101 Courses - Basic level courses
NICE Cybersecurity Workforce Framework Category - Analyze
NICE Cybersecurity Workforce Framework Category - Collect and Operate
NICE Cybersecurity Workforce Framework Category - Investigate
NICE Cybersecurity Workforce Framework Category - Operate and Maintain
NICE Cybersecurity Workforce Framework Category - Oversee and Govern
NICE Cybersecurity Workforce Framework Category - Protect and Defend
NICE Cybersecurity Workforce Framework Category - Securely Provision

The NICE Cybersecurity Workforce Framework can be found at: https://niccs.us-cert.gov/workforce-development/cyber-security-workforce-framework

FedVTE Course Catalog
Limit to NICE Cybersecurity Workforce Framework Category or subject:
101 Courses - Basic level courses Analyze Collect and Operate
Investigate Operate and Maintain Oversee and Govern
Protect and Defend Securely Provision
Show All Courses in All Categories

Expand/Collapse All
CDM Module 1 : Overview 2 HoursSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course provides a high level overview of the CDM program. Topics covered include basic CDM concepts, how CDM relates to NIST 800-53 and other NIST SPs, CDM Concept of Operations, the CDM Environment, and CDM’s Phases and Capabilities.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is the CDM program?
What problem does CDM address?
How does the CDM program support Departments and Agencies
Why does CDM focus on Automation?
What is the CDM "Desired State" Specification?
What is the Actual State?
What is a Defect Check?
What is an Assessment Object?
What is a Defect instance?
What is an Object Container?
What is a CDM Security Capability?
How Do 800-53 Controls Map to CDM Security Capabilities?
How do I use the CDM Security Capabilities to Improve Security?
How does CDM relate to NISTs 800-53 Catalogue of Controls?
How does CDM relate to NISTs 800-53 Suggested Control Assessment Methods?
How does CDM relate to NISTs guidance on ISCM (800-137)?
How does CDM relate to NIST guidance on Risk Management 800-30 and 800-39?
How does CDM relate to NISTs RMF?
How does CDM operate in a department or agency?
What is the CDM Concept of Operations?
Where does the "Desired State" Specification come from?
What does the actual state concept in CDM mean for our department or agency?
Where does the Actual State Data come from?
How does CDM discover defects?
How does Scoring work with CDM and how am I affected?
How does CDM know who is responsible for fixing defects?
Will the CDM "System(s)" be A&Aed?
How will CDM sensors affect my Network(s)? Performance? Security?
What are CDM shared services?
Why is CDM divided into phases?
How do the security capabilities fit into phases?
What are the Phase 1 capabilities?
What are the Phase 2 capabilities?
What are the Phase 3 capabilities?
What does the CDM D/A Dashboard provide?
How Does the CDM D/A Dashboard Work with Other D/A Dashboards?
How Do I Get the Information My D/A Needs from the CDM D/A Dashboard?
CDM Module 2: Hardware Asset Management 1 HourSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by defining Hardware Asset Management (HWAM) and why it is critical to the implementation of a robust cybersecurity program. The training highlights the criteria for monitoring and managing hardware assets using CDM. It then transitions into HWAM implementation criteria and discusses the generic CDM concept of operations specific to HWAM. Topics covered include Actual State, Desired State, and Defects.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is Hardware Asset Management (HWAM)?
What Are the Purpose and Results?
What Types of Attacks Does HWAM Thwart for Our Organization?
What Objects Does HWAM Assess?
How Does the HWAM Concept of Operations (CONOPS) work?
How Does HWAM Relate to Other Phase 1 Capabilities?
What HWAM Roles and Responsibilities Will My Organization Implement?
How Does an Organization Use the HWAM Capability?
What Techniques Are Used to Search for HWAM Devices?
What Types of Data Does the HWAM Actual State Collect?
What Types of Data Are Used to Identify Network Addressable Devices?
How Do Agencies Get Desired State Specification Data for the HWAM Capability?
What Types of Data Does the HWAM Desired State Specification Collect?
Can Agencies Specify How to Group Results?
What Are the HWAM Defect Checks?
Which HWAM Defect Checks Are at the Federal Level?
Which HWAM Defect Checks Are at the Local Level?
CDM Module 3: Software Asset Management 1.5 HoursSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by defining SWAM and why it is critical to the implementation of a robust cyber-security program. It covers new roles and responsibilities which the department or agency (D/A) must implement. It then transitions into SWAM implementation criteria, and discusses the generic CDM concept of operations specific to SWAM Actual State, Desired State, and Defects. It includes high level discussions of software lists (white, gray, black) and how software can be identified and tracked in CDM through the use of Common Platform Enumeration (CPE) and Software Identification (SWID) tags by Software package down to executables.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What is the Software Asset Management (SWAM) Capability?
What Purpose Does SWAM Serve?
What Types of Results Will SWAM Accomplish?
What Types of Attacks Does SWAM Thwart?
What Objects Does SWAM Assess?
How Does the SWAM Concept of Operations (CONOPS) Work?
How Does SWAM Relate to Other Phase 1 Capabilities?
How Does SWAM Block Many Zero Day and APT Attacks?
What Techniques Are Used to Search for SWAM Devices?
How Does CDM Identify Software Products and Executables?
How Does CDM Use Digital Fingerprints?
What Is a Whitelist?
How Do I Use a Software Whitelist?
What Is a Graylist?
How Do I Use a Software Graylist?
What Is a Blacklist?
How Do I Use a Software Blacklist?
What Does Locational Whitelisting Mean to Me?
What Is a Trust Library and How Does SWAM Use It?
How Is Desired State Specification Determined for Mobile Code in CDM?
How Does SWAM Use Hashes?
How Does SWAM Use Common Platform Enumeration (CPE)?
How Does SWAM Use Software IDs (SWIDs)?
What Are the SWAM Defect Checks?
Which SWAM Defect Checks Are at the Federal Level?
Which SWAM Defect Checks Are at the Local Level?
What Mitigation Options Might My Department or Agency Use with SWAM?
CDM Module 4: Configuration Settings Management .5 HoursSkill Level: Basic  
+ Description
 This course is designed for managers, staff and other stakeholders who may be involved in implementation and/or decision making regarding Continuous Diagnostics and Mitigation (CDM). The course aims to help the student better understand how CDM can help a department or agency (D/A) better manage risk and protect mission critical assets and to more effectively evaluate their cybersecurity posture.

The course begins by outlining the Cyber Security Manager position (CSM) and highlighting the types of attacks CSM can help prevent. It then transitions into CSM methods and criteria, where it reviews Actual State, Desired State, and Defect Checks specific to the capability area. It explains how CSM builds upon the other capabilities and how defect checks differ at the local and federal levels.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What Is the Configuration Settings Management Security Capability?
What Types of Results Will CSM Accomplish?
How Does CSM Thwart Attacks?
What Objects Does the CSM Security Capability Assess?
How Does CSM Work?
How Does HWAM and SWAM Support CSM?
What Methods Will CSM Use to Determine Actual State Information?
What Elements Does the Organization Require to Define the Actual State?
How Does CSM Define the Desired State?
What Methods Will CSM Use to Determine Desired State?
What Is a Common Configuration Enumeration (CCE)?
What Is a CSM Defect Check?
Which CSM Defect Checks Are at the Federal Level?
Which CSM Defect Checks Are at the Local Level?
CDM Module 5: Vulnerability Management .5 HoursSkill Level: Basic  
+ Description
 The course aims to help the student better understand how vulnerability management (VULN) identifies the existence of vulnerable software products in the boundary to allow an organization to mitigate and thwart common attacks that exploit those vulnerabilities.

The course begins by defining VULN, how it applies to the target environment, and how a fully implemented VULN capability impacts a Department or Agency. It then transitions into VULN criteria and methods, where it reviews Actual State, Desired State, and Defect Checks specific to the capability area. It explains how VULN builds upon the other capabilities areas, the types of defects, and how those defect checks differ at the local and federal levels.

Training Purpose: Securely Provision, Oversee and Govern, Protect and Defend

Specialty Areas: Risk Management, Cybersecurity Management, Vulnerability Assessment and Management, Cyber Defense Analysis

Proficiency: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
What Is the Vulnerability Management (VULN) Capability?
What Is a CVE (Common Vulnerabilities and Exposures)?
What Is a CWE (Common Weakness Enumeration)?
What Types of Results Will VULN Accomplish?
How Can VULN Thwart Attacks?
What Types of VULN Objects Are Assessed?
How Does the VULN Capability Work?
How Does VULN Relate to SWAM?
How Will My Organization Use the VULN Capability?
What Methods Will VULN Use to Determine Actual State?
What Is the CDM Actual State?
How Does VULN Define the Desired State?
What Methods Will VULN Use to Determine Desired State?
What Is the National Vulnerability Database (NVD)?
What Are the VULN Defect Checks?
Which VULN Defect Checks Are at the Federal Level?
Which VULN Defect Checks Are at the Local Level?
Cyber Risk Management for Technicians 11 HoursSkill Level: Basic 
+ Description
 This course presents the concept of managing cyber risk from a technical perspective. An overview of cyber risk management opens the class, followed by foundational material on conducting a risk assessment of considerations such as threats, vulnerabilities, impacts, and likelihood. Various technical methods for conducting a risk assessment are presented, to include vulnerability assessments and penetration tests, with a focus on continuous monitoring of security controls and how to assess those security controls using the National Institute of Standards and Technology Special Publication 800-53 and 800-53a as a guide.

Training Purpose: Skill Development

Specialty Areas: Information System Security Management, Security Program Management, Strategic Planning and Policy Development

Training Proficiency Area: Level 1 - Basic

Capture Date: 2013

+ Course Modules/Units
 
Cyber Risk Management for Technicians Course Intro
Risk Management and NIST SP 800-30
Tiers of Risk Management
Terms Associated with Risk Management 1 of 2
Terms Associated with Risk Management 2 of 2
Risk and Operational Resilience
Risk Management Components and Outcomes
NIST SP 800 30 Risk Assessment
NIST SP 800 30 Risk Mitigation
NIST SP 800 39 Risk Management Guidelines
NIST SP 800 37 Risk Management Framework
OCTAVE Risk Based Assessment Methodology
CERT Resilience Management Model
Overview of Assessing Risk
Determining Critical Assets and Operations
Threat Analysis Overview
Critical Assets and Threats
Determining Impact and Risk Analysis
Security Testing and Assessment Methodologies
Vulnerability Assessments vs Penetration Testing
Risk Assessment Tools
Information Categorization
Security Controls and NIST SP 800 53
Control Selection Tailoring and Implementation
Management Control Examples
Operational Control Examples
Technical Control Examples
Assessing A Tech Control Solution Demo
Installing Cyber Tech Control Demo
Continuous Monitoring Concepts 1 of 2
Continuous Monitoring Concepts 2 of 2
Continuous Monitoring and Log Management
Network Monitoring Control Examples
Process of Assessing Security Controls
Developing Security Assessment Plans
Conducting Security Control Assessments
Security Controls Post Assessments
Assessing Security Control Examples
Detecting Network Changes: Syslog
Detecting Network Changes : Swatch and OSSEC
Analyzing NW Changes : Creating a Baseline
Analyzing NW Changes : Host Integrity
Analyzing Host Characteristics
Best Practices for Detecting NW Changes
Update Mgmt with MBSA Demo
Log Analysis with Syslog and Swatch
Determining and Managing Risks
Managing Risk : Cost Benefit Analysis
Vulnerability Remediation
Vulnerability Management Systems
Intro to Vul Scanning with Nessus Demo
Cyber Risk Mgmt for Technicians Course Exam
Cyber Risk Management for Managers 6 HoursSkill Level: Basic 
+ Description
 Cyber Risk Management for Managers covers key concepts, issues, and considerations for managing risk from a manager’s perspective. Discussions include identifying critical assets and operations, a primer on cyber threats and how to determine threats to your business function, mitigation strategies, and response and recovery.

Training Purpose: Skill Development

Specialty Areas: Information System Security Management, Security Program Management, Strategic Planning and Policy Development, Training

Training Proficiency Area: Level 1 - Basic

Capture Date: 2012

+ Course Modules/Units
 
Overview of Risk Management
Risk and Business Impact Analysis
Operational Resilience and Risk
Outcomes of Risk Management
NIST SPs and Risk Assessment Process
NIST SP 800-30 Risk Mitigation Steps
NIST SP 800-39 and 800-37
OCTAVE and OCTAVE Allegro
CERT-RMM and SSE CMM
Critical Assets and Ops : Identifying
Critical Assets and Ops : Prioritizing
Asset Criticality Demo
Identifying Assets Lab
Cyber Risk : Common Threats Part 1 of 2
Cyber Risk : Common Threats Part 2 of 2
Cyber Risk and Mobile Devices
Cyber Risk and Cloud Computing
Common Threat Controls and Countermeasures
Identifying Threats and Their Impact
Identifying Sources of Vulnerabilities
Impact Analysis and Threat Scenario
Assessing Impact : Risk Analysis
Risk Mitigation and Managing Risks
General Risk Mitigation Strategies
Control Methods Overview
Common Technical Controls Part 1 of 2
Common Technical Controls Part 2 of 2
Common Physical Controls
Common Administrative Controls
Classes of Security Controls
Selecting Security Controls
Security Controls and Federal Guidelines
Implementing Security Measures
Mitigation Strategy Maintenance
Security Testing and Assessment
Response and Recovery
Phases of Incident Response
IR Phase 1 : Preparation
IR Phase 2 : Detection and Analysis
IR Phase 3 : Containment
IR Phase 4 : Eradication
IR Phase 5 : Recovery
IR Phase 6 : Lessons Learned
BCP and Procedures
DRP and Procedures
DRP : Backups and Alternate Sites
Using RT-IR for Incident Response
Cyber Risk Management Quiz
Cyber Security Overview for Managers 6 HoursSkill Level: Basic
+ Description
 

Cybersecurity Overview for Managers is designed for managers and other stakeholders who may be involved in decision making regarding their cyber environment but do not have a strong technical background. Discussions will not focus on specific technologies or implementation techniques, but rather cybersecurity methodologies and the framework for providing a resilient cyber presence. The course aims to help managers better understand how people and devices work together to protect mission critical assets and more effectively evaluate their cyber posture.

Training Purpose: Skill development

Specialty Areas: Information System Security Management, Security Program Management, Strategic Planning and Policy Development


Training Proficiency Area: Level 1 - Basic

Capture Date: 2012

+ Course Modules/Units
 
Cyber Security Overview Course Introduction
Key Concepts in Cyber Security Part 1 of 2
Key Concepts in Cyber Security Part 2 of 2
Cyber Security Role in Culture, Vision, and Mission
Roles and Responsibilities in Cyber Security Part 1 of 2
Roles and Responsibilities in Cyber Security Part 2 of 2
Cyber Security Governance
Cyber Security and Federal Guidelines
Impact and Limitations of Laws
Threat Actors
Common Threats to Cyber Security Part 1 of 2
Common Threats to Cyber Security Part 2 of 2
Mobile Security and Mobile Threats
Cyber Security and Cloud Computing
Controls, Countermeasures, and Cyber Security
Risk Management Overview
Determining Critial Assents and Processes
Asset Criticality Demo
Risk and Threats and Vulnerabilities
Determining Risk and Impact
Risk Mitigation Strategy
Risk Assessment Methodologies
Incident Handling and Business Continuity
Business Continuity Plans and Procedures
Disaster Recovery Plans and Procedures
Cyber Security Overview Course Quiz
New Course OfferingThe Election Official as IT Manager 4 HoursSkill Level: Basic  
+ Description
 In this course, you will learn why Election Officials must view themselves as IT systems managers, and be introduced to the knowledge and skills necessary to effectively function as an IT manager. The course includes a review of Election Systems, Election Night Reporting, and Interconnected Election Systems vulnerabilities and liabilities. The course also covers Social Media and Website best practices, vulnerabilities, and liabilities, and will also address Procuring IT, Vendor Selection, Testing and Audits, Security Measures, and Risk Assessments. In addition, the course also includes a review of resources available to the election community from the Department of Homeland Security.

Training Purpose: Management Development

Specialty Areas: Cybersecurity Management, Incident Response, Risk Management

Training Proficiency Area: Level 1 - Basic

Capture Date: 2018

+ Course Modules/Units
 
Professionalizing Election Admin Intro
Being an IT Manager
Election Systems
Technology and the Election Office
Procuring IT
Testing and Audits
Election Security
Principles of Information Security
Physical Security
Cybersecurity and Elections
Human Security
Risk Management and Elections
Incident Response Scenarios and Exercises
Phishing and Elections
DDOS Attacks and Elections
Website Defacing
Election Infrastructure Security
DHS Cyber Security Tools and Services
EAC Resources
Emerging Cyber Security Threats 12 HoursSkill Level: Intermediate  
+ Description
 This course covers a broad range of cyber security elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. This course will cover what policy is, the role it plays in cyber security, how it is implemented, and cyber security laws, standards, and initiatives. Topics include cyber security policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.

Training Purpose: Skill Development

Specialty Areas: System Administration, Technology Demonstration, Vulnerability Assessment and Management, Strategic Planning and Policy Development, Cyber Threat Analysis

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2010

+ Course Modules/Units
 
Introduction to Cybersecurity Policy
Types of Security Policy
Policy Education and Implementation
Cybersecurity Laws
Proposed Legislation
NIST Cybersecurity Standards
Other Cybersecurity Standards
Comprehensive National Cybersecurity Initiatives (CNCI)
Other Federal Cybersecurity Initiatives
Implementing Cybersecurity Initiatives
SPAM
Malware Trends
Botnets
Monetization
Cyber Attack Profiles
Cyber Crime
Cyberwarfare
Cyber Attack Attribution
Cyber Threat Mitigation
Mobile Device Trends
Mobile Device Threats
Mobile Device Countermeasures
Exploited Threats
What is Cloud Computing?
Technical Risks
Operational Risks
Risk Mitigation Strategies
DISA Cloud Solutions
RFID Introduction
RFID Threats
RFID Countermeasures
Exploited Threats
Introduction and MAC Address Monitoring
MAC Address Spoofing
Managing Traffic Flows
VLANs and Security
802.1x Port Authentication
Network Admission Control
Securing STP
Securing VLANs and VTP
Introduction and Edge Security Traffic Design
Blocking DoS and DDoS Traffic
Specialized Access Control Lists
Routers with Firewalls
Beyond Firewalls: Inspecting Layer 4 and Above
Securing Routing Protocols and Traffic Prioritization
Securing Against Single Point of Failures
Physical and Operating System Security
Management Traffic Security
Device Service Hardening
Securing Management Services
Device Access Hardening
Device Access Privileges
Name Resolution Introduction
Name Resolution and Security
DNS Cache
DNS Security Standards and TSIG
DNSSEC
Migrating to DNSSEC
Issues with Implementing DNSSEC 1
Issues with Implementing DNSSEC 2
IPv6 Concepts
IPv6 Threats
IPv6 Network Reconnaissance
DEMO: IPv6 Network Reconnaissance
IPv6 Network Recon Mitigation Strategies
IPv6 Network Mapping
DEMO: IPv6 Network Mapping
IPv6 Network Mapping Mitigation Strategies
IPv6 Neighbor Discovery
DEMO: IPv6 Address Assignment
IPv6 Attacks
DEMO: IPv6 Alive Hosts
DEMO: IPv6 Duplicate Address Detection (DAD)
DEMO: IPv6 DAD Denial of Services (DOS)
DEMO: IPv6 Fake Router Advertisement
DEMO: IPv6 Man-in-the-middle
IPv6 Attack Mitigation Strategies
IPv6 Tunneling
IPv6 Windows Teredo Tunneling
IPv6 Tunneling Mitigation Strategies
IPv6 Best Practices
Foundations of Incident Management 10.5 HoursSkill Level: Basic 
+ Description
 This course provides an introduction to the basic concepts and functions of incident management. The course addresses where incident management activities fit in the information assurance or information security ecosystem and covers the key steps in the incident handling lifecycle with practices to enable a resilient incident management capability.

Learning Objectives:

  • Explain the role of incident management
  • Distinguish between incident management and incident handling
  • Outline the incident handling lifecycle
  • Identify key preparations to be established to facilitate incident handling
  • Distinguish between triage and analysis
  • Identify the basic steps in response
Training Purpose: Functional Development

Specialty Areas: Computer Network Defense Analysis, Incident Response, Threat Analysis

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
Foundations of Incident Management Course Intro
Framing The Need For Incident Management
Incident Management Terms and Processes
Institutionalizing Incident Management Capabilities
Stakeholders in Incident Management
CERT and Other’s Perspective on Threats and Trends
Incident Management Terminology
Incident Management Attack Classes and Actors
Incident Management Malware and DoS Examples
Incident Management Prevention, Detection, and Response
Incident Handling Lifecycle - Prepare
Incident Handling Information
Analyzing Attack Information
Incident Management Monitoring Tools
Incident Management Detection Process
Process to Support Incident Detection and Reporting
What is Situational Awareness?
Non Technical Elements of Situational Awareness
Technical Elements of Situational Awareness
Using Sensors for Requirements Gathering
Incident Handling Lifecycle: Analysis
Incident Handling Lifecycle: Triage
Questions Addressed in Triage
Objectives of Incident Analysis
Tasks of Incident Analysis Part 1 of 2
Tasks of Incident Analysis Part 2 of 2
Data Sources for Analysis
Examples of Data Sources for Analysis
Incident Analysis Exercise Scenario
Preparing For Impact Analysis
Conducting Impact Analysis
Response and Recovery Part 1 of 2
Response and Recovery Part 2 of 2
Mission of the Response Process
Coordinating Response Part 1 of 2
Coordinating Response Part 2 of 2
Sample Attack Mitigations
Benefits and Motivations of Information Sharing
Methods of Information Sharing
Data Models for Information Sharing
STIX/TAXII Protocol
Foundations of Incident Handling Course Summary
Foundations of Incident Management Course Exam
IPv6 Security Essentials Course 5 HoursSkill Level: Advanced 
+ Description
 This Internet Protocol version 6 (IPv6) Security Essentials course begins with a primer of IPv6 addressing and its current deployment state, discusses Internet Control Manager Protocol version 6 (ICMPv6), Dynamic Host Configuration Protocol version 6 (DHCPv6), and Domain Name System version 6 (DNSv6), and concludes with IPv6 Transition Mechanisms, security concerns and management strategies. This course includes several reinforcing video demonstrations, as well as a final knowledge assessment.

Training Purpose: Skill development

Specialty Area(s): Enterprise Architecture, Network Services, System Administration, Computer Network Defense Infrastructure Support, Systems Security Analysis

Training Proficiency Level: Level 3 - Advanced

Capture Date: 2015

+ Course Modules/Units
 
IPv6 Introduction
IPv6 Adoption
DEMO: IPv6 Network Reconnaissance
IPv6 Addressing Part 1 of 2
IPv6 Addressing Part 2 of 2
IPv6 Packet Header
DEMO: IPv6 Header Analysis
ICMPv6
IPv6 Address Assignment
DEMO: IPv6 Address Assignment
IPv6 Web Browsing
IPv6 Transition Mechanisms Part 1 of 2
IPv6 Transition Mechanisms Part 2 of 2
DEMO: IPv6 Tunneling
IPv6 Security Concerns
DEMO: IPv6 Network Mapping
IPv6 Security Mitigation Strategies
DEMO: IPv6 Network Monitoring Tools
IPv6 Ready
IPv6 Security Essentials Key Takeaways
DEMO: IPv4 and IPv6 Subnetting
DEMO: IPv6 Addressing on Router Interfaces
DEMO: Setting up RIP for IPv6
DEMO: Configuring OSPFv3
DEMO: IPv6 Alive Hosts
DEMO: IPv6 Duplicate Address Detection (DAD)
DEMO: IPv6 DAD Denial of Services (DOS)
DEMO: IPv6 Fake Router Advertisement
DEMO: IPv6 Man-in-the-middle
IPv6 Security Essentials Quiz
New Course OfferingISACA Certified Information Security Manager (CISM) Prep 11 HoursSkill Level: Intermediate  
+ Description
 The ISACA Certified Information Security Manager (CISM) certification prep self-study resource helps prepare candidates to sit for the management-focused CISM exam, and strengthens students information security management expertise through in-depth lecture topics, reinforcing demonstrations, and practice exam. The course includes concepts from the four job practice areas of the 2017 CISM certification: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.
Learning Objectives:
  • Explain how information security governance and supporting processes are used to align security strategy with organizational goals and objectives.
  • Detail strategies to manage risk to an acceptable level in support of organization goals and objectives.
  • Describe the information security program's role in the organization's security posture by managing and protecting assets while supporting goals.
  • Detail means to minimize the impact to operations in the event of a security incident through establishing detection, response and recovery capabilities.
Training Purpose: Skill Development
NICCS Specialty Areas:
  • Cybersecurity Management (Oversee and Govern)
  • Systems Analysis (Operate and Maintain)
  • Program/Project Management and Acquisition (Oversee and Govern)
  • Vulnerability Assessment and Management (Protect and Defend)

Training Proficiency Area: Level 2- Intermediate
+ Course Modules/Units
 
CISM Course Introduction
IS Governance Domain Overview
Information Security (IS) Management
Importance of IS Governance Part 1 of 2
Importance of IS Governance Part 2 of 2
IS Management Metrics
ISM Strategy Part 1 of 2
ISM Strategy Part 2 of 2
Elements of IS Strategy
IS Action Plan for Strategy
DEMO: Key Goal, Risk, Performance Indicator
Risk Management Overview and Concepts
Risk Management Implementation
Risk Assessment: Models and Analysis
DEMO: Calculating Total Cost of Ownership
DEMO: Recovery Time Objective (RTO)
Compliance Enforcement
Risk Analysis: Threat Analysis
IS Controls and Countermeasures
Other Risk Management Considerations Part 1 of 2
Other Risk Management Considerations Part 2 of 2
DEMO: Cost Benefit Analysis
Information Security Program Development
Information Security Program Management
Outcomes of Effective Management
IS Security Program Development Concepts
Scope and Charter of IS Program Development
IS Management Framework
IS Framework Components
IS Program Roadmap
Organizational Roles and Responsibilities
Information Security Manager Responsibilities
Other Roles and Responsibilities in IS
Information Security Program Resources
IS Personnel Roles and Responsibilities
IS Program Implementation Part 1 of 2
IS Program Implementation Part 2 of 2
Implementing IS Security Management Part 1 of 2
Implementing IS Security Management Part 2 of 2
Measuring IS Management Performance
Common Challenges to IS Management
Determining the State of IS Management
Incident Management and Response
Incident Management Part 1 of 2
Incident Management Part 2 of 2
IMT IRT Members
Incident Response Planning Part 1 of 2
Incident Response Planning Part 2 of 2
DEMO: Phishing Emails
DEMO: Incident Management Workflow
Recovery Planning Part 1 of 2
Recovery Planning Part 2 of 2
DEMO: RTIR Incident Response Tool Part 1 of 2
DEMO: RTIR Incident Response Tool Part 2 of 2
CISM Practice Exam
(ISC)2 (TM) CAP Certification Prep Self Study 2014 11 HoursSkill Level: Intermediate 
+ Description
 This certification prep course is designed to help prepare students for the Information Security Certification (ISC)2 Certified Authorization Professional (CAP) certification exam as well as strengthen their knowledge and skills in the process of authorizing and maintaining information systems. Topics include understanding the Risk Management Framework (RMF), selection, implementation, and monitoring of security controls as well as the categorization of information systems. The course includes a practice exam.

Training Purpose: Skill development

Specialty Areas: Cybersecurity Management, Cyber Defense Infrastructure Support, Vulnerability Assessment and Management

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2014

+ Course Modules/Units
 
CAP Course Introduction
Risk Management Approach to Security Authorization
Risk Management Framework Steps
Risk Management Framework Phases
RMF Roles and Responsibilities
Organization Wide Risk Management
Managing Risk
Assessor Independence and External Environments
System Development Life Cycle
Alignment of RMF with SDLC Review
RMF Legal and Regulatory Requirements
NIST Publications
Continuous Monitoring Strategies
RMF Guidance Review
Defining Categorization
Categorization Examples
Categorization Process
Security Plans and Registration
Categorize
Selection Step Tasks
Selection Step Definitions
Security Controls Guidance
Privacy and Security Controls
Control Selection and Supplemental Guidance
Tailoring Security Controls
Control Assurance and Monitoring
Control Assurance and Monitoring - Continued
Select
Implementing Security Controls Overview
Integrating Implementation
Implement
Preparing for Control Assessments
Conducting Control Assessments
Security Assessment Report
Remediation Actions and Process Review
Assess
Authorization Documentation
Risk Determination and Acceptance Part 1 of 3
Risk Determination and Acceptance Part 2 of 3
Risk Determination and Acceptance Part 3 of 3
Authorization Decisions
Prioritized Risk Mitigation and Authorization Review
Authorize
Assessments and Configuration Management
Ongoing Security Control Assessments
Monitor
CAP Certification Prep Practice Exam
(ISC)2 (TM) CISSP (R) Prep 2015 25 HoursSkill Level: Advanced 
+ Description
 The (ISC)2 Certified Information Systems Security Professional (CISSP) certification self-study prep course is a resource for individuals preparing for the CISSP certification exam or expanding their knowledge in the information security field. The course reflects the 2015 published CISSP exam objectives and the eight domains upon which the exam is based. This course also includes domain quizzes, reinforcing video demonstrations, as well as a final practice exam.

Training Purpose: Skill development

Specialty Areas: Information System Security Management, Security Program Management, Strategic Planning and Policy Development, Enterprise Architecture, Information Assurance Compliance

Training Proficiency Area: Level 3 - Advanced

Capture Date: 2015

+ Course Modules/Units
 
CISSP Course Introduction
Access Control Concepts
Access Control Methodology Types
Governance Management and Compliance
Policy and Components Overview
Managing Security Functions
Major Legal Systems
International Legal Issues
Legal Regulations and Privacy
Computer Crime and Incident Response
Digital Investigations
Audits and Contractual Agreements
Legal Regulations and Ethics
(ISC)2 Code of Ethics and Ethic Bases
BC and DR Initiation and Management
BC and DR Financial Regulations and Legal Standards
BCP Business Impact Analysis
Disaster Recovery Strategy
Documenting the DRP
Managing Recovery Communications
Recovery Exercising
Vendor Management
Addressing Risk
Risk Assessment and Countermeasures
Threat Modeling and Reduction Analysis
Acquisition Strategies
Training Review and Improvement
Security and RM Knowledge Check
Privacy Protection, Data Collection Limitations and Retention
Organizational Privacy Responsibilities
Data Classification
Data Ownership and Retention
Security Control Selection
Security Control Application and Tailoring
Security Control and Selection Examples
Policy Review Demo
Asset Security Knowledge Check
Basics of Secure Design
Secure Design Standards and Models
Enterprise Security Architecture
System Security Architecture
System Threats and Countermeasures
Parallel and Distributed Systems
Virtualization
Parallel and Distributed Systems Security Issues
Industrial Control System Security
Securing ICS and SCADA Systems
SCADA Honeynet Demo
Internet of Things
Mobile System Security
Wireless Vulnerabilities, Attacks and Attack Vectors
Wireless Device and Application Threats and Issues
Emerging Trends in Wireless Devices and Security
Key Crypto Concepts and Definitions
Cryptography History
Encryption Systems
Symmetric Ciphers
Asymmetric Ciphers
Message Integrity Controls
Salting Hashes
Digital Signature Overview
Encryption Management - Keys
Public Key Infrastructure (PKI)
Cryptographic Lifecycle
Digital Rights Management
Crypto Attack and Countermeasures
Site and Facility Design Criteria
Physical and Environ Location Threats
Perimeter Security
Perimeter Intrusion Detection
Access Control Systems (ACS) Cameras and Guards
ACS: Doors and Locks
ACS: Secure Operational Areas
Personnel Privacy and Safety
Wiring Closets
Security Engineering Knowledge Check
Telecom and Network Security Concepts
Telecom and NW Security Layer 1
Telecom and NW Security Layer 2
Telecom and NW Security Layer 3
Telecom and NW Security Layer 4 and 5
Telecom and NW Security Layer 6 and 7
Multilayer and Converged Protocols
Content Distribution Networks
Implementing and Using Remote Access
Comm and NW Security Knowledge Check
Access Control System Strategies
Biometrics and Authentication Accountability
Access Controls - Kerberos
Data Access Controls
Access Control Threats
Session Management
Credential Management Systers
Cloud Identity (Identity as a Service)
Third Party Identification
Rule-Based Access Control
ID and Access Management Knowledge Check
Synthetic Transactions
Code Review and Testing
Misuse Case Testing
Interface Testing
Test Coverage Analysis
Security Testing Knowledge Check
Security Operations Concepts
Security Operations Resource Protection
Security Operations Incident Response
Managing Security Services Effectively
Maintaining Operational Resilience
Electronic Discover (E-Discovery)
Cloud Computing
Cloud Computing Security Issues
Continuous Monitoring
Data Leak Prevention (DLP)
Watermarking
Egress Monitoring
Intro to Dshell Toolkit Demo
Security Operations Knowledge Check
SDLC Phases
Software Development Models
Security Environment and Controls
Additional Security Protections and Controls
Audit and Assurance Mechanisms
SW Development Security and Malware
Agile Development Models
Maturity Models
Integrated Product Teams
Impact of Acquired Software
Automated Code Review Demo
Software Dev Security Knowledge Check
CISSP Course Practice Exam
(ISC)2 (TM) Systems Security Certified Practitioner 16 Hours Prep 2015Skill Level: Basic 
+ Description
 The Systems Security Certified Practitioner (SSCP) certification prep course is a self-study resource for those preparing to take the (ISC)2 SSCP certification exam as well as those looking to increase their understanding of information security concepts and techniques. The certification is described as being ideal for those working toward positions such as network security engineers, security systems analysts, or security administrators. This course, complete with a 100-question practice exam and video demonstrations, was developed based on the seven SSCP domains prior to the April 15, 2015 (ISC)2™ domain update. A new, updated course is currently in development.

Training Purpose: Skill development

Specialty Area(s): Systems Security Analysis, Computer Network Defense, Vulnerability Assessment and Management, Network Services

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
SSCP Introduction
Access Control Terms and Categories
Access Control Types
Access Control Administration
Security Models
System Permissions
Identification and Authentication Methods
Biometrics
Auditing and Threats
Attribute based Access Control
Device Authentication
Trust Architectures
Identity Management Lifecycle
Introduction to Cloud Computing
Cloud Computing Implementations
Cloud Computing Security Issues Part 1 of 2
Cloud Computing Security Issues Part 2 of 2
Big Data
Big Data with Hadoop Demo
NoSQL with MongoDB Demo
Virtual Environments
Access Controls Domain Knowledge Check
Security Operations
Data Classification and Administration
System Development and Change Cycle
Certification and Accreditation
Change Control and Patch Management
End Point Security
Securing People and Devices
Security Awareness and Training
(ISC)2 Code of Ethics
Asset Management
Assessing Physical Security
Physical Security Defenses
Security Ops and Admin Knowledge Check
Monitoring and Analysis
Monitoring Employees
Log Management
Integrity Checking
Testing and Analysis
Auditing
Communicate Findings
Continuous Monitoring and CAESARS
Introduction to Continuous Monitoring
Incident Handling, Response and Recovery
Incident Handling Knowledge Areas Part 1 of 2
Incident Handling Knowledge Areas Part 2 of 2
Incident Handling Response
Incident Handling Countermeasures
OpenVAS Demo
Monitoring and Analysis Knowledge Check
Risk Management
Risk Assessment
Security Testing
Incident Handling
Forensics
Volatility Framework
Business Continuity Planning
Business Impact Analysis
Backup and Recovery Strategies
Redundancy and Storage
Risk and Response Knowledge Check
Cryptography Terms
Requirements for Cryptography Part 1 of 2
Requirements for Cryptography Part 2 of 2
Steganography
Hashes, Parity and Checksum
Secure Protocols and Cryptographic Methods
Symmetric Cryptosystems
Symmetric and Asymmetric Cryptosystems
Public Key Infrastructure (PKI)
Key Management
Web of Trust
Secure Protocols
Cryptography Knowledge Check
Network Topology
Transmission Media
Crosstalk and Interference
Network Devices: NIC, Hub, Switches
Network Devices: Routers, Firewalls, IDS
OSI and TCP/IP Models
IP Addressing
NAT and Subnetting
TCP, UDP and Common Protocols
ARP, DHCP, ICMP
Wireshark Protocol Analysis
Routers and Routing Protocols
Network Services
Network Security Protocols
VoIP
VoIP Call Traffic Demo
WANs
Remote Access
Securing SSH
Wireless Technology
Network Reliability
Firewalls and Proxies
Wireless Attacks and Countermeasures
Common Attacks and Countermeasures
Network Access Control
Wiring Closets
Mobile Device Physical Security
Network Segmentation
Traffic Shaping
Wireless Security
Networks and Comm Knowledge Check
Malicious Code
Virus Lifecycle and Characteristics
Botnets: DoS, Packet Flood Attacks
Botnets: Rootkits and Malware
Malicious Activity
Social Engineering Sources and Anatomy of Attack
Malicious Activity Countermeasures
SE and Insider Threat Countermeasures
Infected System Response and Remediation
Reverse Engineering
Malicious Code Activity Knowledge Check
SSCP Course Practice Exam
Offensive and Defensive Network Operations 13 HoursSkill Level: Basic  
+ Description
 

This course focuses on fundamental concepts for offensive and defensive network operations. It covers how offensive and defensive cyber operations are conducted and details U.S. government doctrine for network operations. Topics include network attack planning, methodologies, and tactics and techniques used to plan for, detect, and defend against network attacks.

Learning Objectives

  • Apply U.S. government network operations background and doctrine
  • Describe offensive and defensive network operations
  • Determine offensive network operation missions, planning, and exploitation phases and methodologies
  • Derive defensive network operation missions, planning, and methods to detect and defend against network attacks and attackers' methods

Training Purpose: Functional Development

Specialty Areas: Computer Network Defense Analysis, Cyber Operations

Training Proficiency Area: Level 1 - Basic

Capture Date: 2015

+ Course Modules/Units
 
Cyberspace As A Domain
Joint Publication 3-12(R), Cyberspace Operations Overview Part 1 of 3
Joint Publication 3-12(R), Cyberspace Operations Overview Part 2 of 3
Joint Publication 3-12(R), Cyberspace Operations Overview Part 3 of 3
Joint Communications Overview and Information Environment
Joint Force Communication, System Operations, and Management Planning
Legal Considerations for Cyber Operations Part 1 of 2
Legal Considerations for Cyber Operations Part 2 of 2
Adversaries in Cyberspace Part 1 of 3
Adversaries in Cyberspace Part 2 of 3
Adversaries in Cyberspace Part 3 of 3
Offensive Cyber Operations Background
Offensive Cyberspace Operations Definitions
Offensive Cyberspace Operations Planning and Legal Considerations
Offensive Methodologies
Offensive Methodology Planning Examples 1 of 2
Offensive Methodology Planning Examples 2 of 2
Reconnaissance Methodology Overview
Social Engineering for Reconnaissance
Reconn with Automated Correlation Tools and Search Engines Part 1 of 2
Reconn with Automated Correlation Tools and Search Engines Part 2 of 2
Netowrk Mapping for Active Reconnaissance
Port Scanning for Active Reconnaissance
Windows Enumeration Basics
Linux Enumeration Basics
Scanning and Enumerating with Nmap
Exploitation using Direct Exploits and System Misconfiguration
Exploitation with SET Example
Exploitation
Entrenchment
Exploitation Basics
Post-Exploitation
Abuse and Attacks
Defensive Cyberspace Operations (DCO)
DCO Types of Operations
DCO Operational Goals
DCO Best Practices
Defensive Methodology: Understanding the Threat
Defensive Methodology: Tactics
Defensive Methodology: Defense-in-Depth
Incident Management Overview
Incident Management Policies, Plans and Procedures
Incident Management Team Configuration
Incident Response Lifecycle
Defending the Domain
Perimeter and Host Defenses
IDS/IPS Defined Including Advantages and Disadvantages
IDS/IPS Types and Functions
IDS/IPS Location Placements
Intrusion Detection using Snort
Reviewing Alerts and Detecting Attack Phases
Network Traffic Analysis
Methods of Network Traffic Analysis
Wireshark
Log Analysis Methods and Techniques Part 1 of 2
Log Analysis Methods and Techniques Part 2 of 2
Detecting Offensive Operations using Log Analysis
Digital Forensics Overview and Tools
Digital Forensics Methods and Techniques Part 1 of 2
Digital Forensics Methods and Techniques Part 2 of 2
Identifying Phases of Attack Using Digital Forensics
Incident Data: Profile and Analysis
Incident Reporting
Offensive and Defensive Network Operations Exam
Root Cause Analysis 1 hourSkill Level: Intermediate  
+ Description
 This course provides an explanation of root cause analysis for cyber security incidents and an overview of two different root cause analysis models (and approaches used in these models). The course also describes how root cause analysis can benefit other incident management processes (response, prevention, and detection), and details general root cause analysis techniques that can be adopted as methods for analysis of cyber incidents.

Training Purpose: Skill Development

Specialty Areas: Threat Analysis, Computer Network Defense Analysis, Incident Response

Training Proficiency Area: Level 1 - Basic

Capture Date: 2016

+ Course Modules/Units
 
Root Cause Analysis Fundamentals
Root Cause Analysis Methods
Cyber Kill Chain Model for Root Cause Analysis
Sample Incident Cause Analysis Workflow
Root Cause Analysis Course Exam
SiLK Traffic Analysis 7 HoursSkill Level: Intermediate 
+ Description
 This course is designed for analysts involved in daily response to potential cyber security incidents, and who have access to the Einstein environment. The course begins with an overview of network flow and how the SiLK tools collect and store data. The next session focuses specifically on the Einstein environment. The basic SiLK tools are covered next, giving the analyst the ability to create simple analyses of network flow. Advanced SiLK tools follow, and cover how to create efficient and complex queries. The course culminates with a lab where students use their new skills to profile a network.

Training Purpose: Skill Development:

Specialty Areas: Cybersecurity Management, Cyber Defense Infrastructure Support, Vulnerability Assessment and Management

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2013

+ Course Modules/Units
 
Introduction to SiLK
iSiLK
What is Network Flow?
Interpreting SiLK Network Flow
SiLK Flows
SiLK Traffic Analysis Quiz 1
The SiLK Repository
Basic SiLK Tools
SiLK Traffic Analysis Quiz 2
rwfilter
rwfilter Examples
rwfilter Demo
rwfilter Continued
SiLK Traffic Analysis Quiz 3
rwcount
rwcount Demo
rwstats
rwstats Demo 1
rwstats Continued 1
rwstats Demo 2
rwstats Continued 2
rwuniq
SiLK Traffic Analysis Quiz 4
PySiLK
Python Expressions and SilkPython
SiLK Traffic Analysis Quiz 5
IP Sets
Bags
SiLK Traffic Analysis Quiz 6
Prefix Maps
Tupples
SiLK Traffic Analysis Quiz 7
rwgroup
rwmatch
SiLK File Utilities
IPv6 in SiLK
SiLK Traffic Analysis Quiz 8
Network Profiling Introduction
Software Assurance Executive Course (SAE) 10 HoursSkill Level: Intermediate 
+ Description
 This course is designed for executives and managers who wish to learn more about software assurance as it relates to acquisition and development. The purpose of this course is to expose participants to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.

Training Purpose: Skill Development

Specialty Areas: Software Assurance, Software Assurance Management, Acquisition

Training Proficiency Area: Level 2 - Intermediate

Capture Date: 2013

+ Course Modules/Units
 
Interview with William Scherlis: Introduction and Background
Software Assurance Challenges
Encouraging Adoption of Software Assurance Practices Through People and Incentives
The Path Toward Software Assurance: Advice for Organizations
Learning from Failure
The Future of Software Assurance
Introduction, Current Software Assurance Activities by DHS, and Current SW Assurance Environment
Managing Risks in a Connected World
A Need for Diagnostic Capabilities and Standards
Changing Behavior: Resources
Establishing a Foundation for Software Assurance
Conclusion: The Rugged Manifesto and Challenge
Introduction to Software Assurance
Software Assurance Landscape
Software Assurance Principles
Current Software Realities
Introduction to Software Assurance, Part 2
Building Security In
Microsoft Secure Development Lifecycle (MS SDL)
Requirements Engineering
Security Requirements Methods
Threat Modeling: STRIDE (used by Microsoft)
Industry Case Study in Threat Modeling: Ford Motor Company
Topic Summary
Creating and Selling the Security Development Lifecycle (SDL)
Managing the Process
Making a Difference
Introduction and Key Components of Agile Development
Traditional & Agile Acquisition Life Cycles
Common Agile Methods and Scrum - the Most Adopted Agile Method
Challenges to Agile Adoption
Suggestions for Successful Use of Agile Methods in DHS Acquisition
Agile Summary
Software Assurance, Introduction to Part 3: Mission Assurance
What Does Mission Failure Look Like?
Mission Thread Analysis for Assurance
Applying Mission Thread Analysis Example 1
Applying Mission Thread Analysis Example 2
Applying Mission Thread Analysis
Software Assurance, Introduction to Part 4: SwA for Acquisition
Software Supply Chain Challenges
Supply Chain Risk Mitigations for Products
System Supply Chains
SCRM Standards
Summary
Software Assurance in the Software Development Process and Supply Chain: Introduction
Scope of the Problem
Governance for System and Software Assurance
Strategy Solutions: System Security Engineering, Software Sustainment
Process Solutions
Introduction, History, and Current State of Software
Trustworthy Software
The UK Trustworthy Software Initiative (TSI)
Trustworthy Software Framework
Current Focus and Future Direction of UK TSI
Questions and Answers