
- Discuss the purpose and benefit of the CDM Agency and Federal Dashboards
- Reviewing the CDM Agency Dashboard information to make risk-based decisions Includes lab exercises
Date: January 2024
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
0.3 Hours Analysis of a Cyber Incident | Skill Level: Beginner | | + Description | | This three-module course teaches the beginner analyst how to develop the analytical skills and capabilities needed to handle a potential cyber incident— from analysis to reporting findings. Learning Objectives: By the end of this course, participants will be familiar with - How to think about the approach to analysis
- Writing a proper hypothesis and prediction
- The Importance of Organizational Context
- Impact of the Organization Environment
- Gathering the necessary information to analyze an incident
- Analyzing the Functional elements of an incident
- Analyzing the Strategic elements of an incident
- Assembling the elements to solve the cyber puzzle
- Reporting the finding results of the analysis
- Accessing CISA resources for incident and vulnerability cases.
Date: 2022 Training Purpose: Skill Development Training Proficiency Area: Beginner Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework Category | Specialty Area | Work Roles |
---|
Analyze | Exploitation Analysis | Exploitation Analyst | Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
|
| |
|
6 Hours Analysis Pipeline | Skill Level: Intermediate | | + Description | | This course is designed for network flow data analysts who use or are considering using Analysis Pipeline (http://tools.netsa.cert.org/analysis-pipeline5/index.html). The course aims to create a better understanding of how to incorporate streaming network flow analysis into their toolkit for identifying and alerting on events of interest. The focus will be on applying Analysis Pipeline to operational use cases.
Learning Objectives
At the completion of this course analysts will be able to:
- Understand Analysis Pipeline and its role in network flow data streaming analytics and alerting.
- Understand the Analysis Pipeline configuration language.
- Develop and implement network flow data use cases with Analysis Pipeline.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Collect and Operate |
Cyber Operations |
Cyber Operator |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| + Course Modules/Units | | Introduction | Configuration Files | Running Pipeline | Logical Schematics | Pipeline and Timing and State | Alerts | Configuration File Basics | Filters | Filters (Exercises and Solutions) | Evaluations | Evaluations (Exercises and Solutions) | Statistics | Internal Filters | List Configurations | Configuration File Basics (Exercises and Solutions) | Threshold Examples | Special Evaluations | Building an Analytic | Server Profiling Analytic | Host Discovery Analytic | Advanced Configurations | NTP Anomalies | Unknown SSH Brute Force | Choose Your Own Adventure | ICMP Surveying: Thinking it Through | ICMP Surveying: Building it Out | DDoS Detection: Thinking it Through | DDoS Detection: Building it Out | SSH Compromise: Thinking it Through | SSH Compromise: Building it Out | Analysis Pipeline 5 |
|
|
|
|
1.5 Hours Artificial Intelligence (AI) and Machine Learning (ML) for Cyber | Skill Level: Intermediate | | + Description | | This course provides the foundational practices and ethical principles of artificial intelligence. Diving into each of the ethical principles along with other technical ethics, it is aimed at reducing risk and unwanted bias to create ethical, transparent, and fair artificial intelligence systems.
Learning Objectives:
- Explain the harm with bias in artificial intelligence.
- Discuss how to reduce risk and unwanted bias.
- Cite several principles of AI and the goals of each.
- Describe how principles are applied to create ethical, transparent, and fair AI.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
Operate and Maintain |
Data Administration |
Data Analyst |
|
| + Course Modules/Units | | AI and ML for Cyber | Ethical Principles for AI Overview | Responsible Aspects of Ethics Part 1 of 2 | Responsible Aspects of Ethics Part 2 of 2 | Equitable Portion of the Ethics Principles | Traceable AI | Reliable AI Part 1 of 2 | Reliable AI Part 2 of 2 | How to Make AI Reliable Part 1 of 2 | How to Make AI Reliable Part 2 of 2 | Governable AI | AI and ML for Cyber Review | Course Test |
|
|
|
|
|
1 Hour Basics of Zero Trust for Federal Agencies | Skill Level: Beginner | | + Description | | Title: Basics of Zero Trust for Federal Agencies
Length: 1 hour
Description: This awareness level course introduces the basic tenets of the Federal Zero Trust (ZT) security concepts, provides a high-level overview of the Office of Management and Budget (OMB) Federal ZT strategy, and highlights how a properly executed ZT approach can improve the security of our infrastructures, networks, and data. Zero Trust requires collaboration and cooperation between the IT, business, and cybersecurity sectors of an institution to create a secure IT working environment. It is a paradigm shift from securing the perimeter to continual verification of each user, device, application, and transaction. This course is designed for everyone who needs to learn the fundamentals of ZT.
Learning Objectives:
- Identify the underlying principles of Zero Trust
- Identify the rationale for Zero Trust
- Recognize the basic elements of the Federal Zero Trust Strategy and Implementation Approach
Training Purpose: Management Development
Training Level: Basic
For Cybersecurity courses: This course is aligned to the following work roles:
Cybersecurity Workforce Framework:
Category | Work Roles |
Oversight and Governance (OG) |
Executive Leadership, Program Management, Project Management, Systems Management |
Design Development |
Enterprise Architecture |
Implementation and Operation |
Database Administration, Network Management, System Administration |
|
| |
|
29 Hours Certified Ethical Hacker Version 10 (CEHv10) Prep | Skill Level: Advanced | | + Description | | This self-study course focuses on preparing learners for the EC-Council Certified Ethical Hacker version 10 certification exam. This course contains materials on advanced network assessment techniques including enumeration, scanning, and reconnaissance. It is designed to use the same knowledge and tools as a malicious hacker, but in an ethical and lawful manner to examine an organization's network security posture. The course concludes with a practice exam.
Learning Objectives:
- Learn how to perform a vulnerability analysis to identify security weakness in an organization's network structure.
- Perform a security assessment of a cloud environment to understand cloud computing threats and attacks.
- Understand risks and defensive strategies for IoT platforms and devices.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Analysis |
Systems Analyst |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | CEHv10 Course Introduction | Information Security Reports | Ethical Hacking Defined | Ethical Hacking Terminology | Hacking Phases and Vul Research | Types of Attacks and Attack Vectors | Threat Modeling | Introduction to Physical Security | Incident Management Process | Incident Response Overview | Security Testing and Assessments | Pen Testing Phases and Methodology | Information Security Laws and Standards | Reconnaissance | Footprinting Methodologies - Passive | Footprinting Methodologies - Active | Advanced Google Hacking Techniques | Network Mapping | DEMO: WHOIS with BackTrack | DEMO: Active Footprinting with Traceroute | DEMO: Maltego for Information Gathering Part 1 | DEMO: Maltego for Information Gathering Part 2 | Footprinting Countermeasures | DEMO: Windows CMD Information Gathering | Scanning Essentials | DEMO: Colasoft Packet Builder | Port Scanning | DEMO: Banner Grabbing with Telnet | Covert Scanning | Covert Scanning with Proxies | DEMO: Scanning with Nmap | Common Enumeration Techniques | Enumeration Tools | Protocol Enumeration | DEMO: Scanning and Enumeration with Nmap | Understanding System Vulnerabilities | Passive and Active Vul Scanning | Vulnerability Assessment Lifecycle and CVSS | Common Vulnerabilities and Exposures (CVE) | Vulnerability Scanning | DEMO: Vulnerability Scanning with Nessus | Authentication Techniques | Microsoft Authentication | Password Cracking | Privilege Escalation | DEMO: Rainbow Table Lookup Sites | Keyloggers | Spyware and Activity Monitoring | Packet Sniffing Attacks | Covert Hacking | Hiding Files - Rootkits | DEMO: Kernel-Level Rootkits | Covering Tracks | Malware Awareness | Trojan Terminology and Techniques | Trojans and Backdoors | Virus Examples and Symptoms | Virus Classifications and Characteristics | Virus Making Tools | Other Malicious Code Types | Malware Countermeasures and Tools | DEMO: Bind and Reverse Shell | DEMO: Strings Analysis | Sniffers Terminology and Overview | Network Overview for Sniffer Placement | Basic Packet Analysis | Address Resolution Protocol (ARP) | DEMO: Viewing ARP Packets with Packet Builder | Spoofing and Flooding Sniffing Attacks | MITM Attacks Ports Vul to Sniffing | Wireshark Overview and Examples | Evasion in Network Sniffing | Sniffing Countermeasures and Tools | DEMO: Hping3 | DEMO: Wireshark | Social Engineering Background and Examples | Human-Based Social Engineering | Computer-Based Social Engineering | Computer Based SE - Social Networking | Social Engineering with Mobile Applications | SE and Identity Theft Countermeasures | DEMO: Social Engineering Toolkit | DEMO: Leveraging Armitage in Phishing Attack | DoS Impacts and Classifications | Categories of Denial of Service | Botnets and Disruption Attacks | DoS Symptoms and Tools | Buffer Overflow Terminology and Background | Session Hijacking Overview and Examples | Compromising Session Attacks | Session Hijacking Techniques | Session Hijacking Tools | IPSec and Session Hijacking | Firewalls and Honeypots | Firewall Configurations | IDS Overview and Detection Methods | IDS, Firewall, and Honeypot Evasion | Evasion Techniques | Evasion Testing Techniques | DEMO: Intrusion Signs | Common Web Server Attack | Webserver Architecture | OWASP Top 10 and Beyond | Webserver Hacking Countermeasures | SQL and Command Injection Web App Hacking | Non SQL Injection Errors | Parameter and Form Tampering Web App Hacking | Cross-site Scripting and Obfuscation Web App Hacks | Cross-site Request Forgery and Cookies | Web Application Pen Test Methodology | Web App Tools and Countermeasures | Buffer Overflow Tools and Countermeasures | DEMO: BurpSuite | SQL Terminology and Example Statements | SQL Enumeration | SQL Injection Attacks | SQL Injection Tools and Countermeasures | DEMO: SQL Inject Attacks | Wireless Terminology and Standards | Wireless Terminology and Antennas | Wireless Authentication | Wireless-Based Attacks | Wireless Attack Methodology Part 1 of 2 | Wireless Attack Methodology Part 2 of 2 | WEP, WPA and Other Wireless Attacks | Bluetooth Communication Basics | Wireless Protocols and Signal Modulation | DEMO: SSID and Channels | DEMO: Wireless Hacking | Wireless Hacking Tools | Wireless Hacking Countermeasures | Mobile Platform Overview | OWASP IoT Vuls and Countermeasures | Mobile Device Operating Systems | Hacking Mobile Platforms | Mobile Device Management and Risks | Mobile Device Security | Internet of Things (IoT) Concepts | Internet of Things (IoT) Attacks and Mitigation | Introduction to Cloud Computing | Cloud Architectures and Deployment Models | Cloud Threats and Attacks | Cloud Security | Cloud Testing Tools | Cryptography Background and Terminology | Crypto Keys and Algorithms | SHA and TLS Algorithms | DEMO: Hashing with MD5 Sum | Cryptography Implementations | Public Key Infrastructure (PKI) | Cryptanalysis Techniques | Crypto Attacks | DEMO: Encryption with TrueCrypt | Digital Signatures | Certified Ethical Hacker Practice Exam | LAB: Using a Simulated Botnet to Conduct a Distributed Denial of Service |
|
|
|
|
13 Hours Cisco CCENT Self-Study Prep | Skill Level: Intermediate | | + Description | | This course is a self-study resource to help prepare for the Cisco CCENT certification, one of the prerequisites for the Cisco CCNA certification. Installing, operating, configuring, and verifying a basic IPv4 and IPv6 network will be discussed. The course focuses on configuring a local area network (LAN) switch, configuring an internet protocol (IP) router, and identifying basic security threats. It includes several reinforcing video demonstrations of concepts discussed, as well as a quiz.
Learning Objectives:
- Review of objectives for the Cisco Certified Entry Networking Technician certification
- Supplemental preparation for the Cisco CCENT certification exam
Date: 2016
Training Purpose: Operate and Maintain
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Network Services |
Network Services Specialist |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
|
| + Course Modules/Units | | Switched Networks Part 1 of 2 | Switched Networks Part 2 of 2 | Collisions and Broadcasts | DEMO: Viewing an ARP Table | Basic Switch Configuration | SSH Operation and Configuration | Configuring Switch Ports | Switch Troubleshooting | Securing a Switch | Best Practices for Switched Networks | DEMO: Making an RJ-45 Cable | VLAN Segmentation Part 1 of 2 | VLAN Segmentation Part 2 of 2 | VLAN Implementations | VLAN Security and Design | DEMO: Configuring VLANs | DEMO: Demonstrating VLAN Connectivity | Functions of a Router Part 1 of 2 | Functions of a Router Demo | Functions of a Router Part 2 of 2 | Configuring Basic Router Settings | DEMO: IPv4 and IPv6 Subnetting | Basic Router Settings_IPv6 and Loopback Interfaces | Verifying Connectivity of Directly Connected Networks | Switching Packets Between Networks | Routing Tables and Protocols | DEMO: IPv6 Header Analysis | DEMO: MAC Address Table | DEMO: IPv4 Addresses and Router Interfaces | DEMO: IPv6 Addressing on Router Interfaces | Inter-VLAN Routing Configuration | Layer 3 Switching | Static Routing | Configure Static Routing | Classful Addressing and Routing | Configuring Summary Routes | Troubleshooting Static and Default Routes | DEMO: Static Routing | Dynamic Routing Protocol Operation | Routing Protocol Operating Fundamentals | Types of Routing Protocols | Types of Distance Vector Routing Protocols | Configuring the RIP Protocol | RIPng and Link-State Routing | DEMO: RIP Version 1 and IPv4 | DEMO: RIP Version 2 Improvements | DEMO: Setting up RIP for IPv6 | Characteristics of OSPF | OSPF Messages | OSPF Router IDs | Configuring and Verifying OSPF | OSPFv2 versus OSPFv3 | DEMO: Configuring OSPF | DEMO: Troubleshooting OSPFv2 | DEMO: Configuring OSPFv3 | DHCPv4 Operation | Configuring and Troubleshooting DHCPv4 | DEMO: DHCPv4 | SLAAC and DHCPv6 | Stateless and Stateful DHCPv6 | DEMO: Stateless DHCPv6 | NAT Characteristics and Benefits | Types of NAT | Configuring Static and Dynamic NAT | Configuring PAT and Port Forwarding | DEMO: Enabling IPv4 NAT | Configuring and Troubleshooting NAT for IPv6 | CCENT Prep Practice Exam |
|
|
|
15 Hours Cisco CCNA Security Self-Study Prep | Skill Level: Intermediate | | + Description | | This course is the follow-up to Cisco CCENT and is aimed to prepare learners for the Cisco CCNA Security exam. Content covered in this course includes protocol sniffers, analyzers, TCP/IP, desktop utilities, Cisco IOS, the Cisco VPN, a Cisco simulation program called Packet Tracer, and some web-based resources. The course focuses on a theoretical understanding of network security, knowledge, and skills designed to implement it. This course contains several reinforcing video demonstrations and final exam.
Learning Objectives:
- Review of objectives for the Cisco Certified Network Associate certification
- Supplemental preparation for the Cisco CCNA certification exam
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
Systems Security Administrator |
Operate and Maintain |
Systems Analysis |
Systems Analyst |
Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
|
| + Course Modules/Units | | Securing Network Devices | Secure Administrative Access Part 1 of 2 | Secure Administrative Access Part 2 of 2 | DEMO: Securing Router Access Methods | Role-Based CLI Overview | Password Recovery | Management Reporting and Logging Considerations | Implementing Log Messaging for Security | Configuring NTP | Disabling Unused Cisco Router Network Services and Interfaces | AAA Authentication Methods | Implementing Local AAA Authentication | Implementing Server-Based AAA Authentication | Cisco Secure ACS | Configuring Server-Based AAA Authentication | Server-Based Authorization and Accounting | Implementation Firewall Technologies | Access List Controls (ACLs) | Extended ACLs and ACL Caveats | ACL Placement | Complex ACLs | Troubleshooting ACLs | Securing Networks with Firewalls | Zone-Based Policy Firewalls | CCP Firewall Wizard and Manual ZPF using CCP | DEMO: Enabling IOS Firewall | Implementing Intrusion Prevention Intro | IPS Signatures | Signature Trigger and Action for IPS | Managing and Monitoring IPS | Configuring and Verifying IOS IPS | Securing the Local Area Network Intro | Layer 2 Security Part 1 of 2 | Layer 2 Security Part 2 of 2 | Mitigating MAC Spoofing and MAC Table Overflow Attacks | Mitigating STP Manipulation | Configuring Storm Control | Mitigating VLAN Attacks | Configuring Cisco Switch Port Analyzer | Private VLAN Edge | Advanced Technology Security Considerations | Wireless Networks | VoIP and SAN Networks | DEMO: Enabling STP with Voiceover | Cryptographic Systems and Hashes | Encryption and Confidentiality | Public Key Cryptography and PKI | VPN Terminology and Topologies | IPSec Frameworks and Key Exchange | IPSec Tasks | Configuring IPsec VPN using CCP | Remote-Access VPNs | Managing a Secure Network and Addressing Risks | Operations Security | Network Security Testing | Continuity Planning | SDLC | Security Policy | ASA Models and Features | Basic ASA Configuration and Settings | Introduction to ASDM | ASA Objects and Object Groups | ACLs for ASA | ASA and NAT | ASA and PAT | ASA AAA | Modular Policy Framework | ASDM Service Policies Demo | ASA VPN Features | ASDM AnyConnect VPN Wizard | DEMO: ASA Console Config | DEMO: ASA GUI Config | DEMO: ASA Traffic Management | CCNA Security Prep Practice Exam |
|
|
|
2 Hours Threat Hunting Fundamentals | Skill Level: Beginner | | + Description | | Threat Hunting Fundamentals Course
Prerequisite(s): None
Course Setting: Online, self-paced
Length: 2 Hours
Training Purpose: The purpose of the course is to provide trainees with a basic introduction to Threat Hunting’s structure and Incident Response processes and procedures.
Audience: The primary audience for this training will be non-technical CISA and/or TH staff that will not be operationally engaged in being staffed onto engagement teams or surge support teams. This will primarily be new employees who need an introduction to Threat Hunting.
The secondary audience for this training will be partner staff/anyone outside of CISA that will not be operationally engaged in being staffed onto engagement teams or surge support teams. This might include asset owners, infrastructure stakeholders, non-technical mission partners, etc. However, it does not include the general public.
Description
Threat Hunting Fundamentals is designed to meet the need for a non-technical, outward-facing training on the basics of Threat Hunting’s structure and Incident Response processes and procedures. This course is offered in a self-paced, virtual format and consist of multiple short videos separated by knowledge check exercises. |
| |
|
4.5 Hours Cloud Computing Concepts | Skill Level: Intermediate | | + Description | | The Cloud Computing Concepts course highlights concepts and best practices for cloud architecture, design, security, and operations. Topics include leveraging cloud environments for critical assets or operations, and the impacts on data and application security, as well as legal, risk, and compliance considerations.
Learning Objectives:
- Compare cloud service and deployment models and each’s impact on customer control and responsibilities
- Identify data security strategies within cloud environments
- Explain secure data center design concepts including example risks and security controls
- Describe the Secure Software Development Life Cycle (SDLC) and its relation to applications within cloud environments
- Summarize concepts for building, operating, and managing physical and logical infrastructure for cloud environments
- Outline privacy, legal, and audit requirements with cloud environments, and how it relates to evaluating providers
Date: 2021
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Securely Provision |
Systems Architecture |
Enterprise Architect |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
|
| + Course Modules/Units | | Cloud Computing Concepts Course Intro | Introduction to Cloud Computing | Cloud Architecture and Deployment Models | Security in the Cloud (Cloud Security) | Securing Your Cloud | Cloud Threats and Attacks | Data Security Technologies and Classification | Auditing in a Cloud Environment | Building a Cloud | Phys. & Logical Infrastructure for Cloud Environs | Secure Coding for Cloud Deployments | Review of Multifactor Authentication | Anatomy of a Supply Chain Attack | Options for Securing Within the Cloud | VPC Network Access Controls and CloudWatch Monitrg | Compute Instance in Google’s Cloud Platform | Monitrg and Alerting Options in Google Cloud | Web Apps in Google Cloud and Adding Security | Use of Microsoft’s Platform as a Service | Azure Compute Instance Setup | Secure Data Center Design | Review of Monitoring and Security Configurations | Overview of Two NIST Publications on Cloud Comp | Security Guidance for Critical Areas in Cloud Comp | Cloud Security Basics | Implications of Cloud to Enterprise Risk Mgmt | DR/BC and Risks with Cloud Strategy | Evaluating and Legal Requirements for Cloud Services | Cloud Computing Risk Assessment by ENISA |
|
|
|
2.5 Hours Cloud Computing Security | Skill Level: Intermediate | | + Description | | This course explores the guidance from the Cloud Security Alliance (CSA), National Institute of Standards and Technology (NIST), National Security Agency (NSA), and several Cloud Service Providers (CSPs). Objectives cover cloud security risks and threats, basic operations, incident response considerations, along with application, data and infrastructure security concepts. Where applicable, demonstrations of cloud provider tools and capabilities will be used to reinforce key points.
Learning Objectives:
- Define cloud models and components.
- Apply CSA security guidance and other best practices to cloud deployments.
- Understand cybersecurity requirements within the Shared Responsibilities model.
- Prepare for cloud computing governance and compliance challenges.
- Relate traditional cybersecurity controls to popular cloud solutions.
- Recognize and prepare for cloud computing threats.
- Review additional cloud security tools and use cases.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Systems Architecture |
Security Architect |
Securely Provision |
Systems Development |
Secure Software Assessor |
|
| + Course Modules/Units | | Cloud Computing Security Course Overview | Cloud Computing Overview | Cloud Computing Overview Knowledge Check | Building a Cloud | Building a Cloud Knowledge Check | Securing Your Cloud | Cloud Security Basics | Review of Multifactor Authentication | Review of Monitoring and Security Configurations | Options for Securing Within the Cloud | VPC Network ACs and CloudWatch Monitoring | Compute Instance in Google's Cloud Platform | Monitoring and Alerting Options in Google Cloud | Web App and Security Configs in Google Cloud | Use of Microsoft's Platform as a Service | Azure Compute Instance Setup | Securing Your Cloud Knowledge Check | Review of Two NIST Publications on Cloud Computing | Guidance for Critical Areas in Cloud Computing | Cloud Computing Risk Assessment by ENISA | Resources Knowledge Check |
|
|
|
6 Hours Cloud Monitoring | Skill Level: Beginner | | + Description | | This course introduces concepts around Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Multiple Cloud Hosting and Hybrid Cloud Hosting.
Date: 2021
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| + Course Modules/Units | | Introduction - Lecture 1 of 5 | Shared Responsibility Model - Lecture 2 of 5 | Use Cases - Lecture 3 of 5 | Case Study - Lecture 4 of 5 | Cloud Architectures & Summary - Lecture 5 of 5 | IaaS Overview - Lecture 1 of 5 | IaaS: Monitoring Services and Capabilities - Lecture 2 of 5 | IaaS: Best Practices - Lecture 3 of 5 | IaaS: Gaps and Considerations - Lecture 4 of 5 | IaaS: Use Cases, Reflection and Summary - Lecture 5 of 5 | PaaS Overview - Lecture 1 of 6 | PaaS: Monitoring Services and Capabilities - Lecture 2 of 6 | PaaS: Monitoring Examples - Lecture 3 of 6 | PaaS: Best Practices - Lecture 4 of 6 | PaaS: Gaps and Considerations - Lecture 5 of 6 | PaaS: Reflection and Summary - Lecture 6 of 6 | SaaS Overview - Lecture 1 of 5 | SaaS: Monitoring Services and Capabilities - Lecture 2 of 5 | SaaS: Best Practices - Lecture 3 of 5 | SaaS: Gaps and Considerations - Lecture 4 of 5 | SaaS: Reflection and Summary - Lecture 5 of 5 | What is Multiple Cloud - Lecture 1 of 5 | Security Issues - Lecture 2 of 5 | Monitoring Capabilities - Lecture 3 of 5 | Gaps- Lecture 4 of 5 | Multiple Clouds - Lecture 5 of 5 | Hybrid Cloud: Security Issues - Lecture 1 of 4 | Monitoring Capabilities - Lecture 2 of 4 | Gaps - Lecture 3 of 4 | Hybrid Clouds in Operation - Lecture 4 of 4 | Conclusion - Lecture 1 of 1 |
|
|
|
0.5 Hours CMaaS Overview | Skill Level: Beginner | | + Description | | This course is designed for managers, staff, and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). This course explains how Continuous Monitoring as a Service (CMaaS) relates to the Continuous Diagnostics and Mitigation (CDM) program.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 0 - Introduction
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | Lesson 1 - Continuous Diagnostics and Mitigation (Video) | Lesson 2 - The Problem (Infographic) | Lesson 3 - How CDM Phase 1 Capabilities Support CDM Goals (Infographic) | Lesson 4 - How CDM Phase 1 Capabilities Work Together (Infographic) | Lesson 5 - CDM Phase 1 Capabilities Scope (Infographic) | Lesson 6 - Overview of Continuous Monitoring as a Service (Video) | Lesson 7 - How the CDM Capabilities Were Defined | Lesson 8 - ISCM Policy and Guidance Timeline |
|
|
|
0.5 Hours CMaaS Technical Overview Course | Skill Level: Beginner | | + Description | | This course is designed for managers, staff, and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the learner better understand how Continuous Monitoring as a Service (CMaaS) will be implemented in DHS Component networks.
Date: 2017
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Basic
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | Lesson 1: CMaaS Technology Stack Overview (Video) | Lesson 2: Central Management Enclave Firewall Requirements (Infographic) | Lesson 3: Component Management Enclave Firewall Requirements (Infographic) | Lesson 4: Hardware Sensors Firewall Requirements 1 of 2 (Infographic) | Lesson 5: Hardware Sensors Firewall Requirements 2 of 2 (Infographic) | Lesson 6: Software Sensors Firewall Requirements (Infographic) | Lesson 7: Considerations for Initial CMaaS Deployment (Infographic) | Lesson 8: CMaaS Deployment Overview (Infographic) |
|
|
|
5 Hours CMaaS Transition Classroom Sessions | Skill Level: Beginner | | + Description | | This course is part of the CMaaS transitional webinar series conducted via WebEx. Each video focuses on a single tool within the CMaaS solution stack and includes two major Use Cases for each tool.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Basic
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| |
|
5 Hours Coding 101 | Skill Level: Beginner | | + Description | | This course focuses on the basics of computer programming and how to give a machine a set of instructions to produce a desired behavior. This course also provides information on the elements of programming and programming languages, frameworks, and models. The course includes an interactive programming game, interactive knowledge checks, and the chance to write a fully functional code.
Learning Objectives:
- Define programming.
- Describe the structure and purpose of major programming paradigms.
- Explain the difference between high-level and low-level languages.
- Describe the uses of scripting and compiled languages.
- State the elements of programming.
- Explain when to use a variable in programming.
- List basic data types.
- State how operators are used in programming.
- Explain why logic and flow are important in programming.
- State the purpose of programming frameworks.
Date: 2017
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Securely Provision |
Systems Development |
Systems Developer |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Systems Architecture |
Security Architect |
Securely Provision |
Technology R&D |
Research & Development Specialist |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
1 Hour Cover Your Assets: Securing Critical and High-Value Assets | Skill Level: Beginner | | + Description | | Think about your organization’s most critical functions: what do others depend on you to provide? Your high-value assets (HVAs), also known as critical assets across many industries, are the information or information systems that have serious impact to your organization’s ability to conduct its mission or business operations if lost, corrupted, or inaccessible. Across sectors and industries, data and information systems that underpin core business and operational functions- or those systems that connect to core functionalities- make highly tempting targets for sophisticated criminal, politically motivated, or state-sponsored actors to exploit directly or compromise to undermine public trust.
The HVA program was established by CISA to help organizations gain a comprehensive understanding of the risks that dynamic threat actors pose and identify the high-value information and systems that are likely targets.
This webinar provides an overview of the following key information:
- HVA and critical asset overview: Define high-value assets, and how to assess and prioritize risks.
- Common threats: Understand the most likely threats to HVAs and how to mitigate associated vulnerabilities.
- CISA guidance: Learn the steps and parameters to identify, categorize, prioritize, and secure your HVAs or critical assets.
- Case studies: Explore the impacts of documented critical or high-value asset cyberattacks, and the success of resulting response and recovery efforts.
This course is accessible to a non-technical audience including managers and business leaders and provides an organizational perspective useful to technical specialists.
Date: July 2021
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
|
| |
|
3 Hours Creating a Computer Security Incident Response Team (CSIRT) | Skill Level: Beginner | | + Description | | This course was developed for organizations and individuals who are at the beginning of their planning and implementation process for creating a computer security incident response team or an incident management capability. This course begins with definitions and context for defining a CSIRT framework, followed by services that may be provided and building an action plan. An attendee workbook is included with questions and exercises to use in conjunction with the training.
Learning Objectives:
- Understand the function of Computer Security Incident Response Teams (CSIRTs) and the philosophy behind them.
- Understand the role of CSIRT in the incident management process.
- Identify the requirements to establish an effective CSIRT.
- Appreciate the key issues and decisions that must be addressed when creating a CSIRT.
- Learn to strategically plan the development and implementation of your CSIRT.
Date: 2017
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
All-Source Analyst |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
|
| + Course Modules/Units | | Create a Computer Security Incident Response Team | Defining Incident Management Part 1 of 2 | Defining Incident Management Part 2 of 2 | Defining CSIRTs | Types of CSIRTs | Setting the Context | Defining Your Framework Part 1 of 2 | Defining Your Framework Part 2 of 2 | Capability Strategies | CSIRT Components | CSIRT Components: Organizational Issues | CSIRT Components: Resources | Range and Level of Services | Policy and Procedure Examples | Range and Level of Services Summary | Ideas for Your Action Plan | Taking the Next Steps | CSIRTs Resource Overview |
|
|
|
2 Hours Critical Infrastructure Protection | Skill Level: Beginner | | + Description | | This course discusses the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.
Learning Objectives:
- Define and give examples of critical infrastructure.
- Identify possible cyber threats to critical infrastructure.
- Describe U.S. cybersecurity policies and programs.
- Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.
Date: 2017
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Operate and Maintain |
Systems Analysis |
Systems Analyst |
Operate and Maintain |
Systems Development |
Information Systems Security Developer |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Systems Architecture |
Systems Architect |
Securely Provision |
Technology R&D |
Research & Development Specialist |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Systems Development |
Systems Developer |
|
| |
|
2 Hours Cryptocurrency for Law Enforcement | Skill Level: Beginner | | + Description | | This course covers the history, risks, and legality of cryptocurrency as well as discusses what cryptocurrency items can be seized by law enforcement.
Learning Objectives:
- Define cryptocurrency and compare it to traditional currency.
- Describe the history of cryptocurrency.
- State the elements of a cryptocurrency transaction and their roles.
- Describe safety measures taken to protect cryptocurrency.
- Identify items that serve as wallets for cryptocurrency and could be seized by law enforcement.
- Evaluate apps and websites that could be linked to cryptocurrency.
- Compare degrees of anonymity of various cryptocurrencies.
- Compare legal and illegal uses of cryptocurrency.
- Evaluate the legality of different cryptocurrency scenarios.
- Identify notable cases of illegal uses of cryptocurrency found in recent headlines.
Date: 2019
Training Purpose: Investigate
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Investigate |
Cyber Investigation |
Cyber Crime Investigator |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
|
| |
|
1 Hour Cyber Awareness Challenge 2019 | Skill Level: Beginner | | + Description | | This course provides an overview of cybersecurity threats and best practices to keep information and information systems secure. Every year, authorized users of certain information systems must complete the Cyber Awareness Challenge to maintain awareness of and stay current on new cybersecurity threats. The training also reinforces best practices to keep personal information and information systems secure and stay abreast of changes in general cybersecurity policies.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
|
| |
|
3 Hours Cyber Dark Arts | Skill Level: Intermediate | | + Description | | This course highlights 'dark' or deceptive activities that are employed by malicious users via the Internet. Several legitimate purpose technologies and techniques and how they are leveraged, or manipulated for fraudulent purposes, is discussed. Threats from topics such as zero-day attacks, dark web, alternate OSs, VPN/TOR, weaponized psychology, and anonymous services will be detailed, as well as methods for concealing one’s identity. These methods are taught in order for cybersecurity experts to defend against such attacks. The course includes reinforcing video demonstrations.
Learning Objectives:
- Explain several techniques for obfuscating online activities.
- List examples of technologies leveraged for deceptive purposes.
- Detail best practices for prevention and protection from malicious cyber activities.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Collect and Operate |
Cyber Operations |
Cyber Operator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| + Course Modules/Units | | Cyber Dark Arts | Weaponized Psychology | DEMO: Password Cracking Using Hydra | Scanning for Vulnerable Devices and Networks | Anonymous Web Hosting, Searching, and Browsing | Alternative Operating Systems | Tails, Whonix, and Qubes | Secure Messaging Services | Blockchain and Cryptocurrency | DEMO: Blockchain and Cryptocurrency | DEMO: Iodine IP over DNS | DEMO: TOR versus Traditional Tunneling | Advanced Persistent Threats | Cyber Dark Arts Exam |
|
|
|
0.3 Hours Cyber Defense Analyst: Incident Response | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Analyst role. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend
|
Cybersecurity Defense Analysis
|
Cyber Defense Analyst
|
|
| |
|
0.35 Hours Cyber Defense Analyst: Indicators of Compromise | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Analyst role. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend
|
Cybersecurity Defense Analysis
|
Cyber Defense Analyst
|
|
| |
|
0.3 Hours Cyber Defense Analyst: Intrusion Detection Systems | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Analyst role. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
- Intrusion Detection Systems
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend
|
Cybersecurity Defense Analysis
|
Cyber Defense Analyst
|
|
| |
|
0.3 Hours Cyber Defense Analyst: Packet Level Analysis | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Analyst role. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend
|
Cybersecurity Defense Analysis
|
Cyber Defense Analyst
|
|
| |
|
0.3 Hours Cyber Defense Analyst: Security Information and Event Management (SIEM) | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Analyst role. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
- Security Information and Event Management (SIEM)
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend
|
Cybersecurity Defense Analysis
|
Cyber Defense Analyst
|
|
| |
|
0.3 Hours Cyber Defense Analyst: Vulnerability Assessments | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Analyst role. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
- Vulnerability Assessments
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend |
Cybersecurity Defense Analysis |
Cyber Defense Analyst |
|
| |
|
0.3 Hours Cyber Defense Infrastructure Support Specialist: Incident Response | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Infrastructure Support Specialist. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| |
|
0.3 Hours Cyber Defense Infrastructure Support Specialist: Installing, Configuring, and Troubleshooting | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Infrastructure Support Specialist. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
- Installing, Configuring, and Troubleshooting
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| |
|
0.3 Hours Cyber Defense Infrastructure Support Specialist: Network Access Controls | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Infrastructure Support Specialist. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| |
|
0.3 Hours Cyber Defense Infrastructure Support Specialist: Network Device Hardening | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Infrastructure Support Specialist. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| |
|
0.5 Hours Cyber Defense Infrastructure Support Specialist: Securing Communications | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Infrastructure Support Specialist. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| |
|
0.2 Hours Cyber Defense Infrastructure Support Specialist: Securing Wifi | Skill Level: Beginner | | + Description | | The following skills are mapped to the NICE Framework’s Cyber Defense Infrastructure Support Specialist. This course is made up of demonstrations of subject matter experts going through a guided lab for each skill. To perform these same steps on the virtual machines shown in the demonstration, please go to
Practice | Gameboard (cisa.gov) and create a login to access the lab guide and environment.
This is a basic level course.
Date: 2023
This course is aligned to the NIST SP 800-181 Cybersecurity Workforce Framework:
Category | Specialty Area | Work Roles |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| |
|
8 Hours Cyber Fundamentals for Law Enforcement Investigations | Skill Level: Beginner | | + Description | | This course serves as an introduction and overview of several concepts and technologies that may be encountered as part of an investigation with a digital or cyber component. Starting with the basics of how devices communicate, the course continues with technical concepts and applications that may be used to facilitate or investigate incidents. Content includes lab exercises and practical application takeaways to reinforce concepts, and a course exam.
Learning Objectives:
- Describe essential computing communication concepts.
- Identify digital evidence sources and handling.
- Apply techniques to examine applications for target information.
Date: 2017
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Threat Analysis |
Threat/Warning Analyst |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
Investigate |
Cyber Investigation |
Cyber Crime Investigator |
|
| + Course Modules/Units | | Cyber Investigation Course Intro | Cyber Crimes versus Traditional Crimes | Cyber Laws Overview | Logical and Physical Addresses | Dissecting a Data Packet | How Computers Connect | IP Addresses and Domain Names | IP Addresses | Domain Naming | NSlookup Dig Google Toolbox | Digital Artifacts Basics | Site Survey and Collection | Determining Sophistication | Time Standardization | Requesting Digital Forensic Artifacts | Footprinting | Handling Untrusted or Unknown Files | Setting Up an Analysis Environment | Examining Images | Intro to Encryption | Detecting Encryption | Malware Awareness | Malware Propagation | Malware History | Remote Access | Understanding Insider Threat | Introduction to Peer-to-Peer | Advanced IP Tunneling Overview | TOR versus Traditional Tunneling | Iodine IP over DNS | Email Analysis | Phishing Message Analysis | Online Auctions | Open Source Searches Using Facebook | Open Source Searches Using Twitter | Google FU | Cyber Investigations Exam | Domain Information Lookup | Examining EXIF Data and Images | Computing and Comparing Hash Values | File Search Techniques | Open Source Twitter Searches |
|
|
|
9 Hours Cyber Security Investigations | Skill Level: Beginner | | + Description | | This course discusses the basic concepts of cybersecurity and digital forensics investigation practices. Topics include performing collection and triage of digital evidence in response to an incident, evidence collection methodologies, and forensic best practices. This is an introductory course reviewing the processes, methods, techniques, and tools in support of cyber security investigations.
Learning Objectives:
- Understand the process of integrating forensics collection and analysis program into an organization.
- Recognize concepts involved in the Forensic Process.
- Apply necessary preparation to perform collections and incident response according to best practices.
- Understand methods, goals and objectives for digital forensic collection activities.
- Apply techniques and tools for conducting evidence collection, triage, and log analysis.
Date: 2015
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Collect and Operate |
Cyber Operations |
Cyber Operator |
Investigate |
Cyber Investigation |
Cyber Crime Investigator |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| + Course Modules/Units | | Purpose of Computer and Network Forensics | Digital Forensics Tools | Forensics Team Staffing Considerations | Digital Forensics Guidelines, Policies, and Procedures | Digital Forensics Life Cycle | Digital Forensics Best Practices | Digital Forensics Concepts | Locard's Exchange Principle | Incident Response Phases Part 1 of 3 | Incident Response Phases Part 2 of 3 | Incident Response Phases Part 3 of 3 | Computer Forensics Process Part 1 of 2 | Computer Forensics Process Part 2 of 2 | Digital Forensic Planning and Preparation | IR and Digital Forensics Tools | Forensically Prepared Media, Tools and Equipment | Incident Response Information Gathering | Incident Response Acquisition Considerations | Incident Response Notes and Documentation | Auditing Windows Event Logs | Volatile Data Collection | Storage Media Collection | Network Data Collection | Log Collection | Data Carving using FTK | Digital Forensic Triage Overview | Incident Triage Process | Incident Triage Methodology | Attacker Methodology Overview Part 1 of 3 | Attacker Methodology Overview Part 2 of 3 | Attacker Methodology Overview Part 3 of 3 | Triage: Light and General Collections | Triage Analysis | Triage Analysis of Volatile Data | Program Execution | Analyzing Services | Malware Vectors and Detection | Mobile Device Triage Analysis | IR: Following a Trail | Hash and File Signature Analysis | Time Analysis | Registry Analysis | File Analysis Demonstration | Hashing with md5deep | Hash Analysis with Autopsy | Lessons Learned from an Incident | Lessons Learned from Objective and Subjective Data | Evidence Retention and Information Sharing Post Incident | Cyber Security Investigations Exam |
|
|
|
2 Hours Cyber Supply Chain Risk Management | Skill Level: Beginner | | + Description | | This course focuses on cyber supply chain risk management, also known as C-SCRM, and the role it plays within our society today. This course will explain how to securely provision, analyze, oversee and govern, protect and defend a supply chain.
Learning Objectives:
- Describe product supply chains and life cycles.
- Identify the role of adversaries in supply chain risk management.
- Define the risks associated with supply chains.
- State the principles of supply chain management.
- Identify security measures taken to protect a supply chain.
- Apply suggested tools to address supply chain vulnerabilities.
- Explain how knowledge of the 'internet of things' (IoT) is used to evaluate products as IoT devices.
- Recognize potential dangers posed by various devices brought to work.
- Identify the threats outlined for acquisitions personnel through the Federal Acquisition Regulation (FAR).
- Define how to personally safeguard your organization's cybersecurity.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
All-Source Analyst |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/Warning Analysis |
Analyze |
Targets |
Target Developer, Target Network Analyst |
Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Securely Provision |
Software Development |
Software Developer |
Securely Provision |
Systems Development |
Systems Developer |
|
| |
|
1 Hour CyberEssentials | Skill Level: Beginner | | + Description | | This course focuses on how leaders can develop actionable items to start implementing organizational cybersecurity practices and introduces the six essential elements of building a culture of cyber readiness.
Learning Objectives:
- Identify actionable items to reduce your organization's cyber risks through a holistic approach.
- Identify the six essential elements of building a culture of cyber readiness.
- Identify the steppingstones to building a culture of cyber readiness.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Oversee and Govern |
Strategic Planning and Policy |
Strategic Planning and Policy Planner |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
|
| |
|
12.5 Hours Cybersecurity Analyst | Skill Level: Intermediate | | + Description | | The Cybersecurity Analyst course is designed to help reinforce concepts for cyber work roles that require monitoring and information analysis to respond to suspicious events. This intermediate-level course focuses on defense techniques leveraging data and tools to identify risks to an organization, and apply effective mitigation strategies to detect and respond to threats.
Learning Objectives:
- List common cyber threats and examples of scanning and assessment tools and techniques to identify potential vulnerabilities.
- Analyze data from various sources to identify vulnerabilities and recommend strategies for mitigation.
- Configure and implement threat detection tools to detect incidents, and effectively respond and recover.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Threat Analysis |
Threat Analyst |
Protect and Defend |
Cybersecurity Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analysts |
|
| + Course Modules/Units | | Reconnaissance | Port Scanning for Active Reconnaissance | Environmental Reconnaissance Tools | Social Engineering for Reconnaissance | Network Mapping for Active Reconnaissance | Syslog | Reviewing Alerts/Detecting Attack Phases | Common Tasks in Environmental Reconnaissance | Environmental Reconnaisannce Variables | Basic Packet Analysis | Methods of Network Traffic Analysis | Network Traffic Analysis | Netflows | Working with Netflows | Netflow Tools | Examining Log Files | Data Correlation and Analytics | Analyzing Device Data | SIEM | DEMO: Wireshark Packet Analyzer | Hardening Network Devices | Network Segmentation and Design | Honeypot | Endpoint Security | Windows Group Policy | Access Control Models | Remote Authentication - Radius and Tacacs+ | Hardening Host and Networked Systems | Compensating Controls | Corporate Penetration Testing | Reverse Engineering Purpose and Practice | Team Training and Exercises | Risk Evaluation and Security Controls | Vulnerability Assessment Introduction | Vulnerability Management Requirements | Vulnerability Scanner Configuration | Vulnerability Assessment Tools | Scanning and Enumeration with Nmap | Intro to Vulnerability Scanning with Nessus | Vulnerability Remediation | Scanning and Report Viewing with OpenVAS | Endpoint and Protocol Analysis | Logging Strategies and Sources | Reviewing, Analyzing and Correlating Logs | Network Vulnerabilities | System Vulnerabilities | Web Application Vulnerabilities | Wireless Network Vulnerabilities | Virtual Infrastructure Vulnerabilities | Threats to Mobile Devices | ICS and SCADA Systems Security | Malware and Social Engineering Threats | Preparing for Impact Analysis | Forensics Kit and Incident Response | Forensic Investigation Suite | Setting Up an Analysis Environment | Communication During Incident Response | Common Symptoms of Host Infection | Incident Response and Recovery Part 1 of 2 | Incident Response and Recovery Part 2 of 2 | Regulatory Compliance and Frameworks | Control Selection Tailoring and Implementation | Verification and Quality Control | Procedures Supporting Policy | Enterprise Network Authentication Part 1 of 2 | Enterprise Network Authentication Part 2 of 2 | Cross-site Scripting and Other Exploits | Privilege Escalation Exploit | Technical Processes and Controls | Software Development Models and SDLC | Code Review and Testing | Secure Coding Best Practice Resources | Preventative Cyber Tools | Collective Cyber Tools | Analytical Cyber Tools | Exploit Cyber Tools | Forensics Cyber Tools | Course Test |
|
|
|
17.5 Hours Cybersecurity for Technical Staff | Skill Level: Beginner | | + Description | | This course highlights best practices applicable to a wide variety cybersecurity job roles. Topics include risk management, architecture and design, and tools and technologies. This course also covers key concepts for detecting, protecting, and defending from security threats.
Learning Objectives:
- List common cyber threats and how scanning and assessment tools and techniques identify potential vulnerabilities.
- Explain how various tools and technologies are configured or deployed to support an organization's security posture.
- Detail risk management best practices and mitigation strategies.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | Malware: Viruses | Malware: Rootkits, Trojans, Botnets | MITM, DoS, Packet Flooding and Other Attacks | Backdoor, Spoofing, Replay and Other Attacks | Password, Birthday, Crypto and Application Attacks | Social Engineering Techniques | Wireless Attacks | Application Attacks | Threat Actors | Assessment Tools and Techniques | Active and Passive Reconnaissance | Security Testing and Assessment | Firewall Implementations | Proxy Server Implementations | Hubs and Switches | Routers and Routing Protocols | Remote Access and VPNs Part 1 of 2 | Remote Access and VPNs Part 2 of 2 | Network Intrusion Detection Systems | Host-Based Intrusion Detection Systems | Password Cracking Categories and Tools | Password Cracking Techniques | DEMO: Local Information Gathering Tools | DEMO: Network Connectivity Testing Tools | DEMO: Remote Information Gathering Tools | Mobile Device Security | Mobile Device Deployment | Network Security Protocols | Network Services and Protocols | Frameworks and Reference Architectures | Network Zones | Demilitarized Zones (DMZ) Implementations | Security Device and Technology Placement | Host Security: OS Hardening and Firewalls | Host Security: Anti Virus, Malware and Spam | Host Security: Pop Ups and Patch Management | Secure Static Environment | Secure Staging Deployment Concepts | Cloud and Virtualization Concepts | Cloud Architectures | Host Security: Virtualization | Resiliency and Automation to Reduce Risk | Physical Security and Environmental Controls | Access Control Categories | Authentication Services | Access Control Models | Authentication and Authorization Concepts | Biometric Authentication | Account Management | Identity Management | Security Awareness and Training | Risk and Related Concepts | Risk and Asset Identification | Threat and Risk Calculation | Risk Control Types | Security Control Types and Categories | Basic Forensics Procedures | Incident Handling and Forensics | Incident Response Preparation | Risk Management: Business Continuity | Risk Management: Redundancy and Fault Tolerance | Risk Management: Disaster Recovery | Risk Mitigation Strategies | Data Security | Data Destruction and Disposal Methods | Data Sensitivity and Handling | Mitigation and Deterrence: Logging | Mitigation and Deterrence: Hardening | Mitigation and Deterrence: Network Security | Mitigation and Deterrence: Attack Countermeasures | Cryptography Part 1 of 2 | Cryptography Part 2 of 2 | Wireless Security Evolution | Wireless Security Best Practices | Cryptographic Keys and PKI | Course Test |
|
|
|
1 Hour CyberStat Workshops | Skill Level: Beginner | | + Description | | On Wednesday, April 20, 2022, the CyberStat Program, along with Subject Matter Experts from the OMB Office of the Federal Chief Information Officer, General Services Administration(GSA), and CISA’s Office of the Technical Director, hosted the CyberStat Workshop “Zero Trust Pillar 1: Identity (Part 1).” Attending agency representatives had the opportunity to learn more about Zero Trust Implementation Tasks, Multi Factor Authentication, including phishing resistant MFA for Public Facing Systems, the new password policy, and how the new policy can be implemented.
Date: April 20, 2022
Length: 57 minutes
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Improving the management of policy changes required by EO14028.
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support |
| |
|
1 Hour CyberStat Workshops | Skill Level: Beginner | | + Description | | On Wednesday, May 4, 2022, the CyberStat Program, along with Subject Matter Experts from CISA and OMB, hosted the CyberStat Workshop “Zero Trust Pillar 1: Identity (Part 2).” Attending agency representatives had the opportunity to learn more about the role of centralized identity management within their agencies’ structures and gain assistance in how to incorporate device-level signals alongside identity information in authentication.
Date: May 4, 2022
Length: 42:53
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Improving the management of policy changes required by EO 14028.
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support |
| |
|
1 Hour CyberStat Workshops | Skill Level: Beginner | | + Description | | On Tuesday, June 28, 2022, the CyberStat Program, along with subject matter experts from CISA and OMB, hosted the CyberStat Workshop Zero Trust Pillar 3: Networks. Agency participants learned about the four tasks in Pillar 3 of M-22-09 and engaged with SMEs to discuss obstacles and challenges in implementing these required tasks.
Date: June 28, 2022
Length: 1:05:26
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Improving the management of policy changes required by EO 14028.
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support |
| |
|
1 Hour CyberStat Workshops | Skill Level: Beginner | | + Description | | On Thursday, August 25, 2022, the CyberStat Program, along with subject matter experts from CISA and USDS, hosted the CyberStat Workshop Zero Trust Pillar 4: Applications and Workloads. Agency participants learned about the five tasks in Pillar 4 of M-22-09 and engaged with SMEs to discuss obstacles and challenges in implementing these required tasks.
Date: August 25, 2022
Length: 59:59
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Improving the management of policy changes required by EO 14028.
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support |
| |
|
1 Hour CyberStat Workshops | Skill Level: Beginner | | + Description | | On Thursday, October 13, 2022, the CyberStat Program, along with subject matter experts from CISA, NIST, the Department of Transportation, the Department of State, the Department of Education, and the General services Administration, hosted the CyberStat Workshop Zero Trust Pillar 4: Applications and Workloads. Agency participants learned about the four tasks in Pillar 4 of M-22-09 and engaged with SMEs to discuss obstacles and challenges in implementing these required tasks.
Date: October 13, 2022
Length: 51:14
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Improving the management of policy changes required by EO 14028.
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework: Cyber Defense Infrastructure Support |
| |
|
1.5 Hours DB Evaluations using AppDetectivePro and dbProtect | Skill Level: Beginner | | + Description | | This course focuses on basic database security concepts and methodology. This course demonstrates how tools such as AppDetectivePRO and DbProtect can be used to scan databases in order to uncover configuration mistakes, identification and access control issues, missing patches or any toxic combination of settings that could lead to escalation-of-privilege or denial-of-service attacks, data leakage, or unauthorized modification of data.
Learning Objectives:
- Understand importance of database security.
- Understand how tools such as AppDetectivePRO and db-Protect can be used to evaluate a database's security posture.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Securely Provision |
Systems Development |
Systems Developer |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| + Course Modules/Units | | Importance of Databases Security | Databases Security Methodology | AppDetectivePRO Overview | DbProtect Overview | DbProtect Deployment Model | DbProtect Features | DbProtect Demonstration |
|
|
|
|
9 Hours Demilitarized Zone (DMZ) with IDS/IPS | Skill Level: Intermediate | | + Description | | This course introduces the concept of a network Demilitarized Zone (DMZ) and the security benefits it can provide. This course focuses on best practices for designing and implementing a DMZ and includes a section on Intrusion Detection Systems (IDS) and Intrusion Protection Systems (IPS) that provides an in-depth look at SNORT for network monitoring. The course concludes with log analysis and management best practices.
Learning Objectives:
- Present an overview of the DMZ security model and key components.
- Discuss DMZ structure, purpose, and operation.
- Present different models for implementation to meet network requirements.
- Discuss the network threats that a DMZ can detect and mitigate.
Date: 2013
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| + Course Modules/Units | | Demilitarized Zone (DMZ) Introduction | DMZ Architecture | DMZ Components: Firewalls Part 1 of 2 | DMZ Components: Firewalls Part 2 of 2 | Setting up a DMZ using IPTables Demo | DMZ Components: IDS | DMZ Components: IDS/IPS Placement | DMZ Components: Proxy Servers | DMZ Components: Network Servers | DMZ Architectures | Attacking the DMZ Part 1 of 2 | Attacking the DMZ Part 2 of 2 | DMZ Attack Types Part 1 of 2 | DMZ Attack Types Part 2 of 2 | DMZ: Open Source vs Commercial Implementations | DMZ: Software Subscription Services | Open Source DMZ Tools Part 1 of 2 | Open Source DMZ Tools Part 2 of 2 | Proxy Concepts | DNS Concepts | Web Server Concepts | E-mail Relay and VPN Concepts | DMZ and Commercial Software - Part 1 | DMZ and Commercial Software - Part 2 | Security Capabilities in a DMZ | Security Capabilities in Procmail Demo | Network Security Appliances IDS | Snort Intro and Overview | Using BASE w Snort DB | Snort Demo | Log Mgmt and Analysis Concepts | SYSLOG Basics | Using Swatch Overview | Log Management Best Practices | Proxy and DNS Log File Concepts | Analyzing Proxy and DNS Log Files | DMZ with IDS/IPS Course Quiz |
|
|
|
4 Hours Develop and Publish a Vulnerability Disclosure Policy for Federal Agencies (CISA BOD 20-01) | Skill Level: Beginner | | + Description | | This 1/2-day course is a joint collaboration of the Cybersecurity & Infrastructure Security Agency (CISA) and the CERT Division of the Software Engineering Institute at Carnegie Mellon University. The purpose of this training is to help federal civilian agencies meet required actions of BOD 20-01, the Binding Operational Directive to Develop and Publish a Vulnerability Disclosure Policy (VDP) by covering the knowledge of and providing resources for:
- Vulnerability report receipt and intake
- Developing and publishing a vulnerability disclosure policy
- Developing vulnerability disclosure handling procedures
- Developing a vulnerability disclosure capability development
- Reporting metrics
After completing this course, participants should be able to
- Describe agency requirements for developing and publishing a vulnerability disclosure policy (VDP).
- Describe the minimum capacity needed to support your vulnerability disclosure handling process.
- Explain how vulnerability disclosure and handling is dependent on successful human interaction.
- Explain the importance of establishing trust and good relationships with reporters and stakeholders.
- List the key resources that can help your agency build your VDP and supporting processes.
- Meet the requirements to develop and publish a VDP and supporting handling process.
- Understand how and when to work with CISA for assistance and escalation.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Protect and Defend |
Vulnerability Management |
Vulnerability Manager |
|
| + Course Modules/Units | | Develop and Publish a Vulnerability Disclosure Policy | Module 2: Overview of CISA BOD 20-01 | Module 3: Essentials of VDP | Module 4: Developing A Vulnerability Disclosure Handling Capability | Module 5: Reporting and Metrics | Module 6: Challenges and Additional Considerations | Module 7: Summary and Wrap-up |
|
|
|
2 Hours DNSSEC Training Workshop | Skill Level: Advanced | | + Description | | This course covers the basics of Domain Name System Security Extensions (DNSSEC), how it integrates into the existing global DNS and provides a step-by-step process to deploying DNSSEC on existing DNS zones.
Learning Objectives:
- Discuss DNSSEC and supporting mechanisms.
- Sign a DNS zone.
- Configure Delegation Signer (DS) resource records.
- Set up a Secure Resolver.
- Discuss server operational considerations.
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Securely Provision |
Systems Architecture |
Security Architect |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
Systems Administrator |
|
| + Course Modules/Units | | DNSSEC Introduction | DNS Resolution Steps | DNS Vulnerabilities and Security Controls | DNSSEC Mechanisms | DNS Resource Records (RR) | Special DNS Resource Records | DNS Zone Signing | Secure DNS Zone Configuration-DNSSEC Key Generation | Prepare the DNS Zone File for Signing | Signing the DNS Zone file | Publishing a signed zone | Testing a signed zone | Testing a signed zone through a validator | DNSSEC Chain of Trust | Setting Up A Secure Resolver | Adding a trusted key | Securing the last hop | ZSK Rollover | Using pre-published keys | KSK Rollover | Conclusions |
|
|
|
1 Hour Don't Wake Up to a Ransomware Attack | Skill Level: Beginner | | + Description | | Ransomware attacks hit a new target every 14 seconds: shutting down digital operations, stealing information and exploiting businesses, essential services and individuals alike. "Don't Wake Up to a Ransomware Attack" provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to prevent, mitigate, and respond to the ever-evolving threat of ransomware.
This webinar includes the following information and more:
- Definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time
- Common signs of a ransomware attack and how to respond if an attack is suspected
- Guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack
- Case studies demonstrating the impacts of ransomware attacks
- A concluding Knowledge Check to reinforce understanding and key takeaways
Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from ransomware cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.
- Define ransomware
- Be able to identify signs of a ransomware attack
- Learn mitigation steps of ransomware attacks
- Understand how to recover from a ransomware attack
- Understand impacts of ransomware attacks though case studies
Date: 2020
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
Operate and Maintain |
Data Administration |
Data analyst, database administrator |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
1.5 Hours Dynamic Testing using HPE WebInspect | Skill Level: Beginner | | + Description | | This course introduces learners to dynamic testing tools for web applications and demonstrates how they can be used to identify, evaluate, and mitigate a web application’s potential security vulnerabilities. The focus is on using HPE WebInspect to perform and manage dynamic security vulnerability testing and address results from a developer’s perspective/cybersecurity professional's perspective.
Learning Objectives:
- Understand how dynamic testing tools work on web-based applications.
- Utilize dynamic testing tools to find common Weakness Enumeration.
Date: 2014
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Securely Provision |
Systems Development |
Systems Developer |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| + Course Modules/Units | | Application Security | WebInspect Dynamic Analysis | Installing WebInspect | Run a WebInspect Scan | WebInspect Demonstration | Policy Manager Demonstration | Default Settings Demonstration | Reports | Application Settings and Tools | Comparing Scans | Testing in a Closed versus Open Network | WebInspect Agent, Web Services |
|
|
|
3.5 Hours Elections and IT | Skill Level: Beginner | | + Description | | This course is a collaboration between the U.S. Election Assistance Commission (EAC) and the U.S. Department of Homeland Security (DHS) and provides an opportunity to learn why election officials must view themselves as IT managers. The course serves as an overview of information technology and how to ensure security is included in the planning, procuring, designing, implementing, and maintaining of interconnected electronic election systems, including public-facing websites. The content introduces the key concepts of identifying vulnerabilities and how to protect election systems from internal and external threats and provides information on cybersecurity resources available from the EAC and DHS.
Date: 2018
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative |
|
| + Course Modules/Units | | Professionalizing Election Admin Intro | Being an IT Manager | Election Systems | Procuring IT | Testing and Audits | Election Security | Principles of Information Security | Cybersecurity and Elections | Risk Management and Elections | Phishing and Elections | Election Infrastructure Security | DHS Cyber Security Tools and Services | EAC Resources |
|
|
|
12 Hours Emerging Cyber Security Threats | Skill Level: Intermediate | | + Description | | This course covers a broad range of cybersecurity elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. It will cover what the policies are, the roles it plays in cybersecurity, how they are implemented. The course will also look at cybersecurity laws, standards, and initiatives. Topics include policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.
Date: 2010
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Threat Analysis |
Threat/Warning Analysis |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | Introduction to Cybersecurity Policy | Types of Security Policy | Policy Education and Implementation | Cybersecurity Laws | Proposed Legislation | NIST Cybersecurity Standards | Other Cybersecurity Standards | Comprehensive National Cybersecurity Initiatives (CNCI) | Other Federal Cybersecurity Initiatives | Implementing Cybersecurity Initiatives | SPAM | Malware Trends | Botnets | Monetization | Cyber Attack Profiles | Cyber Crime | Cyberwarfare | Cyber Attack Attribution | Cyber Threat Mitigation | Mobile Device Trends | Mobile Device Threats | Mobile Device Countermeasures | Exploited Threats | What is Cloud Computing? | Technical Risks | Operational Risks | Risk Mitigation Strategies | DISA Cloud Solutions | RFID Introduction | RFID Threats | RFID Countermeasures | Exploited Threats | Introduction and MAC Address Monitoring | MAC Address Spoofing | Managing Traffic Flows | VLANs and Security | 802.1x Port Authentication | Network Admission Control | Securing STP | Securing VLANs and VTP | Introduction and Edge Security Traffic Design | Blocking DoS and DDoS Traffic | Specialized Access Control Lists | Routers with Firewalls | Beyond Firewalls: Inspecting Layer 4 and Above | Securing Routing Protocols and Traffic Prioritization | Securing Against Single Point of Failures | Physical and Operating System Security | Management Traffic Security | Device Service Hardening | Securing Management Services | Device Access Hardening | Device Access Privileges | Name Resolution Introduction | Name Resolution and Security | DNS Cache | DNS Security Standards and TSIG | DNSSEC | Migrating to DNSSEC | Issues with Implementing DNSSEC 1 | Issues with Implementing DNSSEC 2 | IPv6 Concepts | IPv6 Threats | IPv6 Network Reconnaissance | DEMO: IPv6 Network Reconnaissance | IPv6 Network Recon Mitigation Strategies | IPv6 Network Mapping | DEMO: IPv6 Network Mapping | IPv6 Network Mapping Mitigation Strategies | IPv6 Neighbor Discovery | DEMO: IPv6 Address Assignment | IPv6 Attacks | DEMO: IPv6 Alive Hosts | DEMO: IPv6 Duplicate Address Detection (DAD) | DEMO: IPv6 DAD Denial of Services (DOS) | DEMO: IPv6 Fake Router Advertisement | DEMO: IPv6 Man-in-the-middle | IPv6 Attack Mitigation Strategies | IPv6 Tunneling | IPv6 Windows Teredo Tunneling | IPv6 Tunneling Mitigation Strategies | IPv6 Best Practices |
|
|
|
24 Hours Enterprise Cybersecurity Operations | Skill Level: Intermediate | | + Description | | This course highlights technical knowledge and skills required for implementing secure solutions in the enterprise. A broad spectrum of disciplines is covered to aid practitioners in applying frameworks and controls to improve the security posture while supporting the business mission.
Learning Objectives:
- Describe risk management's role in the enterprise and mitigation strategies for specific threats.
- Detail implementing network security strategies and controls for connected devices.
- Explain how cloud technologies are leveraged and can support a secure enterprise architecture.
- List sources and methods to help stay current with cybersecurity best practices and threat trends and analyzing potential impact to the enterprise.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
All-Source Analyst |
Collect and Operate |
Cyber Operations Planning |
Cyber Ops Planner |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Risk Management |
Security Control Assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect |
|
| + Course Modules/Units | | Configuration Strategies w/ Spec Compon | Cryptographic Terms and Implementations | Cryptographic Tools and Techniques Part 1 of 2 | Cryptographic Tools and Techniques Part 2 of 2 | Hybrid Encryption in SSL Demo | Encryption Limitations and Key Length Part 1 of 2 | Encryption Limitations and Key Length Part 2 of 2 | DEMO: Volume and File Encryption | Hash Functions and Algorithms | Digital Signatures | Digital Certificate Elements | CAs and Public Key Infrastructure | Origins For Cryptographic Standards | Virtual Networking | Intro to Virtualized Computing Part 1 of 2 | Intro to Virtualized Computing Part 2 of 2 | VLANs and Switching | Storage Types and Considerations | Enterprise Storage | Enterprise Storage Connection Terms | Enterprise Storage and RAID | Securing iSCSI and FCoE and Managing Storage | Network Security Concepts | Network Zones and Remote Access | NW Components Routers and Firewalls Part 1 of 2 | NW Components Routers and Firewalls Part 2 of 2 | NW Components Intrusion Detection Systems | Networked-based IDS and IPS Deployment | Securing Wireless Part 1 of 2 | Securing Wireless Part 2 of 2 | DMZ Components | Web Services Concepts | Web Servers and DNS | Securing DNS Best Practices | Proxy Servers and SMTP Relay | NAT and PAT | Infra Design : Firewalls and Proxies | Infra Design : IDS and IPS | Infra Design : Syslog and SIEMs | Infra Design : Switch and Router Security | Infra Design : VPNs and SNMP | SCADA Environments | Application Security : VTC and VoIP | Application Security : Databases and Web Services | Application Security : IPv6 | Physical Security Concerns and Controls | Host Security Controls Part 1 of 2 | Host Security Controls Part 2 of 2 | Web Application Security Design | DEMO: Whitelisting and Blacklisting | Specific Application Issues | Client side vs Server side Processing | Analyzing Business Risk | Risk Management in New Business Models | Risk Mitigation Strategies and Controls | Security Impact of Inter Organizational Change | Calculating Risk Exposure | Incident Response Concepts | Incident Response and Recovery Process | Privacy Policy and Procedures Part 1 of 2 | Privacy Policy and Procedures Part 2 of 2 | Assessment Tools | Assessment Methods | Assessment Methodologies | Cybersecurity Benchmarks | Security Metrics | Situational Awareness | Analyzing Industry Trends Part 1 of 3 | Analyzing Industry Trends Part 2 of 3 | Analyzing Industry Trends Part 3 of 3 | Applying Analysis to Improve Enterprise Security Part 1 of 4 | Applying Analysis to Improve Enterprise Security Part 2 of 4 | Applying Analysis to Improve Enterprise Security Part 3 of 4 | Applying Analysis to Improve Enterprise Security Part 4 of 4 | Integrating Enterprise Disciplines Part 1 of 2 | Integrating Enterprise Disciplines Part 2 of 2 | Security Controls for Communication and Collaboration | Adv Authentication Tools and Techniques | Software Development Models | System Dev Life Cycle and CS | IT Governance | Cloud based Deploy Models | Cloud Security | Identity Management | Securing Virtual Environments Part 1 of 3 | Securing Virtual Environments Part 2 of 3 | Securing Virtual Environments Part 3 of 3 | Enterprise Storage Advantages and Security Measures | Enterprise Network Authentication Part 1 of 2 | Enterprise Network Authentication Part 2 of 2 | Practice Exam |
|
|
|
2 Hours Foundations of Cybersecurity for Managers | Skill Level: Beginner | | + Description | | This course is designed for managers and other stakeholders who may be involved in decision making that would include considerations for security in a cyber environment but do not have a strong technical background. Discussions focus on cybersecurity concepts and methodologies that are part of building a resilient cyber enterprise. This course explains how people and technology work together to protect mission-critical assets, and the frameworks leveraged to assess and apply security controls. Beginning with governance, laws, and regulations, the course progresses into threats to the environment and identifying corresponding controls and countermeasures, concluding with strategies for business continuity.
Learning Objectives:
- Know key concepts of cybersecurity and its relation to the business mission.
- Recall risk management strategies and related frameworks.
- Identify how cloud services are leveraged and pros and cons of doing so.
- Describe common threats, threat actor types, and mitigation techniques.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
|
| + Course Modules/Units | | Cybersecurity Introduction | Cybersecurity Workforce | Cybersecurity Governance | Cybersecurity Guidance Resources | Laws and Cybersecurity | Common Cyber Threats | Threat Actors | Cybersecurity and Mobile Devices | Security Controls | Security Tools and Measures | Introduction to Cloud Computing | Cloud Architectures and Deployment Models | Cloud Threats and Attacks | Cloud Security | Risk Management Overview | Incident Response and Digital Evidence Types | Risk and Planning Strategies | Foundations of Cybersecurity for Managers Exam |
|
|
|
10.5 Hours Foundations of Incident Management | Skill Level: Beginner | | + Description | | This course introduces basic concepts and functions of incident management. This includes where incident management activities fit in the information assurance or information security ecosystem and covers the key steps in the incident handling lifecycle with practices to enable a resilient incident management capability.
Learning Objectives:
- Explain the role of incident management.
- Distinguish between incident management and incident handling.
- Outline the incident handling lifecycle.
- Identify key preparations to be established to facilitate incident handling.
- Distinguish between triage and analysis.
- Identify the basic steps in response.
Date: 2015
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Threat Analysis |
Threat/Warning Analyst |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| + Course Modules/Units | | Foundations of Incident Management Course Intro | Framing The Need For Incident Management | Incident Management Terms and Processes | Institutionalizing Incident Management Capabilities | Stakeholders in Incident Management | CERT and Other’s Perspective on Threats and Trends | Incident Management Terminology | Incident Management Attack Classes and Actors | Incident Management Malware and DoS Examples | Incident Management Prevention, Detection, and Response | Incident Handling Lifecycle - Prepare | Incident Handling Information | Analyzing Attack Information | Incident Management Monitoring Tools | Incident Management Detection Process | Process to Support Incident Detection and Reporting | What is Situational Awareness? | Non Technical Elements of Situational Awareness | Technical Elements of Situational Awareness | Using Sensors for Requirements Gathering | Incident Handling Lifecycle: Analysis | Incident Handling Lifecycle: Triage | Questions Addressed in Triage | Objectives of Incident Analysis | Tasks of Incident Analysis Part 1 of 2 | Tasks of Incident Analysis Part 2 of 2 | Data Sources for Analysis | Examples of Data Sources for Analysis | Incident Analysis Exercise Scenario | Preparing For Impact Analysis | Conducting Impact Analysis | Response and Recovery Part 1 of 2 | Response and Recovery Part 2 of 2 | Mission of the Response Process | Coordinating Response Part 1 of 2 | Coordinating Response Part 2 of 2 | Sample Attack Mitigations | Benefits and Motivations of Information Sharing | Methods of Information Sharing | Data Models for Information Sharing | STIX/TAXII Protocol | Foundations of Incident Handling Course Summary | Foundations of Incident Management Course Exam |
|
|
|
6 Hours Fundamentals of Cyber Risk Management | Skill Level: Beginner | | + Description | | This course focuses on key concepts, issues, and considerations for managing risk. Discussions include identifying critical assets and operations, risk assessment and analysis methodologies, risk management frameworks, and how to determine threats to your business function, mitigation strategies, and response and recovery.
Learning Objectives:
- Describe key concepts related to cyber risk management.
- Detail risk assessment and analysis methodologies and frameworks.
- Identify security controls and countermeasures to mitigate risks and support response and recovery.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Securely Provision |
Risk Management |
Security Control Assessor |
|
| + Course Modules/Units | | Fundamentals of Cyber Risk Management Course Introduction | Risk Management Overview | Standards for Risk Management | OCTAVE | CERT Resilience Management Model Overview | Critical Assets and Operations | Threat Overview | Vulnerabilities | Threat Scenarios | Risk and Impact Analysis | Considerations for Responding to Risks | Risk Mitigation Strategies | Control Methods and Types of Security Controls | Administrative Controls | Selecting Security Controls | Security Control Assessment | Mitigation Strategy and Maintenance | Security Testing and Assessments | Incident Response Terms and Life Cycle | Incident Response Phase 1 of 6 - Preparation | Incident Response Phase 2 of 6 – Detection and Analysis | Incident Response Phase 3 of 6 – Containment | Incident Response Phases 4-5 of 6 – Eradication and Recovery | Incident Response Phase 6 of 6 – Lessons Learned | Business Continuity Plans and Procedures | Disaster Recovery Plans and Procedures | Fundamentals of Cyber Risk Management Exam |
|
|
|
1 Hour Incident Response 101 | Skill Level: Beginner | | + Description | | This course focuses on cyberattacks, specifically compromises via ransomware. Implementing strategies to defend against attacks as well as preparations for response and recovery in the event of an incident is critical to an organization’s resilience. This course reviews malware types and vectors for compromise, common issues hindering an effective response, best practices for preparing and responding to an infection incident, and defensive measures to strengthen the cybersecurity posture.
Learning Objectives:
- Identify the various types of disruptionware, vectors for compromise, and the impact of an infection on business operations.
- Recognize the common problems that can hinder effective incident response and prevention activities.
- Know the ordered steps in following documented incident reporting procedures including immediate actions and communication.
- Explain the importance of defense-in-depth layered strategy for protecting the enterprise with examples of implementation.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| + Course Modules/Units | | Malware Attacks and Vectors of Compromise | Incident Response - Common Problems/Issues | Ransomware Immediate Infection Response | Incident Response Backups | Cyberattack Defensive Strategies | IR Course Exam |
|
|
|
6 Hours Insider Threat Analysis | Skill Level: Advanced | | + Description | | This course focuses on helping insider threat analysts understand the nature and structure of data that can be used to prevent, detect, and respond to insider threats. This course focuses on how to work with data from multiple sources to develop indicators of potential insider activity, as well as strategies for developing and implementing an insider threat analysis and response. This course explains the workflow that incorporates expertise and capabilities from across an organization.
Learning Objectives:
- Work with raw data to identify concerning behaviors and activity of potential insiders.
- Identify the technical requirements for accessing data for insider threat analysis.
- Develop insider threat indicators that fuse data from multiple sources.
- Apply advanced analytics for identifying insider anomalies.
- Measure the effectiveness of insider threat indicators and anomaly detection methods.
- Navigate the insider threat tool landscape.
- Describe the policies, practices, and procedures needed for an insider threat analysis process.
- Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Threat Analysis |
Threat/Warning Analyst |
Protect and Defend |
Vulnerability and Assessment Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | Insider Threat Analysis Introduction | Insider Threat Hub Overview | Hub Roles and Responsibilities Part 1 of 2 | Hub Roles and Responsibilities Part 2 of 2 | Hub Management and Operations | Non-Technical Data Sources Part 1 of 2 | Non-Technical Data Sources Part 2 of 2 | Technical Data Sources | A Closer Look at Logs | Data Source Prioritization | Indicator Development | Example Analytics | Sequence and Model Development | Insider Threat Anomaly Detection Part 1 of 2 | Insider Threat Anomaly Detection Part 2 of 2 | Data Correlation and Entity Resolution Part 1 of 2 | Data Correlation and Entity Resolution Part 2 of 2 | Insider Threat Tools | Insider Threat Mitigation Tools | Meas. Insider Threat Control Efficacy Part 1 of 2 | Meas. Insider Threat Control Efficacy Part 2 of 2 | Incident Threat Analysis Process | Analyst Workflow | Conducting Analysis | Cognitive Bias | Incident Response | Where Incident Response Fits | Incident Response Options | InTP Incident Response Plans | Insider Threat Ansys Wrap-Up |
|
|
|
7 Hours Insider Threat Program Manager: Implementation and Operations | Skill Level: Intermediate | | + Description | | This course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods to develop, implement, and operate program components. The content covered supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance.
Learning Objectives:
- Identify critical assets and protection schemes.
- Coordinate a cross-organizational team to help develop and implement the Insider Threat Program.
- Develop a framework for the Insider Threat Program.
- Identify methods to gain management support and sponsorship.
- Plan the implementation for their Insider Threat Program.
- Identify organizational policies and processes that require enhancement to accommodate insider threat components.
- Identify data sources and priorities for data collection.
- Identify infrastructure changes and enhancements necessary for implementing and supporting an Insider Threat Program.
- Outline operational considerations and requirements needed to implement the program.
- Build policies and processes to help hire the right staff and develop an organizational culture of security.
- Improve organizational security awareness training.
- Identify training competencies for insider threat team staff.
Date: 2020
Training Purpose: Management Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Threat Analysis |
Threat/Warning Analyst |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
|
| + Course Modules/Units | | Insider Threat Program Manager Intro | Principles of Insider Risk Management | Activities of an Enterprise Risk Mgmt Process | Controls and Safeguards of Insider Risk Management | Mitigation Strategies for Insider Risk Management | Concepts of Initial Planning for an InTP | Stakeholder Planning and Engagement | Identify Your Starting Point | Insider Threat Program Governance | Roles and Responsibilities in InTP Governance | Insider Threat Program Governance Challenges | Building the Insider Threat Program Plan | Developing a Phased Implementation | Implementation Options for Insider Threat Program | Building Your Program with Compliance in Mind | InTP Placement in Organization | Naming the InTP | Developing an InTP in a Classified Environment | Building the InTP Team | InTP Team Size | Key Roles Within the InTP Team | Insider Threat Hub Operations | Insider Threat Hub Staffing | Data Sources Part 1 of 2 | Data Sources Part 2 of 2 | Selecting Data Sources | Using Data Sources | Protecting Data Sources | Tools for InTP Teams | Hub Building Considerations | Managing Insider Investigations and Incidents | Considerations: Investigations and Incidents | Insider Threat Incidents | Insider Threat Training and Awareness | General Employee Training and Awareness | InTP Team and Working Group Training | Customized Role-Based Training | Classified Systems and Data Training | Management and Supervisor Training | Problems and Considerations | Measuring Insider Threat Program Effectiveness | Different Metrics for Different Audiences | Return on Investment (ROI) | Making Measurements: Assessments and Evaluations | Unintended Consequences of InTPs | Potential Negative Impacts from InTP Activities | Achieving Balance Using Positive Incentives | Creating the Proper Culture: Policy and Practice | InTP Maintenance Part 1 of 3 | InTP Maintenance Part 2 of 3 | InTP Maintenance Part 3 of 3 | Insider Threat Program Manager Wrap-Up |
|
|
|
1.5 Hours Introduction to Computer Forensics | Skill Level: Beginner | | + Description | | This course introduces the tasks, processes, and technologies to identify, collect and preserve, and analyze data so that it can be used in a judiciary setting. This course begins with obtaining and imaging data and then describes each step in following the forensic process.
Learning Objectives:
- Explain the importance and the processes necessary to handle data to ensure its admissibility in a court of law.
- List steps in the computer forensics process and goals for each step.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
|
| + Course Modules/Units | | Computer Forensics - Introduction | Computer Forensics - The Process | Computer Forensics - Following the Process – On-Site | Computer Forensics - Following the Process – On-Site - Encryption | Computer Forensics - Following the Process – On-Site - Memory | Computer Forensics - Following the Process – On-Site - Verification | Computer Forensics - Following the Process – Analysis | Computer Forensics - Following the Process – Report Findings | Computer Forensics - Following the Process – Data Preservation | Computer Forensics - Laws | Computer Forensics - Summary | Computer Forensics - Questions |
|
|
|
2 Hours Introduction to Cyber Intelligence | Skill Level: Beginner | | + Description | | This course focuses on what cyber intelligence is and how to acquire, process, analyze, and disseminate information that identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making. The course explains the current threat landscape and the importance of cyber intelligence, describes how cyber intelligence differs from cyber security and cyber threat intelligence, and explores intelligence tradecraft fundamentals. The content covers analytical techniques, estimative writing, and briefing within a cyber intelligence construct.
Learning Objectives:
- Discuss the threat and data landscape.
- Apply traditional intelligence tradecraft to the Cyber Domain.
- Define and describe a Cyber Intelligence Framework involving Human-Machine Teaming.
- Describe structured analytical techniques and biases.
- Communicate analytic findings effectively and recommend courses of action to practitioners and decision makers.
Date: 2020
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
All-Source Analyst |
Analyze |
Threat Analysis |
Threat/Warning Analyst |
Investigate |
Cyber Investigation |
Cyber Crime Investigator |
|
| + Course Modules/Units | | What is Cyber Intelligence? | Cyber Intelligence - Why Should You Care? | Cyber Intelligence - Skills, Traits, Competencies | Cyber Intelligence - Conceptual Framework | Environmental Context | Data Gathering | Threat Analysis | Strategic Analysis | Reporting and Feedback | Human and Machine Teaming | The Art and Science of Cyber Intelligence | Cognitive Biases | Logical Fallacies | Analytical Acumen - The Science | Analytic Methodologies - Diagnostic Technique | DC Sniper: Beltway Attacks | Analytical Methodologies - Contrarian Technique | Analytical Methodologies - Imaginative Technique | Analytical Methodologies - Network Analysis | Analytical Methodologies - ACH | Analytical Methodology – Systems Dynamics Modeling | Intelligence Writing - Why It Matters | Estimative Language | Briefing Tips | Intro to Cyber Intelligence Quiz |
|
|
|
4 Hours Introduction to Investigation of Digital Assets | Skill Level: Beginner | | + Description | | This course is designed for technical staff who are new to the area of Digital Media Analysis and Investigations. It provides an overview of the digital investigation process and key activities performed throughout the process.
Date: 2012
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
Investigate |
Cyber Investigation |
Cyber Crime Investigator |
|
| + Course Modules/Units | | Investigations of Digital Assets | Exercise Setup | Exercise Debrief | What is an Investigation with Digital Assets? | Digital Investigation Process | Preparation Phase | Data Collection Phase | Data Analysis Phase | Findings Presentation Phase | Incident Closure Phase | Digital Investigation Process Summary | Introduction to Artifact Analysis | Artifact Analysis Capabilities | Artifact Analysis Process | Surface and Comparative Analysis Process | Surface and Comparative Analysis Process-Continued | Runtime Analysis Process | Static Analysis Process | Sample Analysis: Runtime | Sample Analysis: Static | Malware Analysis Summary | Analysis Exercise |
|
|
|
1.5 Hours Introduction to Threat Hunting Teams | Skill Level: Beginner | | + Description | | This course provides basic definitions, activities, and examples of teams hunting threats in the cyber domain. The course addresses the differences between hunting team activities and those of incident management teams or penetration testing teams. The content covers how hunting teams establish goals, methods used by threat hunting teams, and sources available to help read and interpret the threat landscape.
Learning Objectives:
- Define threat hunting, what it means to hunt and how to hunt as a team.
- Differentiate between hunting teams and other types of cyber security teams.
- Describe how goals influence the method and success of hunting teams.
- Recognize the types of threat analysis information available and how to interpret the facts presented.
- Understand the three types of threat models and explain one in detail.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Threat Analysis |
Threat/Warning Analyst |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | Defining Threat Hunting | Examples and Goals of Threat Hunting | Differences Between Hunt Teams and Other Cyber Teams | Threat Landscape | Types of Threat Modeling | Hunting Methods on Networks | Teaming and Automation Example | Threat Hunting Teams Course Exam |
|
|
|
4 Hours Introduction to Windows Scripting | Skill Level: Beginner | | + Description | | This course focuses on writing scripts for the Microsoft Windows operating system. It covers fundamentals and syntax for automating administrative and security monitoring tasks. The course presents the basics of Windows BATCH scripting syntax and structure, along with several Windows command line utilities to harness the powerful capabilities built into Windows.
Learning Objectives:
- Understand fundamentals of Windows BATCH scripting, including syntax and structure.
- Perform redirection, piping, standard input / output, error handling, conditional statements, jumps, and command line parameters.
- Apply built-in commands like net, netsh, xcopy, and findstr to perform more complex functions.
- Understand best practices for writing and debugging Windows scripts.
Date: 2015
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
|
| + Course Modules/Units | | Scripting Basics Overview | Windows BATCH Scripting Basics | Windows BATCH Scripting_Variables | Windows BATCH Scripting_Loops | Windows BATCH Scripting_Functions | Windows Script Error Handling and Troubleshooting | Windows Script Best Practices and Examples | Windows Scripting Demo | Scripting for Penetration Testing | Windows Scripting Utilities_xcopy | Windows Scripting Utilities_findstr | Windows Scripting Utilities_net Commands | xcopy Examples Demo | WMI and WMIC | PowerShell Commands | PSExec | Windows Management Instrumentation Demo | Intro to Windows BATCH Quiz |
|
|
|
5 Hours IPv6 Security Essentials Course | Skill Level: Advanced | | + Description | | This course begins with a primer of IPv6 addressing and its current deployment state, discusses Internet Control Manager Protocol version 6 (ICMPv6), Dynamic Host Configuration Protocol version 6 (DHCPv6), and Domain Name System version 6 (DNSv6), and concludes with IPv6 Transition Mechanisms, security concerns, and management strategies. This course includes several reinforcing video demonstrations, as well as a final knowledge assessment.
Learning Objectives:
- Primer of IPv6 addressing
- Describe current deployment state
- Explain ICMPv6, DHCPv6, and DNSv6
- Explore IPv6 Transition mechanisms
- Identify security concerns
- Incorporate management strategies
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
Systems Administration |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Securely Provision |
Systems Architecture |
Systems Architect |
|
| + Course Modules/Units | | IPv6 Introduction | IPv6 Adoption | DEMO: IPv6 Network Reconnaissance | IPv6 Addressing Part 1 of 2 | IPv6 Addressing Part 2 of 2 | IPv6 Packet Header | DEMO: IPv6 Header Analysis | ICMPv6 | IPv6 Address Assignment | DEMO: IPv6 Address Assignment | IPv6 Web Browsing | IPv6 Transition Mechanisms Part 1 of 2 | IPv6 Transition Mechanisms Part 2 of 2 | DEMO: IPv6 Tunneling | IPv6 Security Concerns | DEMO: IPv6 Network Mapping |
|
|
|