|
|
 3 Hours Creating a Computer Security Incident Response Team (CSIRT) | Skill Level: Beginner |   | | + Description | | | This course was developed for organizations and individuals who are at the beginning of their planning and implementation process for creating a computer security incident response team or an incident management capability. This course begins with definitions and context for defining a CSIRT framework, followed by services that may be provided and building an action plan. An attendee workbook is included with questions and exercises to use in conjunction with the training.
Learning Objectives:
- Understand the function of Computer Security Incident Response Teams (CSIRTs) and the philosophy behind them.
- Understand the role of CSIRT in the incident management process.
- Identify the requirements to establish an effective CSIRT.
- Appreciate the key issues and decisions that must be addressed when creating a CSIRT.
- Learn to strategically plan the development and implementation of your CSIRT.
Date: 2017
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
|
| | + Course Modules/Units | | | | Create a Computer Security Incident Response Team | | Defining Incident Management Part 1 of 2 | | Defining Incident Management Part 2 of 2 | | Defining CSIRTs | | Types of CSIRTs | | Setting the Context | | Defining Your Framework Part 1 of 2 | | Defining Your Framework Part 2 of 2 | | Capability Strategies | | CSIRT Components | | CSIRT Components: Organizational Issues | | CSIRT Components: Resources | | Range and Level of Services | | Policy and Procedure Examples | | Range and Level of Services Summary | | Ideas for Your Action Plan | | Taking the Next Steps | | CSIRTs Resource Overview |
|
|
|
8 Hours Cyber Fundamentals for Law Enforcement Investigations | Skill Level: Beginner |  | | + Description | | | This course serves as an introduction and overview of several concepts and technologies that may be encountered as part of an investigation with a digital or cyber component. Starting with the basics of how devices communicate, the course continues with technical concepts and applications that may be used to facilitate or investigate incidents. Content includes lab exercises and practical application takeaways to reinforce concepts, and a course exam.
Learning Objectives:
- Describe essential computing communication concepts.
- Identify digital evidence sources and handling.
- Apply techniques to examine applications for target information.
Date: 2017
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
| Investigate |
Cyber Investigation |
Cyber Crime Investigator |
|
| | + Course Modules/Units | | | | Cyber Investigation Course Intro | | Cyber Crimes versus Traditional Crimes | | Cyber Laws Overview | | Logical and Physical Addresses | | Dissecting a Data Packet | | How Computers Connect | | IP Addresses and Domain Names | | IP Addresses | | Domain Naming | | NSlookup Dig Google Toolbox | | Digital Artifacts Basics | | Site Survey and Collection | | Determining Sophistication | | Time Standardization | | Requesting Digital Forensic Artifacts | | Footprinting | | Handling Untrusted or Unknown Files | | Setting Up an Analysis Environment | | Examining Images | | Intro to Encryption | | Detecting Encryption | | Malware Awareness | | Malware Propagation | | Malware History | | Remote Access | | Understanding Insider Threat | | Introduction to Peer-to-Peer | | Advanced IP Tunneling Overview | | TOR versus Traditional Tunneling | | Iodine IP over DNS | | Email Analysis | | Phishing Message Analysis | | Online Auctions | | Open Source Searches Using Facebook | | Open Source Searches Using Twitter | | Google FU | | Cyber Investigations Exam | | Domain Information Lookup | | Examining EXIF Data and Images | | Computing and Comparing Hash Values | | File Search Techniques | | Open Source Twitter Searches |
|
|
|
12.5 Hours Cybersecurity Analyst | Skill Level: Intermediate |  | | + Description | | | The Cybersecurity Analyst course is designed to help reinforce concepts for cyber work roles that require monitoring and information analysis to respond to suspicious events. This intermediate-level course focuses on defense techniques leveraging data and tools to identify risks to an organization, and apply effective mitigation strategies to detect and respond to threats.
Learning Objectives:
- List common cyber threats and examples of scanning and assessment tools and techniques to identify potential vulnerabilities.
- Analyze data from various sources to identify vulnerabilities and recommend strategies for mitigation.
- Configure and implement threat detection tools to detect incidents, and effectively respond and recover.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat Analyst |
| Protect and Defend |
Cybersecurity Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analysts |
|
| | + Course Modules/Units | | | | Reconnaissance | | Port Scanning for Active Reconnaissance | | Environmental Reconnaissance Tools | | Social Engineering for Reconnaissance | | Network Mapping for Active Reconnaissance | | Syslog | | Reviewing Alerts/Detecting Attack Phases | | Common Tasks in Environmental Reconnaissance | | Environmental Reconnaisannce Variables | | Basic Packet Analysis | | Methods of Network Traffic Analysis | | Network Traffic Analysis | | Netflows | | Working with Netflows | | Netflow Tools | | Examining Log Files | | Data Correlation and Analytics | | Analyzing Device Data | | SIEM | | DEMO: Wireshark Packet Analyzer | | Hardening Network Devices | | Network Segmentation and Design | | Honeypot | | Endpoint Security | | Windows Group Policy | | Access Control Models | | Remote Authentication - Radius and Tacacs+ | | Hardening Host and Networked Systems | | Compensating Controls | | Corporate Penetration Testing | | Reverse Engineering Purpose and Practice | | Team Training and Exercises | | Risk Evaluation and Security Controls | | Vulnerability Assessment Introduction | | Vulnerability Management Requirements | | Vulnerability Scanner Configuration | | Vulnerability Assessment Tools | | Scanning and Enumeration with Nmap | | Intro to Vulnerability Scanning with Nessus | | Vulnerability Remediation | | Scanning and Report Viewing with OpenVAS | | Endpoint and Protocol Analysis | | Logging Strategies and Sources | | Reviewing, Analyzing and Correlating Logs | | Network Vulnerabilities | | System Vulnerabilities | | Web Application Vulnerabilities | | Wireless Network Vulnerabilities | | Virtual Infrastructure Vulnerabilities | | Threats to Mobile Devices | | ICS and SCADA Systems Security | | Malware and Social Engineering Threats | | Preparing for Impact Analysis | | Forensics Kit and Incident Response | | Forensic Investigation Suite | | Setting Up an Analysis Environment | | Communication During Incident Response | | Common Symptoms of Host Infection | | Incident Response and Recovery Part 1 of 2 | | Incident Response and Recovery Part 2 of 2 | | Regulatory Compliance and Frameworks | | Control Selection Tailoring and Implementation | | Verification and Quality Control | | Procedures Supporting Policy | | Enterprise Network Authentication Part 1 of 2 | | Enterprise Network Authentication Part 2 of 2 | | Cross-site Scripting and Other Exploits | | Privilege Escalation Exploit | | Technical Processes and Controls | | Software Development Models and SDLC | | Code Review and Testing | | Secure Coding Best Practice Resources | | Preventative Cyber Tools | | Collective Cyber Tools | | Analytical Cyber Tools | | Exploit Cyber Tools | | Forensics Cyber Tools | | Course Test |
|
|
|
4 Hours Develop and Publish a Vulnerability Disclosure Policy for Federal Agencies (CISA BOD 20-01) | Skill Level: Beginner |    | | + Description | | | This 1/2-day course is a joint collaboration of the Cybersecurity & Infrastructure Security Agency (CISA) and the CERT Division of the Software Engineering Institute at Carnegie Mellon University. The purpose of this training is to help federal civilian agencies meet required actions of BOD 20-01, the Binding Operational Directive to Develop and Publish a Vulnerability Disclosure Policy (VDP) by covering the knowledge of and providing resources for:
- Vulnerability report receipt and intake
- Developing and publishing a vulnerability disclosure policy
- Developing vulnerability disclosure handling procedures
- Developing a vulnerability disclosure capability development
- Reporting metrics
After completing this course, participants should be able to
- Describe agency requirements for developing and publishing a vulnerability disclosure �policy (VDP).
- Describe the minimum capacity needed to support your vulnerability disclosure handling process.
- Explain how vulnerability disclosure and handling is dependent on successful human interaction.
- Explain the importance of establishing trust and good relationships with reporters and stakeholders.
- List the key resources that can help your agency build your VDP and supporting processes.
- Meet the requirements to develop and publish a VDP and supporting handling process.
- Understand how and when to work with CISA for assistance and escalation.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Protect and Defend |
Vulnerability Management |
Vulnerability Manager |
|
| | + Course Modules/Units | | | | Develop and Publish a Vulnerability Disclosure Policy | | Module 2: Overview of CISA BOD 20-01 | | Module 3: Essentials of VDP | | Module 4: Developing A Vulnerability Disclosure Handling Capability | | Module 5: Reporting and Metrics | | Module 6: Challenges and Additional Considerations | | Module 7: Summary and Wrap-up |
|
|
|
12 Hours Emerging Cyber Security Threats | Skill Level: Intermediate | | | + Description | | | This course covers a broad range of cybersecurity elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. It will cover what the policies are, the roles it plays in cybersecurity, how they are implemented. The course will also look at cybersecurity laws, standards, and initiatives. Topics include policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.
Date: 2010
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analysis |
| Operate and Maintain |
Systems Administration |
Systems Administrator |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Introduction to Cybersecurity Policy | | Types of Security Policy | | Policy Education and Implementation | | Cybersecurity Laws | | Proposed Legislation | | NIST Cybersecurity Standards | | Other Cybersecurity Standards | | Comprehensive National Cybersecurity Initiatives (CNCI) | | Other Federal Cybersecurity Initiatives | | Implementing Cybersecurity Initiatives | | SPAM | | Malware Trends | | Botnets | | Monetization | | Cyber Attack Profiles | | Cyber Crime | | Cyberwarfare | | Cyber Attack Attribution | | Cyber Threat Mitigation | | Mobile Device Trends | | Mobile Device Threats | | Mobile Device Countermeasures | | Exploited Threats | | What is Cloud Computing? | | Technical Risks | | Operational Risks | | Risk Mitigation Strategies | | DISA Cloud Solutions | | RFID Introduction | | RFID Threats | | RFID Countermeasures | | Exploited Threats | | Introduction and MAC Address Monitoring | | MAC Address Spoofing | | Managing Traffic Flows | | VLANs and Security | | 802.1x Port Authentication | | Network Admission Control | | Securing STP | | Securing VLANs and VTP | | Introduction and Edge Security Traffic Design | | Blocking DoS and DDoS Traffic | | Specialized Access Control Lists | | Routers with Firewalls | | Beyond Firewalls: Inspecting Layer 4 and Above | | Securing Routing Protocols and Traffic Prioritization | | Securing Against Single Point of Failures | | Physical and Operating System Security | | Management Traffic Security | | Device Service Hardening | | Securing Management Services | | Device Access Hardening | | Device Access Privileges | | Name Resolution Introduction | | Name Resolution and Security | | DNS Cache | | DNS Security Standards and TSIG | | DNSSEC | | Migrating to DNSSEC | | Issues with Implementing DNSSEC 1 | | Issues with Implementing DNSSEC 2 | | IPv6 Concepts | | IPv6 Threats | | IPv6 Network Reconnaissance | | DEMO: IPv6 Network Reconnaissance | | IPv6 Network Recon Mitigation Strategies | | IPv6 Network Mapping | | DEMO: IPv6 Network Mapping | | IPv6 Network Mapping Mitigation Strategies | | IPv6 Neighbor Discovery | | DEMO: IPv6 Address Assignment | | IPv6 Attacks | | DEMO: IPv6 Alive Hosts | | DEMO: IPv6 Duplicate Address Detection (DAD) | | DEMO: IPv6 DAD Denial of Services (DOS) | | DEMO: IPv6 Fake Router Advertisement | | DEMO: IPv6 Man-in-the-middle | | IPv6 Attack Mitigation Strategies | | IPv6 Tunneling | | IPv6 Windows Teredo Tunneling | | IPv6 Tunneling Mitigation Strategies | | IPv6 Best Practices |
|
|
|
24 Hours Enterprise Cybersecurity Operations | Skill Level: Intermediate | | | + Description | | | This course highlights technical knowledge and skills required for implementing secure solutions in the enterprise. A broad spectrum of disciplines is covered to aid practitioners in applying frameworks and controls to improve the security posture while supporting the business mission.
Learning Objectives:
- Describe risk management's role in the enterprise and mitigation strategies for specific threats.
- Detail implementing network security strategies and controls for connected devices.
- Explain how cloud technologies are leveraged and can support a secure enterprise architecture.
- List sources and methods to help stay current with cybersecurity best practices and threat trends and analyzing potential impact to the enterprise.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Collect and Operate |
Cyber Operations Planning |
Cyber Ops Planner |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Securely Provision |
Risk Management |
Security Control Assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect |
|
| | + Course Modules/Units | | | | Configuration Strategies w/ Spec Compon | | Cryptographic Terms and Implementations | | Cryptographic Tools and Techniques Part 1 of 2 | | Cryptographic Tools and Techniques Part 2 of 2 | | Hybrid Encryption in SSL Demo | | Encryption Limitations and Key Length Part 1 of 2 | | Encryption Limitations and Key Length Part 2 of 2 | | DEMO: Volume and File Encryption | | Hash Functions and Algorithms | | Digital Signatures | | Digital Certificate Elements | | CAs and Public Key Infrastructure | | Origins For Cryptographic Standards | | Virtual Networking | | Intro to Virtualized Computing Part 1 of 2 | | Intro to Virtualized Computing Part 2 of 2 | | VLANs and Switching | | Storage Types and Considerations | | Enterprise Storage | | Enterprise Storage Connection Terms | | Enterprise Storage and RAID | | Securing iSCSI and FCoE and Managing Storage | | Network Security Concepts | | Network Zones and Remote Access | | NW Components Routers and Firewalls Part 1 of 2 | | NW Components Routers and Firewalls Part 2 of 2 | | NW Components Intrusion Detection Systems | | Networked-based IDS and IPS Deployment | | Securing Wireless Part 1 of 2 | | Securing Wireless Part 2 of 2 | | DMZ Components | | Web Services Concepts | | Web Servers and DNS | | Securing DNS Best Practices | | Proxy Servers and SMTP Relay | | NAT and PAT | | Infra Design : Firewalls and Proxies | | Infra Design : IDS and IPS | | Infra Design : Syslog and SIEMs | | Infra Design : Switch and Router Security | | Infra Design : VPNs and SNMP | | SCADA Environments | | Application Security : VTC and VoIP | | Application Security : Databases and Web Services | | Application Security : IPv6 | | Physical Security Concerns and Controls | | Host Security Controls Part 1 of 2 | | Host Security Controls Part 2 of 2 | | Web Application Security Design | | DEMO: Whitelisting and Blacklisting | | Specific Application Issues | | Client side vs Server side Processing | | Analyzing Business Risk | | Risk Management in New Business Models | | Risk Mitigation Strategies and Controls | | Security Impact of Inter Organizational Change | | Calculating Risk Exposure | | Incident Response Concepts | | Incident Response and Recovery Process | | Privacy Policy and Procedures Part 1 of 2 | | Privacy Policy and Procedures Part 2 of 2 | | Assessment Tools | | Assessment Methods | | Assessment Methodologies | | Cybersecurity Benchmarks | | Security Metrics | | Situational Awareness | | Analyzing Industry Trends Part 1 of 3 | | Analyzing Industry Trends Part 2 of 3 | | Analyzing Industry Trends Part 3 of 3 | | Applying Analysis to Improve Enterprise Security Part 1 of 4 | | Applying Analysis to Improve Enterprise Security Part 2 of 4 | | Applying Analysis to Improve Enterprise Security Part 3 of 4 | | Applying Analysis to Improve Enterprise Security Part 4 of 4 | | Integrating Enterprise Disciplines Part 1 of 2 | | Integrating Enterprise Disciplines Part 2 of 2 | | Security Controls for Communication and Collaboration | | Adv Authentication Tools and Techniques | | Software Development Models | | System Dev Life Cycle and CS | | IT Governance | | Cloud based Deploy Models | | Cloud Security | | Identity Management | | Securing Virtual Environments Part 1 of 3 | | Securing Virtual Environments Part 2 of 3 | | Securing Virtual Environments Part 3 of 3 | | Enterprise Storage Advantages and Security Measures | | Enterprise Network Authentication Part 1 of 2 | | Enterprise Network Authentication Part 2 of 2 | | Practice Exam |
|
|
|
10.5 Hours Foundations of Incident Management | Skill Level: Beginner | | | + Description | | | This course introduces basic concepts and functions of incident management. This includes where incident management activities fit in the information assurance or information security ecosystem and covers the key steps in the incident handling lifecycle with practices to enable a resilient incident management capability.
Learning Objectives:
- Explain the role of incident management.
- Distinguish between incident management and incident handling.
- Outline the incident handling lifecycle.
- Identify key preparations to be established to facilitate incident handling.
- Distinguish between triage and analysis.
- Identify the basic steps in response.
Date: 2015
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| | + Course Modules/Units | | | | Foundations of Incident Management Course Intro | | Framing The Need For Incident Management | | Incident Management Terms and Processes | | Institutionalizing Incident Management Capabilities | | Stakeholders in Incident Management | | CERT and Other’s Perspective on Threats and Trends | | Incident Management Terminology | | Incident Management Attack Classes and Actors | | Incident Management Malware and DoS Examples | | Incident Management Prevention, Detection, and Response | | Incident Handling Lifecycle - Prepare | | Incident Handling Information | | Analyzing Attack Information | | Incident Management Monitoring Tools | | Incident Management Detection Process | | Process to Support Incident Detection and Reporting | | What is Situational Awareness? | | Non Technical Elements of Situational Awareness | | Technical Elements of Situational Awareness | | Using Sensors for Requirements Gathering | | Incident Handling Lifecycle: Analysis | | Incident Handling Lifecycle: Triage | | Questions Addressed in Triage | | Objectives of Incident Analysis | | Tasks of Incident Analysis Part 1 of 2 | | Tasks of Incident Analysis Part 2 of 2 | | Data Sources for Analysis | | Examples of Data Sources for Analysis | | Incident Analysis Exercise Scenario | | Preparing For Impact Analysis | | Conducting Impact Analysis | | Response and Recovery Part 1 of 2 | | Response and Recovery Part 2 of 2 | | Mission of the Response Process | | Coordinating Response Part 1 of 2 | | Coordinating Response Part 2 of 2 | | Sample Attack Mitigations | | Benefits and Motivations of Information Sharing | | Methods of Information Sharing | | Data Models for Information Sharing | | STIX/TAXII Protocol | | Foundations of Incident Handling Course Summary | | Foundations of Incident Management Course Exam |
|
|
|
6 Hours Insider Threat Analysis | Skill Level: Advanced | | | + Description | | | This course focuses on helping insider threat analysts understand the nature and structure of data that can be used to prevent, detect, and respond to insider threats. This course focuses on how to work with data from multiple sources to develop indicators of potential insider activity, as well as strategies for developing and implementing an insider threat analysis and response. This course explains the workflow that incorporates expertise and capabilities from across an organization.
Learning Objectives:
- Work with raw data to identify concerning behaviors and activity of potential insiders.
- Identify the technical requirements for accessing data for insider threat analysis.
- Develop insider threat indicators that fuse data from multiple sources.
- Apply advanced analytics for identifying insider anomalies.
- Measure the effectiveness of insider threat indicators and anomaly detection methods.
- Navigate the insider threat tool landscape.
- Describe the policies, practices, and procedures needed for an insider threat analysis process.
- Outline the roles and responsibilities of insider threat analysts in an insider threat incident response process.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Protect and Defend |
Vulnerability and Assessment Management |
Vulnerability Assessment Analyst |
|
| | + Course Modules/Units | | | | Insider Threat Analysis Introduction | | Insider Threat Hub Overview | | Hub Roles and Responsibilities Part 1 of 2 | | Hub Roles and Responsibilities Part 2 of 2 | | Hub Management and Operations | | Non-Technical Data Sources Part 1 of 2 | | Non-Technical Data Sources Part 2 of 2 | | Technical Data Sources | | A Closer Look at Logs | | Data Source Prioritization | | Indicator Development | | Example Analytics | | Sequence and Model Development | | Insider Threat Anomaly Detection Part 1 of 2 | | Insider Threat Anomaly Detection Part 2 of 2 | | Data Correlation and Entity Resolution Part 1 of 2 | | Data Correlation and Entity Resolution Part 2 of 2 | | Insider Threat Tools | | Insider Threat Mitigation Tools | | Meas. Insider Threat Control Efficacy Part 1 of 2 | | Meas. Insider Threat Control Efficacy Part 2 of 2 | | Incident Threat Analysis Process | | Analyst Workflow | | Conducting Analysis | | Cognitive Bias | | Incident Response | | Where Incident Response Fits | | Incident Response Options | | InTP Incident Response Plans | | Insider Threat Ansys Wrap-Up |
|
|
|
7 Hours Insider Threat Program Manager: Implementation and Operations | Skill Level: Intermediate | | | + Description | | | This course presents a process roadmap that can be followed to build the various parts of a robust Insider Threat Program. It discusses various techniques and methods to develop, implement, and operate program components. The content covered supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance.
Learning Objectives:
- Identify critical assets and protection schemes.
- Coordinate a cross-organizational team to help develop and implement the Insider Threat Program.
- Develop a framework for the Insider Threat Program.
- Identify methods to gain management support and sponsorship.
- Plan the implementation for their Insider Threat Program.
- Identify organizational policies and processes that require enhancement to accommodate insider threat components.
- Identify data sources and priorities for data collection.
- Identify infrastructure changes and enhancements necessary for implementing and supporting an Insider Threat Program.
- Outline operational considerations and requirements needed to implement the program.
- Build policies and processes to help hire the right staff and develop an organizational culture of security.
- Improve organizational security awareness training.
- Identify training competencies for insider threat team staff.
Date: 2020
Training Purpose: Management Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
|
| | + Course Modules/Units | | | | Insider Threat Program Manager Intro | | Principles of Insider Risk Management | | Activities of an Enterprise Risk Mgmt Process | | Controls and Safeguards of Insider Risk Management | | Mitigation Strategies for Insider Risk Management | | Concepts of Initial Planning for an InTP | | Stakeholder Planning and Engagement | | Identify Your Starting Point | | Insider Threat Program Governance | | Roles and Responsibilities in InTP Governance | | Insider Threat Program Governance Challenges | | Building the Insider Threat Program Plan | | Developing a Phased Implementation | | Implementation Options for Insider Threat Program | | Building Your Program with Compliance in Mind | | InTP Placement in Organization | | Naming the InTP | | Developing an InTP in a Classified Environment | | Building the InTP Team | | InTP Team Size | | Key Roles Within the InTP Team | | Insider Threat Hub Operations | | Insider Threat Hub Staffing | | Data Sources Part 1 of 2 | | Data Sources Part 2 of 2 | | Selecting Data Sources | | Using Data Sources | | Protecting Data Sources | | Tools for InTP Teams | | Hub Building Considerations | | Managing Insider Investigations and Incidents | | Considerations: Investigations and Incidents | | Insider Threat Incidents | | Insider Threat Training and Awareness | | General Employee Training and Awareness | | InTP Team and Working Group Training | | Customized Role-Based Training | | Classified Systems and Data Training | | Management and Supervisor Training | | Problems and Considerations | | Measuring Insider Threat Program Effectiveness | | Different Metrics for Different Audiences | | Return on Investment (ROI) | | Making Measurements: Assessments and Evaluations | | Unintended Consequences of InTPs | | Potential Negative Impacts from InTP Activities | | Achieving Balance Using Positive Incentives | | Creating the Proper Culture: Policy and Practice | | InTP Maintenance Part 1 of 3 | | InTP Maintenance Part 2 of 3 | | InTP Maintenance Part 3 of 3 | | Insider Threat Program Manager Wrap-Up |
|
|
|
1.5 Hours Introduction to Computer Forensics | Skill Level: Beginner | | | + Description | | | This course introduces the tasks, processes, and technologies to identify, collect and preserve, and analyze data so that it can be used in a judiciary setting. This course begins with obtaining and imaging data and then describes each step in following the forensic process.
Learning Objectives:
- Explain the importance and the processes necessary to handle data to ensure its admissibility in a court of law.
- List steps in the computer forensics process and goals for each step.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
|
| | + Course Modules/Units | | | | Computer Forensics - Introduction | | Computer Forensics - The Process | | Computer Forensics - Following the Process – On-Site | | Computer Forensics - Following the Process – On-Site - Encryption | | Computer Forensics - Following the Process – On-Site - Memory | | Computer Forensics - Following the Process – On-Site - Verification | | Computer Forensics - Following the Process – Analysis | | Computer Forensics - Following the Process – Report Findings | | Computer Forensics - Following the Process – Data Preservation | | Computer Forensics - Laws | | Computer Forensics - Summary | | Computer Forensics - Questions |
|
|
|
2 Hours Introduction to Cyber Intelligence | Skill Level: Beginner | | | + Description | | | This course focuses on what cyber intelligence is and how to acquire, process, analyze, and disseminate information that identifies, tracks, and predicts threats, risks, and opportunities inside the cyber domain to offer courses of action that enhance decision making. The course explains the current threat landscape and the importance of cyber intelligence, describes how cyber intelligence differs from cyber security and cyber threat intelligence, and explores intelligence tradecraft fundamentals. The content covers analytical techniques, estimative writing, and briefing within a cyber intelligence construct.
Learning Objectives:
- Discuss the threat and data landscape.
- Apply traditional intelligence tradecraft to the Cyber Domain.
- Define and describe a Cyber Intelligence Framework involving Human-Machine Teaming.
- Describe structured analytical techniques and biases.
- Communicate analytic findings effectively and recommend courses of action to practitioners and decision makers.
Date: 2020
Training Purpose: Functional Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Investigate |
Cyber Investigation |
Cyber Crime Investigator |
|
| | + Course Modules/Units | | | | What is Cyber Intelligence? | | Cyber Intelligence - Why Should You Care? | | Cyber Intelligence - Skills, Traits, Competencies | | Cyber Intelligence - Conceptual Framework | | Environmental Context | | Data Gathering | | Threat Analysis | | Strategic Analysis | | Reporting and Feedback | | Human and Machine Teaming | | The Art and Science of Cyber Intelligence | | Cognitive Biases | | Logical Fallacies | | Analytical Acumen - The Science | | Analytic Methodologies - Diagnostic Technique | | DC Sniper: Beltway Attacks | | Analytical Methodologies - Contrarian Technique | | Analytical Methodologies - Imaginative Technique | | Analytical Methodologies - Network Analysis | | Analytical Methodologies - ACH | | Analytical Methodology – Systems Dynamics Modeling | | Intelligence Writing - Why It Matters | | Estimative Language | | Briefing Tips | | Intro to Cyber Intelligence Quiz |
|
|
|
8.5 Hours Managing Computer Security Incident Response Teams (CSIRTs) | Skill Level: Intermediate | | | + Description | | | This course focuses on the type and nature of work the CSIRTs may be expected to handle. It provides an overview of the incident response field, including the nature of incident response activities and an overview of the incident handling processes. The course focuses on foundation material, staffing issues, incident management processes, and other issues such as working with law enforcement, insider threat, and publishing information.
Learning Objectives:
- Provide an overview of the incident response arena, the nature of incident response activities, and incident handling processes.
- Guide learners to understand technical issues from a management perspective, problems and pitfalls to avoid, and best practices where applicable.
- Emphasize the importance of CSIRT management predefined policies and procedures.
- Discuss what is needed to operate an effective CSIRT.
Date: 2020
Training Purpose: Management Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
|
| | + Course Modules/Units | | | | Managing CSIRTS Introduction | | CSIRT Management Issues | | CSIRT Environment Introduction Part 1 of 2 | | CSIRT Environment Introduction Part 2 of 2 | | Formalization of Incident Management | | The Incident Handling Process | | CSIRT Environment Terms | | The Incident Handling Roles and Responsibilities | | CSIRT Environment Summary | | CSIRT Environment Resources and Summary | | CSIRT Staffing | | How to Grow & Retain Staff | | CSIRT Code of Conduct Part 1 of 2 | | CSIRT Code of Conduct Part 2 of 2 | | Media Issues Part 1 of 2 | | Media Issues Part 2 of 2 | | Managing the CSIRT Infrastructure Components | | Data Security | | Physical Security | | Equipment for CSIRT Staff | | Network and Systems for CSIRT Staff | | CSIRT Tools | | Incident Management Processes Introduction | | IM Processes: Prepare, Sustain, and Improve | | IM Processes: Protect Infrastructure | | IM Processes: Detect | | Situational Awareness | | Network and System Monitoring | | Critical Information | | IM Process: Triage | | Triage Activities | | IM Process: Response | | Response Actions | | Response Process Issues | | Handling Major Events Part 1 of 2 | | Handling Major Events Part 2 of 2 | | Building a Crisis Communication Plan | | Publishing Information | | Publishing Document Types | | Information Sharing | | Publishing Information Summary | | General Guidance for Measuring and Evaluating | | Types of Evaluations | | Building a Quality Assurance Framework | | Issues to Consider in Your Framework | | Resources for Building an Assurance Framework | | What Is Insider Threat? | | Types of Insider Threat Activities | | Malicious Insider Activity Examples | | How Bad Is Insider Threat? | | CERT Insider Threat Research | | Insider Threat Mitigation | | Mitigation Security Controls and Practices | | Insider Threat Summary | | Working with Law Enforcement Part 1 of 2 | | Working with Law Enforcement Part 2 of 2 | | Managing CSIRTs Wrap-Up | | Video [CSIRTs Resource Overview] (required) |
|
|
|
4 Hours Overview of Creating and Managing Computer Security Incident Response Teams (CSIRTs) | Skill Level: Beginner | | | + Description | | | This course focuses on what is needed to create and operate a Computer Security Incident Response Team (CSIRT). The intended audience is individuals tasked with creating a CSIRT and those who may be new to CSIRT issues and processes. Objectives within the course include the benefits and limitations of a CSIRT, CSIRT requirements, services, common policies and procedures, and operational best practices. Previous incident handling experience is not required to partake in this course.
Learning Objectives:
- Identify managerial, organizational, procedural, and operational issues regarding the CSIRT role and function.
- Describe the issues involved with creating and operating a CSIRT.
- Discuss specific topics regarding CSIRT benefits and limitations, requirements and framework, services, policies and procedures, and operational best practices.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications Security Manager |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| | + Course Modules/Units | | | | Creating and Managing CSIRTS Introduction | | Defining the Problem | | Defining Incident Management | | Effective Incident Management Processes | | Defining Terms Used Throughout the Course | | Institutionalizing IM Capabilities | | Incident Handling Terms Used Throughout the Course | | Defining CSIRTs | | Creating an Effective CSIRT | | Building a CSIRT: Action Plan Part 1 of 2 | | Building a CSIRT: Action Plan Part 2 of 2 | | Building a CSIRT: Where to Begin | | Lessons Learned and Team Maturity | | CSIRT Components | | CSIRT Organizational Models Part 1 of 2 | | CSIRT Organizational Models Part 2 of 2 | | CSIRT Policies and Procedures | | CSIRT Staffing and Hiring | | CSIRT Facilities and Infrastructure | | Incident Management Processes Overview | | IM Process: Prepare, Sustain, and Improve | | IM Process: Protect Infrastructure | | IM Process: Detect Events | | IM Process: Triage Events | | IM Process: Triage Best Practices | | IM Process: Respond | | IM Process: Respond Issues | | IM Process: Best Practices | | Creating and Managing CSIRTs Summary | | Creating and Managing CSIRTs Resources |
|
|
|
1 Hour Root Cause Analysis | Skill Level: Beginner | | | + Description | | | This course explains the root cause analysis for cybersecurity incidents and provides an overview of two different root cause analysis models (and approaches used in these models). This course also describes how root cause analysis can benefit other incident management processes (response, prevention, and detection), and details general root cause analysis techniques that can be adopted as methods for analysis of cyber incidents.
Learning Objectives:
- Explain the benefits and challenges of reverse engineering.
- Perform basic tasks with reverse engineering tools.
- Understand basics of Intel x86 assembly code.
- Describe the Microsoft Windows executable file format and understand the basics of the Windows API.
- Extract actionable information from ta malicious binary file that can be used in analysis reports.
Date: 2016
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Threat Analysis |
Threat/Warning Analyst |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| | + Course Modules/Units | | | | Root Cause Analysis Fundamentals | | Root Cause Analysis Methods | | Cyber Kill Chain Model for Root Cause Analysis | | Sample Incident Cause Analysis Workflow | | Root Cause Analysis Course Exam |
|
|
|
0.5 Hours Ransomware Overview | Skill Level: Beginner | | | + Description | | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This training course focuses on basic Ransomware concepts and methodology. This course will explain what ransomware is, preventative measures that can be used to prevent a ransomware attack, and ransomware incident response and recovery.
Learning Objectives:
- Present an overview of ransomware attacks
- Identify preventative measures to block ransomware attacks
- Discuss incident response best practices for ransomware attacks
- Detail ways to implement recovery measure after a ransomware attack
- Learn to strategically plan the development and implementation of your CSIRT.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
Mission Assessment Specialist |
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Analyze |
Threat Analysis |
Threat/ warning analyst |
| Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
| Protect and Defend |
Incident Response |
Cyber defense incident responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
0.5 Hours Securing Systems: How to Block Malicious IPs | Skill Level: Beginner | | | + Description | | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This interactive training module provides mitigation strategies and techniques as it relates to firewall rules. This module will explain what firewalls are, present the importance of implementing firewall rules and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Block Malicious IPs Demo provides a walkthrough of the tasks you'll need to complete, the Block Malicious IPs Try allows you the opportunity to test out the tasks presented in the Block Malicious IPs Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Identify the purpose of firewalls
- Present the importance of implementing firewall rules
- Identify specific firewall rules to apply
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
Mission Assessment Specialist |
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Analyze |
Threat Analysis |
Threat/ warning analyst |
| Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
| Protect and Defend |
Incident Response |
Cyber defense incident responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
0.25 Hours Securing Systems: How to Sinkhole a Malicious Domain | Skill Level: Beginner | | | + Description | | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This interactive training module focuses on sinkholing as a mitigation technique. This module will explain what Domain Name Service (DNS) sinkholes are, present the importance of implementing sinkholes, and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Sinkhole Demo provides a walkthrough of the tasks you'll need to complete, the Sinkhole Try allows you the opportunity to test out the tasks presented in the Sinkhole Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Present the definition of a DNS Sinkhole
- Identify key terms related to the Sinkholing process
- Explain the importance of implementing a DNS Sinkhole
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
Mission Assessment Specialist |
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Analyze |
Threat Analysis |
Threat/ warning analyst |
| Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
| Protect and Defend |
Incident Response |
Cyber defense incident responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
0.25 Hours How to Disable SMBv1 | Skill Level: Beginner | | | + Description | | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This interactive training module provides information on how to disable SMBv1 using the group policy mitigation technique. This module will explain Server Message Block (SMB), provide an overview of the versions of SMB, present the importance of blocking SMBv1, and provide an opportunity for you to practice applying group policies that disable SMBv1 in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The SMBv1 Demo provides a walkthrough of the tasks you'll need to complete, the SMBv1 Try allows you the opportunity to test out the tasks presented in the SMBv1 Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Define Server Message Block
- Identify the three versions of SMB
- Present the importance of disabling SMBv1
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
Mission Assessment Specialist |
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Analyze |
Threat Analysis |
Threat/ warning analyst |
| Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
| Protect and Defend |
Incident Response |
Cyber defense incident responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
0.5 Hours Securing Systems: How to Create Application Allowlisting Policies | Skill Level: Beginner | | | + Description | | | Application Allowlisting is a controlled list of applications and components such as libraries, configuration files, etc. that are authorized to be present or active on a host according to a well-defined baseline. It is a highly effective security strategy that acts as a preventative file execution policy to allow only certain programs to run and prevents others from executing. Every organization must verify and trust each and every application they allow on their network. They do this by adapting allowlisting to help block the execution of malware, unlicensed software, and other unauthorized software.
This interactive training module focuses on basic Application Allowlisting concepts and methodologies. This module will explain what Application Allowlisting is, present the importance of implementing Application Allowlisting, and provide an opportunity for you to practice applying specific Application Allowlisting rules in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Application Allowlisting Demo provides a walkthrough of the tasks you'll need to complete, the Application Allowlisting Try allows you the opportunity to test out the tasks presented in the Application Allowlisting Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Create Windows Defender Application Control (WDAC) allowlisting policies with PowerShell
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
Mission Assessment Specialist |
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Analyze |
Threat Analysis |
Threat/ warning analyst |
| Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
| Protect and Defend |
Incident Response |
Cyber defense incident responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| | + Course Modules/Units | | | | Application Allowlisting - Video | | Application Allowlisting - Demo | | Application Allowlisting- Try |
|
|
|
0.5 Hours How to Backup and Restore Active Directories | Skill Level: Beginner | | | + Description | | | Active Directory (AD) is one of the most vital components in a Windows network. Cybercriminals today are targeting AD, performing reconnaissance to discover users, servers, and computers in an enterprise network, and then moving laterally to carry out multi-stage attacks to gain access and abuse organization resources and data. An AD backup and restoration disaster recovery strategy is vital for operation continuity. Backing up AD regularly is important, sometimes the backup is the only way for an organization to recover its data after a cyberattack.
This interactive training module focuses on basic AD concepts and methodologies. This module will explain how to identify the Primary Domain Controller (PDC) of the domain, explain how to make changes to AD without backing up again, and provide an opportunity for you to practice confirming the changes made after the backup are replaced with the information in the backup file.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The AD Backup Restore Demo provides a walkthrough of the tasks you'll need to complete, the AD Backup Restore Try allows you the opportunity to test out the tasks presented in the AD Backup Restore Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Backup Active Directory on a Domain Controller
- Restore Active Directory on a Domain Controller
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
Mission Assessment Specialist |
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Analyze |
Threat Analysis |
Threat/ warning analyst |
| Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
| Protect and Defend |
Incident Response |
Cyber defense incident responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
0.25 Hours How to Reset a KRBTGT Account Password | Skill Level: Beginner | | | + Description | | | Kerberos Ticket Granting Ticket (KRBTGT) is a local default account used for Microsoft’s implementation of Kerberos, the default Microsoft Windows authentication protocol for granting access to network applications and services. KRBTGT acts as a service account for the Key Distribution Center (KDC) service. KRBTGT account in Active Directory (AD) plays a key role that encrypts and signs all Kerberos tickets for the domain.
This interactive training module focuses on basic KRBTGT concepts and methodology. This module will explain how to reset the KRBTGT account password using the Active Directory Users and Computers app in the Administrative tools in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Reset KRBTGT Account Password Demo provides a walkthrough of the tasks you'll need to complete, the Reset KRBTGT Try allows you the opportunity to test out the tasks presented in the Reset KRBTGT Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Reset the KRBTGT Account password
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
Mission Assessment Specialist |
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Analyze |
Threat Analysis |
Threat/ warning analyst |
| Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operations Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
| Protect and Defend |
Incident Response |
Cyber defense incident responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| | + Course Modules/Units | | | | Reset KRBTGT Account Password - Video | | Reset KRBTGT Account Password - Demo | | Reset KRBTGT Account Password - Try |
|
|
|
5 Hours Advanced Computer Forensics | Skill Level: Advanced | | | + Description | | | This course focuses on building skills to improve the ability to piece together the various components of the digital investigation. The course begins with acquisition planning and preparation, progresses through the investigative process, and concludes with analysis techniques and methods for more manageable investigations.
Learning Objectives:
- Develop an investigative process for the digital forensic investigation.
- Explain methods of focusing investigations through analysis of multiple evidence sources.
- Effectively prepare for incident response of both victim and suspect systems.
- Identify sources of evidentiary value in various evidence sources including network logs, network traffic, volatile data and through disk forensics.
- Identify common areas of malicious software activity and characteristics of various types of malicious software files.
- Confidently perform live response in intrusion investigation scenarios.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
Exploitation Analysis |
Exploitation Analyst |
| Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
|
| | + Course Modules/Units | | | | Course Objectives | | Introduction to Acquisition Preparation | | The Preparation Phase | | Known Executables | | Collection Strategies | | Once an Incident Has Occurred | | Making Adjustments | | Response | | Acquisition Summary | | Incident Information Gathering | | Live Acquisitions | | Acquisition Considerations and Risks | | Acquisition Preparation and Identification | | Using Live Disks, Bootable USBs, and Evidence Storage | | Volatile Data Collection | | Memory Collection | | Memory Collection Tools | | WinDD | | Hard Drive Collection | | Disk Encryption | | Network Log Analysis | | Log Analysis Tools and Wireshark | | Fundamentals of Memory Analysis | | Why Should You Care About Memory | | Volatile System Information | | Virtual Memory | | Memory Acquisition Considerations and Tools | | Benefits and Limitations of Memory Analysis | | Mandiant Redline | | Volatility | | Using Volatility | | Using Strings | | Demo of Volatility 1_Using Volatility | | Memory Analysis Flow and Techniques | | Demo of Volatility 2_Comparing Memory and Volatile System Information | | Advanced Memory Analysis | | Understanding Attacks and Incidents | | Anatomy of an Attack of Infection | | Benefits of Malware Analysis | | Using Antivirus | | Introduction to Windows Artifacts | | Prefetch Files | | User Assist Entries | | Recent, Link, and Shortcut Files | | Most Recently Used Files | | Shell Bags Entries | | Page, Hibernation, and Autorun Files | | Persistence | | Hash Analysis | | Registry Decoder | | Timeline Analysis | | Forensic Analysis of Timelines | | Victim System Analysis | | User Level Vs Kernel Level Rootkits | | Correlating Incident Response with Forensics | | Advanced Analysis Topics 1 | | Malware Versus Tools | | Advanced Analysis Topics 2 | | Identifying a Suspect | | Scanning and Fingerprinting the Suspect |
|
|
|
1 Hour Understanding DNS Attacks | Skill Level: Beginner | | | + Description | | | The Domain Name System, commonly known as DNS, is often referred to as the "phone book" of the Internet. Every time we access the Internet to visit our favorite websites, shop and pay bills online, or access online portals for healthcare or banking, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly powerful and useful, it also presents a rich attack surface for threat actors: allowing them to shut down websites and online services, replace legitimate website content with threats and extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal any information entered by users intending to conduct business as usual. "Understanding DNS Attacks" provides key information you need to know to protect yourself and your organization from DNS infrastructure tampering including common vulnerabilities, how to identify a potential attack, and guidance and best practices to mitigate the likelihood and impact of a successful DNS attack.
This webinar is accessible to non-technical learners including managers and business leaders, and offers an organizational perspective useful to technical specialists.
Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from DNS infrastructure attacks through awareness of common attack schemes, best practices, CISA guidance, and resources.
- Define DNS Tampering and explain common attack methods
- Identify signs of a DNS attack
- Learn mitigation steps for DNS attacks
- Understand the process to recover from a DNS attack
- Explore impacts of DNS attacks through case studies
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
Mission Assessment Specialist |
| Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
| Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
| Operate and Maintain |
Data Administration |
Data analyst, database administrator |
| Operate and Maintain |
Knowledge Management |
Knowledge Manager |
| Operate and Maintain |
Network Services |
Network Operation Specialist |
| Operate and Maintain |
Systems Administration |
System Administrator |
| Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
| Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
| Oversee and Govern |
Strategic Planning and Policy |
Cyber policy and strategy planner; cyber workforce developer and manager |
| Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
| Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
| Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
| Securely Provision |
Risk Management |
Authorizing official; security control assessor |
| Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
| Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
| Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
1 Hour Advanced PCAP Analysis and Signature Development (APA) | Skill Level: Intermediate | | | + Description | | | This course will introduce rules and go over example syntax, protocols, and expressions. It contains several supporting video demonstrations as well as lab exercises writing and testing basic rules.
Learning Objectives:
- Identify poorly written signatures and revise them.
- Write regular expressions.
- Create signatures.
- Identify information in PCAP data to use for creating alerts.
Date: 2011
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
| Category | Specialty Area | Work Roles |
|---|
| Analyze |
All-Source Analysis |
All-Source Analyst |
| Collect and Operate |
Cyber Operations |
Cyber Operator |
| Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
| Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
|
| | + Course Modules/Units | | | | Advanced Pcap Analysis And Signature Development | | Packet Protocol Dns | | Introduction To Rules | | Examples Of Sourcefire Rules | | Sourcefire Rule Syntax - Protocols | | Sourcefire Rule Syntax - Message And Matching | | Lab Exercise Writing And Testing Basic Rules | | Lab Exercise Writing And Testing Basic Rules Video | | Lab Exercise Writing And Testing Basic Rules Continued | | Lab Exercise Continued | | Regular Expressions | | Editing A Poor Rule | | How To Write An Ipv4 Regular Expression | | Lab Exercise Writing Regular Expression | | Lab Exercise Writing Regular Expression Continued | | Malware Analysis Reports (Mar) | | Demonstration of Mar 131751 Report | | Demonstration Of Mar Report Continued | | Lab Exercise Writing Rules From Malware Analysis Reports | | Lab Exercise Writing Rules From Malware Analysis Reports Continued |
|
|
|
