|
 0.25 Hours Micro Learn: The Federal Dashboard and Cross Cluster Search | Skill Level: Beginner |  | + Description | | Micro Learn: The Federal Dashboard and Cross Cluster Search
Description:
Learn about the concepts and features of the CDM Federal Dashboard. This video will describe the Federal Dashboard, use case scenarios, and how Cross Cluster Searching can provide
its many benefits to federal agencies.
Learning Objectives:
-
Learning the new features of the Federal Dashboard and the primary use cases of the dashboard.
-
Understanding the data trends within the Federal Dashboard
-
What are the primary user roles of the Federal Dashboard?
-
Learn about Cross Cluster Searching and how the federal dashboard increases the security of the .GOV domain
Date: April 2023
Length: 13 minutes
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category
|
Specialty Area
|
Work Roles
|
Oversee and Govern
|
Cybersecurity Management
|
Information Systems Security Manager
|
Oversee and Govern
|
Program/Project Management and Acquisition
|
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
|
Securely Provision
|
Risk Management
|
Authorizing Official/Designating Representative, Security Control Assessor
|
|
| |
|
 0.25 Hours Micro Learn: CDM PMO speaks about the CDM Agency Dashboard | Skill Level: Basic |  | + Description | | This video explains the features of the current ES-3 version of the CDM Agency Dashboard.
Date: 2021
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 0.2 Hours Micro Learn: DBaaS | Skill Level: Basic |  | + Description | | The next evolution of the CDM Agency Dashboard is being offered in a cloud-based format, which provides agencies with the same functionality but relieves them from having to manage and continue to fund all of the aspects of an “on-prem” security solution. CISA is making this dashboard tool available in a Dashboard as a Service format, or DBaaS. This video will describe DBaaS and its many benefits to federal agencies.
Learning Objectives:
- Understand the basic principals of DBaaS and the CDM Agency Dashboard
- How DBaaS can help minimize agency vulnerabilities
- Provide a demonstration of how DBaaS works
Date: October 2022
Length: 7 minutes
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
 0.5 Hours Micro Learn: AWARE 1.5s and the CDM Dashboard | Skill Level: Basic |  | + Description | | In this video, the updated AWARE 1.5 supplemental overview is described and how it can benefit the federal agencies. Discussion questions include: What are the changes to the scoring algorithm; what are flipping scores; how are scores prioritized; what benchmarks are being accessed. Date: March 2023 Training Purpose: Skill Development Training Proficiency Area: Level 1 - Beginner Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework Category | Specialty Area | Work Roles |
---|
Operate and Maintain | Systems Administration, Systems Analysis | System Administrator, Systems Security Analyst | Oversee and Govern | Cybersecurity Management | Information Systems Security Manager | Oversee and Govern | Program/Project Management and Acquisition | IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager | Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
|
| |
|
 0.25 Hours Micro Learn: CISA’s Binding Operative Directive (BOD) 22-01 and the Known Exploited Vulnerabilities (KEV) catalog | Skill Level: Basic |  | + Description | | In this video, Mr. Dave Otto, the Risk expert of the CDM program, explains the Binding Operational Directive 22-01, the CISA KEV (Known Exploited Vulnerabilities) Catalog, and how agencies can better protect their assets.
Date: 2022
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| + Course Modules/Units | | Micro Learn: CISA’s Binding Operative Directive (BOD) 22-01 and the Known Exploited Vulnerabilities (KEV) catalog |
|
|
|
 0.25 Hours Micro Learn: The CDM PMO speaks about CDM Enabled Threat Hunting (CETH) and the CDM Agency Dashboard | Skill Level: Basic |  | + Description | | In this video, Mr. Richard Grabowski, acting CDM PMO, explains CDM Enabled Threat Hunting (CETH) and how CETH benefits the federal agencies. He also discusses how the CDM Dashboard supports the implementation of Endpoint Detection and Response (EDR).
Date: 2022
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| + Course Modules/Units | | Micro Learn: The CDM PMO speaks about CDM Enabled Threat Hunting (CETH) and the CDM Agency Dashboard |
|
|
|
 2.5 Hours CDM 141 – Introduction to the CDM Agency Dashboard | Skill Level: Beginner |  | + Description | | Description:
This course is a recording of a virtual 3 hour course which provides participants with the essential knowledge
of the ES-5 version of the CDM Agency Dashboard. It explains basic features and navigation within the environment, and includes demonstrations using the CDM Agency Dashboard to identify and report on asset vulnerabilities and other key features of the dashboard.
Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.
Learning Objectives:
-
Understand CDM Agency Dashboard basic features and functionality
-
Instructor demonstrates the CDM Agency Dashboard
Date: April 2023
Length: 3 hours
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category
|
Specialty Area
|
Work Roles
|
Operate and Maintain
|
Systems Administration, Systems Analysis
|
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst
|
Oversee and Govern
|
Cybersecurity Management
|
Information Systems Security Manager
|
Oversee and Govern
|
Program/Project Management and Acquisition
|
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
|
Protect and Defend
|
Cyber Defense Analysis
|
Cyber Defense Analyst
|
|
| |
|
 2 Hours CDM 142 – Asset Management with the CDM Agency Dashboard | Skill Level: Beginner |  | + Description | | This course is a recording of a virtual 2.5 hour course and presents an ES-5 overview of how the dashboard provides visibility into the metrics and measurements needed for a continuous monitoring program. It explains how to create queries for
hardware (HW) and software (SW) assets and introduces a framework for using data reports to inform risk-based decision-making. Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.
Learning Objectives:
-
Understand CDM agency dashboard functionalities around asset management
-
Learn how to create asset management queries
-
Learn how to create reports
Date: April 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category
|
Specialty Area
|
Work Roles
|
Operate and Maintain
|
Systems Administration, Systems Analysis
|
System Administrator, Systems Security Analyst
|
Oversee and Govern
|
Cybersecurity Management
|
Information Systems Security Manager
|
Oversee and Govern
|
Program/Project Management and Acquisition
|
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
|
Protect and Defend
|
Cyber Defense Analysis
|
Cyber Defense Analyst
|
|
| |
|
 0.25 Hours Micro Learn: CDM Dashboard Interface ES-5 Overview | Skill Level: Beginner |  | + Description | | This CDM Agency Dashboard video will provide a foundation level of knowledge and background that will help end users of the dashboard better understanding the functionality of ES-5 of the CDM Agency Dashboard.
Learning Objectives:
- Understand the Header Section of the CDM Agency Dashboard ES-5
- Utilize the Tool Bar feature the dashboard
- Provide an overview of the Query Bar
- Become familiar with the Time Filter of the dashboard
- Understand the Navigation Panel and Navigation Drawer features of the dashboard
Date: May 2022
Length: 10 minutes
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
 2 Hours CDM 143 – Vulnerability Management with the CDM Agency Dashboard | Skill Level: Beginner |  | + Description | | This course is a recording of a virtual two-hour course covering the ES-4 version of the CDM Agency Dashboard. This course introduces participants to the updated version 1.5 of the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) and other vulnerability management topics. With the information provided, dashboard users can identify the most critical vulnerabilities and prioritize mitigation activities at their agency. Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.
Learning Objectives:
- Understand the CDM Agency-Wide Adaptive Risk Enumeration (AWARE) Score
- Walkthrough how to identify vulnerabilities in the CDM Agency Dashboard
Date: July 2022
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 0.25 Hours Micro Learn: The AWARE 1.5 Risk Scoring Overview Using the CDM Agency Dashboard | Skill Level: Beginner |  | + Description | | In this video, the AWARE 1.5 risk scoring overview is described and how it can benefit the federal agencies.
Date: May 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 0.5 Hours Micro Learn: Understanding AWARE 1.5 and the CDM Agency Dashboard | Skill Level: Beginner |  | + Description | | This video explains the new AWARE 1.5 scoring and features.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 0.75 Hours Micro Learn: AWARE 1.5 and the ES-3 version of the CDM Agency Dashboard | Skill Level: Basic |  | + Description | | This video explains the features of AWARE 1.5 on the current ES-3 version of the CDM Agency Dashboard.
Date: 2021
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 2.25 Hours CDM 201 – Identity and Access Management Capabilities within the CDM Agency Dashboard | Skill Level: Intermediate |  | + Description | | This 2.5 hour course is a recording of a virtual four-hour course covering the ES-5 version of the CDM Agency Dashboard. This course introduces participants to the four identity management capabilities - PRIV, CRED, TRUST, and BEHAVE - and to the use of the new CDM Agency Dashboard to reduce risks associated with each.
Register to join the next live iteration of this course via https://www.cisa.gov/cdm-training.
Learning Objectives:
- Overview of how the CDM Agency Dashboard addresses user-centric data in addition to hardware and software information.
- Strategies for integrating PRIV/CRED/TRUST/BEHAVE capabilities into routine processes workflows to drive increased risk awareness and mitigation.
Date: March 2023
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty | Area Work Roles |
Operate and Maintain Systems Administration | Systems Analysis System Administrator | Systems Security Analyst |
Oversee and Govern | Cybersecurity Management | Information Systems Security Manager/td> |
Oversee and Govern | Program/Project Management and Acquisition | IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
|
| |
|
 0.5 Hours Micro Learn: IdAM- Identity and Access Management with the CDM Agency Dashboard | Skill Level: Intermediate |  | + Description | | This 39 minute video is an interview recording of a Mr. Ross Foard, subject matter expert for DHS/CISA, and Identity and Access Management (IAM) . This video provides participants with the essential knowledge of IAM and the CDM Agency Dashboard.
Learning Objectives:
- Understand CDM Agency Dashboard basic features and IAM functionality.
Date: 2021
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
Operate and Maintain Systems Administration, Systems Analysis System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 0.5 Hours Micro Learn: CSM – Concepts of Configuration | Skill Level: Beginner |  | + Description | | This video provides an overview of the configuration settings management (CSM) capability and how CSM helps to reduce cyber-attacks in software and hardware assets within the Continuous Diagnostics and Mitigation (CDM) Program.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 0.5 Hours Micro Learn: CSM – Understanding Benchmarks and STIGS | Skill Level: Beginner |  | + Description | | This video discusses the need for standardized benchmarks in the federal government and the use of Defense Information Systems Agency’s (DISA) Security Technical Implementation Guides (STIGs) for integration within the CDM solution. A review of DISA’s role, authority, and DISA STIG compliance levels is provided as well.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 0.5 Hours Micro Learn: Configuration Settings Management (CSM) with the CDM Agency Dashboard | Skill Level: Basic |  | + Description | | This video explains the CSM features of the current ES-3 version of the CDM Agency Dashboard.
Date: October 2022
Training Proficiency Area: Level 1 - Basic
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 2.5 Hours CDM 202 – Managing Configuration Settings with the CDM Agency Dashboard | Skill Level: Intermediate |  | + Description | | This 2.5 hour virtual course demonstrates the configuration settings management (CSM) capability within the CDM Agency Dashboard. In this course students are shown the basic concepts associated with CSM, the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs), how CSM scoring is incorporated into the current AWARE calculations, and students will gain an understanding of how the CSM capability of the CDM Agency Dashboard can be used to reduce the misconfiguration of assets in their agency IT inventory.
Learning Objectives:
- Overview of the importance of Defense Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs) and how CSM scoring is incorporated into the AWARE calculations.
- Walkthrough of how CSM scoring affect the AWARE algorithm and can reduce asset misconfiguration.
Date: December 2022
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
 0.5 Hours Micro Learn: System Security Analyst Overview | Skill Level: Beginner |  | + Description | | This video presents an overview of the System Security Analyst role and the six key responsibilities associated with that role. The importance of these six key responsibilities is covered including adherence to agency policy and assessing metrics and data.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 0.5 Hours Micro Learn: System Security Analyst Methodology | Skill Level: Beginner |  | + Description | | This video presents cybersecurity concepts associated with continuous monitoring of issues that affect networks. A review of workplan concepts, checks and reviews, and mitigation recommendations is also covered.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Systems Administration, Systems Analysis |
System Administrator, Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 2.5 Hours CDM 203 | Skill Level: Intermediate |  | + Description | | This 2.5 hour course demonstrates the continuous monitoring and analysis capability with version ES-5 of
the CDM Agency Dashboard. This is a role-based course for those in the cybersecurity workforce that use the dashboard routinely. In this course students are shown concepts associated with continuous monitoring and analysis of the top issues that affect networks.
Topics include an overview of the responsibilities of the Security analyst, continuous monitoring, how the CDM Agency Dashboard can be used to identify vulnerabilities, AWARE scoring, the reporting function, and possible courses of action.
Learning Objectives:
-
Overview of the importance of the CDM Agency Dashboard role of system security analyst, which includes monitoring and vulnerability identification.
-
Strategies for securing agency assets and creating report functionality using the CDM Agency Dashboard.
Date: March 2023
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category
|
Specialty Area
|
Work Roles
|
Oversee and Govern
|
Cybersecurity Management
|
Information Systems Security Manager
|
Oversee and Govern
|
Program/Project Management and Acquisition
|
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
|
Securely Provision
|
Risk Management
|
Authorizing Official/Designating Representative, Security Control Assessor
|
|
| |
|
 2 Hours CDM 210 – CDM Enabled Threat Hunting (CETH) Course | Skill Level: Beginner |  | + Description | | This 2.5 hour course demonstrates the continuous monitoring and analysis capability with version ES-5 of the CDM Agency Dashboard. This is a role-based course for those in the cybersecurity workforce that use the dashboard routinely. In this course students are shown concepts associated with continuous monitoring and analysis of the top issues that affect networks. Topics include an overview of the responsibilities of the Security analyst, continuous monitoring, how the CDM Agency Dashboard can be used to identify vulnerabilities, AWARE scoring, the reporting function, and possible courses of action.
Learning Objectives:
- Overview of the importance of the CDM Agency Dashboard role of system security analyst, which includes monitoring and vulnerability identification.
- Strategies for securing agency assets and creating report functionality using the CDM Agency Dashboard.
Date: March 2023
Training Proficiency Area: Level 2 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition IT |
Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| |
|
 3 Hours CDM 220 – CDM and Federal Mandates | Skill Level: Beginner |  | + Description | | This 2.5 hour recording focuses on policy origination, provides an historic timeline, describes current
directives and will guide the learner on how the CDM Dashboard can be used to address a directive, adhere to policies, and understand how to continuously monitor known exploitable vulnerabilities (KEVs.).
Learning Objectives:
-
Describe the federal policy and directive origination process
-
Identify the most current / relevant government directives that relate to cybersecurity
-
Utilize the CDM Agency Dashboard to identify vulnerabilities in response to federal directives
-
Identify characteristics of BOD 22-01 and the response procedures
Date: March 2023
Training Proficiency Area: Level 1 - Intermediate
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category
|
Specialty Area
|
Work Roles
|
Operate and Maintain
|
Systems Administration, Systems Analysis
|
System Administrator, Systems Security Analyst
|
Oversee and Govern
|
Cybersecurity Management
|
Information Systems Security Manager
|
Oversee and Govern
|
Program/Project Management and Acquisition
|
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
|
Protect and Defend
|
Cyber Defense Analysis
|
Cyber Defense Analyst
|
|
| |
|
 2 Hours CDM 301 – Management Overview of the CDM Agency Dashboard | Skill Level: Intermediate |  | + Description | | This 2 hour course provides managers with an overview of the CDM Agency Dashboard. In this course students
are shown concepts associated with the CDM Agency Dashboard and how to create appropriate reports.
Target Audience: This course is applicable to workforce Executives and Senior-level Managers who need to
understand how Information Assurance and cybersecurity principles affect their agencies, how the CDM program helps support those principles, and how their CDM Agency Dashboard can help establish a cybersecurity baseline and identify and reduce their attack
surface.
The National Initiative for Cybersecurity Education (NICE) roles of: Authorizing Official/Designated Representative,
Executive Cyber Leadership, Program Managers, and other senior management roles responsible for cybersecurity within their agency will benefit from this course.
Learning Objectives:
-
Discuss the principles of information assurance
-
Discuss Federal laws and required executive and Senior-level management responsibilities
-
Discuss the purpose and function of the CDM Program
-
Discuss the purpose and benefit of the CDM Agency and Federal Dashboards
-
Reviewing the CDM Agency Dashboard information to make risk-based decisions Includes lab exercises
Date: March 2023
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category
|
Specialty Area
|
Work Roles
|
Oversee and Govern
|
Cybersecurity Management
|
Information Systems Security Manager
|
Oversee and Govern
|
Program/Project Management and Acquisition
|
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager
|
Securely Provision
|
Risk Management
|
Authorizing Official/Designating Representative, Security Control Assessor
|
|
| |
|
|
|
 0.3 Hours Analysis of a Cyber Incident | Skill Level: Beginner |  | + Description | | This three-module course teaches the beginner analyst how to develop the analytical skills and capabilities needed to handle a potential cyber incident— from analysis to reporting findings. Learning Objectives: By the end of this course, participants will be familiar with - How to think about the approach to analysis
- Writing a proper hypothesis and prediction
- The Importance of Organizational Context
- Impact of the Organization Environment
- Gathering the necessary information to analyze an incident
- Analyzing the Functional elements of an incident
- Analyzing the Strategic elements of an incident
- Assembling the elements to solve the cyber puzzle
- Reporting the finding results of the analysis
- Accessing CISA resources for incident and vulnerability cases.
Date: 2022 Training Purpose: Skill Development Training Proficiency Area: Beginner Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework Category | Specialty Area | Work Roles |
---|
Analyze | Exploitation Analysis | Exploitation Analyst | Protect and Defend | Cyber Defense Analysis | Cyber Defense Analyst |
|
| |
|
|
 0.5 Hours Micro Learn: CDM Agency Dashboard Videos (4 Videos) | Skill Level: Intermediate |  | + Description | | This short CDM Agency Dashboard video will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the Elastic dashboard.
Learning Objectives:
- Become familiar with the Kibana User Interface of the CDM Agency Dashboard
- Better understand the CDM Agency Dashboard architecture and data flow
- Understand the general architecture, data flow, and data structure and schema
- Become familiar with JSON Documents
Date: 2022
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| + Course Modules/Units | | CDM Agency Dashboard – Kibana User Interface | CDM Agency Dashboard Architecture and Data Flow | CDM Agency Dashboard Data Structure and Schema | Understanding JSON Documents |
|
|
|
 6 Hours Cloud Monitoring | Skill Level: Beginner |  | + Description | | This course introduces concepts around Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Multiple Cloud Hosting and Hybrid Cloud Hosting.
Date: 2021
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| + Course Modules/Units | | Introduction - Lecture 1 of 5 | Shared Responsibility Model - Lecture 2 of 5 | Use Cases - Lecture 3 of 5 | Case Study - Lecture 4 of 5 | Cloud Architectures & Summary - Lecture 5 of 5 | IaaS Overview - Lecture 1 of 5 | IaaS: Monitoring Services and Capabilities - Lecture 2 of 5 | IaaS: Best Practices - Lecture 3 of 5 | IaaS: Gaps and Considerations - Lecture 4 of 5 | IaaS: Use Cases, Reflection and Summary - Lecture 5 of 5 | PaaS Overview - Lecture 1 of 6 | PaaS: Monitoring Services and Capabilities - Lecture 2 of 6 | PaaS: Monitoring Examples - Lecture 3 of 6 | PaaS: Best Practices - Lecture 4 of 6 | PaaS: Gaps and Considerations - Lecture 5 of 6 | PaaS: Reflection and Summary - Lecture 6 of 6 | SaaS Overview - Lecture 1 of 5 | SaaS: Monitoring Services and Capabilities - Lecture 2 of 5 | SaaS: Best Practices - Lecture 3 of 5 | SaaS: Gaps and Considerations - Lecture 4 of 5 | SaaS: Reflection and Summary - Lecture 5 of 5 | What is Multiple Cloud - Lecture 1 of 5 | Security Issues - Lecture 2 of 5 | Monitoring Capabilities - Lecture 3 of 5 | Gaps- Lecture 4 of 5 | Multiple Clouds - Lecture 5 of 5 | Hybrid Cloud: Security Issues - Lecture 1 of 4 | Monitoring Capabilities - Lecture 2 of 4 | Gaps - Lecture 3 of 4 | Hybrid Clouds in Operation - Lecture 4 of 4 | Conclusion - Lecture 1 of 1 |
|
|
|
 1 Hour Professors in Practice | Skill Level: Beginner |  | + Description | | This course features National Defense University Professor Robert Richardson who discusses important security and oversight requirements for commercial cloud solutions.
Learning Objectives:
- Overview of the cloud physically, logically, and architecturally.
- Discuss cloud deployment models and characteristics.
- Overview of cloud infrastructure characteristics.
- Cloud Supply Chain Risk Management and considerations of commercial cloud as third-party cloud services; senior leaders should "beware of the gaps and seams."
- Cloud software components - microservices & APIs.
- The driving forces and key technology enablers of commercial cloud services in the Federal Government.
- Must-have security requirements and policies for cloud solutions.
- The top ten cybersecurity cloud risks such as: loss of service, data breaches, human error. As well as non-cybersecurity risks such as: outsourcing risks, personnel security, and supply chain risk management.
- Where Federal Government adoption of commercial cloud is now and predictions for the future.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Network Services |
Network Operations Special |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
Securely Provision |
Systems Requirement Planning |
Systems Requirements Planner |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
|
| |
|
 1 Hour Cover Your Assets: Securing Critical and High-Value Assets | Skill Level: Beginner |  | + Description | | Think about your organization’s most critical functions: what do others depend on you to provide? Your high-value assets (HVAs), also known as critical assets across many industries, are the information or information systems that have serious impact to your organization’s ability to conduct its mission or business operations if lost, corrupted, or inaccessible. Across sectors and industries, data and information systems that underpin core business and operational functions- or those systems that connect to core functionalities- make highly tempting targets for sophisticated criminal, politically motivated, or state-sponsored actors to exploit directly or compromise to undermine public trust.
The HVA program was established by CISA to help organizations gain a comprehensive understanding of the risks that dynamic threat actors pose and identify the high-value information and systems that are likely targets.
This webinar provides an overview of the following key information:
- HVA and critical asset overview: Define high-value assets, and how to assess and prioritize risks.
- Common threats: Understand the most likely threats to HVAs and how to mitigate associated vulnerabilities.
- CISA guidance: Learn the steps and parameters to identify, categorize, prioritize, and secure your HVAs or critical assets.
- Case studies: Explore the impacts of documented critical or high-value asset cyberattacks, and the success of resulting response and recovery efforts.
This course is accessible to a non-technical audience including managers and business leaders and provides an organizational perspective useful to technical specialists.
Date: July 2021
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
|
| |
|
 2 Hours Critical Infrastructure Protection | Skill Level: Beginner |  | + Description | | This course discusses the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.
Learning Objectives:
- Define and give examples of critical infrastructure.
- Identify possible cyber threats to critical infrastructure.
- Describe U.S. cybersecurity policies and programs.
- Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.
Date: 2017
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Operate and Maintain |
Systems Analysis |
Systems Analyst |
Operate and Maintain |
Systems Development |
Information Systems Security Developer |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Securely Provision |
Systems Architecture |
Systems Architect |
Securely Provision |
Technology R&D |
Research & Development Specialist |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Systems Development |
Systems Developer |
|
| |
|
 3 Hours Creating a Computer Security Incident Response Team (CSIRT) | Skill Level: Beginner |  | + Description | | This course was developed for organizations and individuals who are at the beginning of their planning and implementation process for creating a computer security incident response team or an incident management capability. This course begins with definitions and context for defining a CSIRT framework, followed by services that may be provided and building an action plan. An attendee workbook is included with questions and exercises to use in conjunction with the training.
Learning Objectives:
- Understand the function of Computer Security Incident Response Teams (CSIRTs) and the philosophy behind them.
- Understand the role of CSIRT in the incident management process.
- Identify the requirements to establish an effective CSIRT.
- Appreciate the key issues and decisions that must be addressed when creating a CSIRT.
- Learn to strategically plan the development and implementation of your CSIRT.
Date: 2017
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
All-Source Analyst |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
|
| + Course Modules/Units | | Create a Computer Security Incident Response Team | Defining Incident Management Part 1 of 2 | Defining Incident Management Part 2 of 2 | Defining CSIRTs | Types of CSIRTs | Setting the Context | Defining Your Framework Part 1 of 2 | Defining Your Framework Part 2 of 2 | Capability Strategies | CSIRT Components | CSIRT Components: Organizational Issues | CSIRT Components: Resources | Range and Level of Services | Policy and Procedure Examples | Range and Level of Services Summary | Ideas for Your Action Plan | Taking the Next Steps | CSIRTs Resource Overview |
|
|
|
 1 Hour CyberEssentials | Skill Level: Beginner |  | + Description | | This course focuses on how leaders can develop actionable items to start implementing organizational cybersecurity practices and introduces the six essential elements of building a culture of cyber readiness.
Learning Objectives:
- Identify actionable items to reduce your organization's cyber risks through a holistic approach.
- Identify the six essential elements of building a culture of cyber readiness.
- Identify the steppingstones to building a culture of cyber readiness.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Oversee and Govern |
Strategic Planning and Policy |
Strategic Planning and Policy Planner |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
|
| |
|
 2 Hours Cyber Supply Chain Risk Management | Skill Level: Beginner |  | + Description | | This course focuses on cyber supply chain risk management, also known as C-SCRM, and the role it plays within our society today. This course will explain how to securely provision, analyze, oversee and govern, protect and defend a supply chain.
Learning Objectives:
- Describe product supply chains and life cycles.
- Identify the role of adversaries in supply chain risk management.
- Define the risks associated with supply chains.
- State the principles of supply chain management.
- Identify security measures taken to protect a supply chain.
- Apply suggested tools to address supply chain vulnerabilities.
- Explain how knowledge of the 'internet of things' (IoT) is used to evaluate products as IoT devices.
- Recognize potential dangers posed by various devices brought to work.
- Identify the threats outlined for acquisitions personnel through the Federal Acquisition Regulation (FAR).
- Define how to personally safeguard your organization's cybersecurity.
Date: 2019
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
All-Source Analyst |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/Warning Analysis |
Analyze |
Targets |
Target Developer, Target Network Analyst |
Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Securely Provision |
Software Development |
Software Developer |
Securely Provision |
Systems Development |
Systems Developer |
|
| |
|
|
 4 Hours Develop and Publish a Vulnerability Disclosure Policy for Federal Agencies (CISA BOD 20-01) | Skill Level: Beginner |  | + Description | | This 1/2-day course is a joint collaboration of the Cybersecurity & Infrastructure Security Agency (CISA) and the CERT Division of the Software Engineering Institute at Carnegie Mellon University. The purpose of this training is to help federal civilian agencies meet required actions of BOD 20-01, the Binding Operational Directive to Develop and Publish a Vulnerability Disclosure Policy (VDP) by covering the knowledge of and providing resources for:
- Vulnerability report receipt and intake
- Developing and publishing a vulnerability disclosure policy
- Developing vulnerability disclosure handling procedures
- Developing a vulnerability disclosure capability development
- Reporting metrics
After completing this course, participants should be able to
- Describe agency requirements for developing and publishing a vulnerability disclosure policy (VDP).
- Describe the minimum capacity needed to support your vulnerability disclosure handling process.
- Explain how vulnerability disclosure and handling is dependent on successful human interaction.
- Explain the importance of establishing trust and good relationships with reporters and stakeholders.
- List the key resources that can help your agency build your VDP and supporting processes.
- Meet the requirements to develop and publish a VDP and supporting handling process.
- Understand how and when to work with CISA for assistance and escalation.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Protect and Defend |
Vulnerability Management |
Vulnerability Manager |
|
| + Course Modules/Units | | Develop and Publish a Vulnerability Disclosure Policy | Module 2: Overview of CISA BOD 20-01 | Module 3: Essentials of VDP | Module 4: Developing A Vulnerability Disclosure Handling Capability | Module 5: Reporting and Metrics | Module 6: Challenges and Additional Considerations | Module 7: Summary and Wrap-up |
|
|
|
 3.5 Hours Elections and IT – Embrace your role as a Manager | Skill Level: Beginner |  | + Description | | This course is a collaboration between the U.S. Election Assistance Commission (EAC) and the U.S. Department of Homeland Security (DHS) and provides an opportunity to learn why election officials must view themselves as IT managers. The course serves as an overview of information technology and how to ensure security is included in the planning, procuring, designing, implementing, and maintaining of interconnected electronic election systems, including public-facing websites. The content introduces the key concepts of identifying vulnerabilities and how to protect election systems from internal and external threats and provides information on cybersecurity resources available from the EAC and DHS.
Date: 2018
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative |
|
| + Course Modules/Units | | Professionalizing Election Admin Intro | Being an IT Manager | Election Systems | Procuring IT | Testing and Audits | Election Security | Principles of Information Security | Cybersecurity and Elections | Risk Management and Elections | Phishing and Elections | Election Infrastructure Security | DHS Cyber Security Tools and Services | EAC Resources |
|
|
|
 4 Hours The Election Official as IT Manager | Skill Level: Beginner |  | + Description | | This course focuses on why Election Officials must view themselves as IT systems managers and introduces the knowledge and skills necessary to effectively function as an IT manager. The course includes a review of Election Systems, Election Night Reporting, and Interconnected Election Systems vulnerabilities and liabilities. The content also covers Social Media and Website best practices, vulnerabilities, and liabilities, and addresses Procuring IT, Vendor Selection, Testing and Audits, Security Measures, and Risk Assessments. In addition, this course includes a review of resources available to the election community from the Department of Homeland Security.
Date: 2018
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative |
|
| + Course Modules/Units | | Professionalizing Election Admin Intro | Being an IT Manager | Election Systems | Technology and the Election Office | Procuring IT | Testing and Audits | Election Security | Principles of Information Security | Physical Security | Cybersecurity and Elections | Human Security | Risk Management and Elections | Incident Response Scenarios and Exercises | Phishing and Elections | DDOS Attacks and Elections | Website Defacing | Election Infrastructure Security | DHS Cyber Security Tools and Services | EAC Resources |
|
|
|
 12 Hours Emerging Cyber Security Threats | Skill Level: Intermediate |  | + Description | | This course covers a broad range of cybersecurity elements that pose threats to information security posture. The various threats are covered in detail, followed by mitigation strategies and best practices. It will cover what the policies are, the roles it plays in cybersecurity, how they are implemented. The course will also look at cybersecurity laws, standards, and initiatives. Topics include policy, knowing your enemy, mobile device security, cloud computing security, Radio Frequency Identification (RFID) security, LAN security using switch features, securing the network perimeter, securing infrastructure devices, security and DNS and IPv6 security. Video demonstrations are included to reinforce concepts.
Date: 2010
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Threat Analysis |
Threat/Warning Analysis |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | Introduction to Cybersecurity Policy | Types of Security Policy | Policy Education and Implementation | Cybersecurity Laws | Proposed Legislation | NIST Cybersecurity Standards | Other Cybersecurity Standards | Comprehensive National Cybersecurity Initiatives (CNCI) | Other Federal Cybersecurity Initiatives | Implementing Cybersecurity Initiatives | SPAM | Malware Trends | Botnets | Monetization | Cyber Attack Profiles | Cyber Crime | Cyberwarfare | Cyber Attack Attribution | Cyber Threat Mitigation | Mobile Device Trends | Mobile Device Threats | Mobile Device Countermeasures | Exploited Threats | What is Cloud Computing? | Technical Risks | Operational Risks | Risk Mitigation Strategies | DISA Cloud Solutions | RFID Introduction | RFID Threats | RFID Countermeasures | Exploited Threats | Introduction and MAC Address Monitoring | MAC Address Spoofing | Managing Traffic Flows | VLANs and Security | 802.1x Port Authentication | Network Admission Control | Securing STP | Securing VLANs and VTP | Introduction and Edge Security Traffic Design | Blocking DoS and DDoS Traffic | Specialized Access Control Lists | Routers with Firewalls | Beyond Firewalls: Inspecting Layer 4 and Above | Securing Routing Protocols and Traffic Prioritization | Securing Against Single Point of Failures | Physical and Operating System Security | Management Traffic Security | Device Service Hardening | Securing Management Services | Device Access Hardening | Device Access Privileges | Name Resolution Introduction | Name Resolution and Security | DNS Cache | DNS Security Standards and TSIG | DNSSEC | Migrating to DNSSEC | Issues with Implementing DNSSEC 1 | Issues with Implementing DNSSEC 2 | IPv6 Concepts | IPv6 Threats | IPv6 Network Reconnaissance | DEMO: IPv6 Network Reconnaissance | IPv6 Network Recon Mitigation Strategies | IPv6 Network Mapping | DEMO: IPv6 Network Mapping | IPv6 Network Mapping Mitigation Strategies | IPv6 Neighbor Discovery | DEMO: IPv6 Address Assignment | IPv6 Attacks | DEMO: IPv6 Alive Hosts | DEMO: IPv6 Duplicate Address Detection (DAD) | DEMO: IPv6 DAD Denial of Services (DOS) | DEMO: IPv6 Fake Router Advertisement | DEMO: IPv6 Man-in-the-middle | IPv6 Attack Mitigation Strategies | IPv6 Tunneling | IPv6 Windows Teredo Tunneling | IPv6 Tunneling Mitigation Strategies | IPv6 Best Practices |
|
|
|
 1 Hour Professors in Practice | Skill Level: Beginner |  | + Description | | In this hour-long webinar National Defense University Professor Roxanne Everetts discusses some key leadership decisions around using Federal Risk and Authorization Management Program (FedRAMP) solutions. FedRAMP is a unique government cloud - it is a combination of cloud security, cybersecurity, and risk management.
Learning Objectives:
- Explain FedRAMP and why Federal agencies use FedRAMP. (Hint: It's the law!)
- Discuss knowledge key leaders need for cloud solutions, including: FedRAMP structure, how it helps, and how agencies can leverage it.
- Describe the FedRAMP governing bodies.
- Examine the roles of Cloud Service Providers (CSPs) and Third-Party Assessment Organizations (3PAOs) as FedRAMP participants.
- Identify agency responsibilities, which include ensuring they have an Authority to Operate (ATO) letter on file with the FedRAMP Program Management Office (PMO).
- Explore the FedRAMP Security Framework (SAF), based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37.
- Use the FedRAMP Marketplace to find services that meet agency needs. Any service listed in the Marketplace meets federal security requirements and has already been authorized.
Date: 2020
Training Purpose: Management Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
Securely Provision |
Systems Requirement Planning |
Systems Requirements Planner |
|
| |
|
 2 Hours Foundations of Cybersecurity for Managers | Skill Level: Beginner |  | + Description | | This course is designed for managers and other stakeholders who may be involved in decision making that would include considerations for security in a cyber environment but do not have a strong technical background. Discussions focus on cybersecurity concepts and methodologies that are part of building a resilient cyber enterprise. This course explains how people and technology work together to protect mission-critical assets, and the frameworks leveraged to assess and apply security controls. Beginning with governance, laws, and regulations, the course progresses into threats to the environment and identifying corresponding controls and countermeasures, concluding with strategies for business continuity.
Learning Objectives:
- Know key concepts of cybersecurity and its relation to the business mission.
- Recall risk management strategies and related frameworks.
- Identify how cloud services are leveraged and pros and cons of doing so.
- Describe common threats, threat actor types, and mitigation techniques.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
|
| + Course Modules/Units | | Cybersecurity Introduction | Cybersecurity Workforce | Cybersecurity Governance | Cybersecurity Guidance Resources | Laws and Cybersecurity | Common Cyber Threats | Threat Actors | Cybersecurity and Mobile Devices | Security Controls | Security Tools and Measures | Introduction to Cloud Computing | Cloud Architectures and Deployment Models | Cloud Threats and Attacks | Cloud Security | Risk Management Overview | Incident Response and Digital Evidence Types | Risk and Planning Strategies | Foundations of Cybersecurity for Managers Exam |
|
|
|
 6 Hours Fundamentals of Cyber Risk Management | Skill Level: Beginner |  | + Description | | This course focuses on key concepts, issues, and considerations for managing risk. Discussions include identifying critical assets and operations, risk assessment and analysis methodologies, risk management frameworks, and how to determine threats to your business function, mitigation strategies, and response and recovery.
Learning Objectives:
- Describe key concepts related to cyber risk management.
- Detail risk assessment and analysis methodologies and frameworks.
- Identify security controls and countermeasures to mitigate risks and support response and recovery.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Securely Provision |
Risk Management |
Security Control Assessor |
|
| + Course Modules/Units | | Fundamentals of Cyber Risk Management Course Introduction | Risk Management Overview | Standards for Risk Management | OCTAVE | CERT Resilience Management Model Overview | Critical Assets and Operations | Threat Overview | Vulnerabilities | Threat Scenarios | Risk and Impact Analysis | Considerations for Responding to Risks | Risk Mitigation Strategies | Control Methods and Types of Security Controls | Administrative Controls | Selecting Security Controls | Security Control Assessment | Mitigation Strategy and Maintenance | Security Testing and Assessments | Incident Response Terms and Life Cycle | Incident Response Phase 1 of 6 - Preparation | Incident Response Phase 2 of 6 – Detection and Analysis | Incident Response Phase 3 of 6 – Containment | Incident Response Phases 4-5 of 6 – Eradication and Recovery | Incident Response Phase 6 of 6 – Lessons Learned | Business Continuity Plans and Procedures | Disaster Recovery Plans and Procedures | Fundamentals of Cyber Risk Management Exam |
|
|
|
 1 Hour Incident Response 101 | Skill Level: Beginner |  | + Description | | This course focuses on cyberattacks, specifically compromises via ransomware. Implementing strategies to defend against attacks as well as preparations for response and recovery in the event of an incident is critical to an organization’s resilience. This course reviews malware types and vectors for compromise, common issues hindering an effective response, best practices for preparing and responding to an infection incident, and defensive measures to strengthen the cybersecurity posture.
Learning Objectives:
- Identify the various types of disruptionware, vectors for compromise, and the impact of an infection on business operations.
- Recognize the common problems that can hinder effective incident response and prevention activities.
- Know the ordered steps in following documented incident reporting procedures including immediate actions and communication.
- Explain the importance of defense-in-depth layered strategy for protecting the enterprise with examples of implementation.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| + Course Modules/Units | | Malware Attacks and Vectors of Compromise | Incident Response - Common Problems/Issues | Ransomware Immediate Infection Response | Incident Response Backups | Cyberattack Defensive Strategies | IR Course Exam |
|
|
|
|
 11 Hours ISACA Certified Information Security Manager (CISM) Prep | Skill Level: Intermediate |  | + Description | | The self-study resource prepares learners for the CISM exam. This course focuses on information security management expertise through in-depth lecture topics, reinforcing demonstrations, and a practice exam. This course includes concepts from the four job practice areas: Information Security Governance, Information Risk Management and Compliance, Information Security Program Development and Management, and Information Security Incident Management.
Learning Objectives:
- Explain how information security governance and supporting processes are used to align security strategy with organizational goals and objectives.
- Detail strategies to manage risk to an acceptable level in support of organization goals and objectives.
- Describe the information security program's role in the organization's security posture by managing and protecting assets while supporting goals.
- Detail means to minimize the impact to operations in the event of a security incident through establishing detection, response, and recovery capabilities.
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
Program Manager |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | CISM Course Introduction | IS Governance Domain Overview | Information Security (IS) Management | Importance of IS Governance Part 1 of 2 | Importance of IS Governance Part 2 of 2 | IS Management Metrics | ISM Strategy Part 1 of 2 | ISM Strategy Part 2 of 2 | Elements of IS Strategy | IS Action Plan for Strategy | DEMO: Key Goal, Risk, Performance Indicator | Risk Management Overview and Concepts | Risk Management Implementation | Risk Assessment: Models and Analysis | DEMO: Calculating Total Cost of Ownership | DEMO: Recovery Time Objective (RTO) | Compliance Enforcement | Risk Analysis: Threat Analysis | IS Controls and Countermeasures | Other Risk Management Considerations Part 1 of 2 | Other Risk Management Considerations Part 2 of 2 | DEMO: Cost Benefit Analysis | Information Security Program Development | Information Security Program Management | Outcomes of Effective Management | IS Security Program Development Concepts | Scope and Charter of IS Program Development | IS Management Framework | IS Framework Components | IS Program Roadmap | Organizational Roles and Responsibilities | Information Security Manager Responsibilities | Other Roles and Responsibilities in IS | Information Security Program Resources | IS Personnel Roles and Responsibilities | IS Program Implementation Part 1 of 2 | IS Program Implementation Part 2 of 2 | Implementing IS Security Management Part 1 of 2 | Implementing IS Security Management Part 2 of 2 | Measuring IS Management Performance | Common Challenges to IS Management | Determining the State of IS Management | Incident Management and Response | Incident Management Part 1 of 2 | Incident Management Part 2 of 2 | IMT IRT Members | Incident Response Planning Part 1 of 2 | Incident Response Planning Part 2 of 2 | DEMO: Phishing Emails | DEMO: Incident Management Workflow | Recovery Planning Part 1 of 2 | Recovery Planning Part 2 of 2 | DEMO: RTIR Incident Response Tool Part 1 of 2 | DEMO: RTIR Incident Response Tool Part 2 of 2 | CISM Practice Exam |
|
|
|
 11 Hours (ISC)2 (TM) CAP Certification Prep Self Study 2014 | Skill Level: Intermediate |  | + Description | | This course prepares learners for the Information Security Certification (ISC)2 Certified Authorization Professional (CAP) certification exam. This course focuses on the process of authorizing and maintaining information systems. Topics include understanding the Risk Management Framework (RMF), selection, implementation, and monitoring of security controls as well as the categorization of information systems. A practice exam is included.
Learning Objectives:
- Provide a review of the 7 (ISC)2 CAP domains.
- Supplemental preparation for the (ISC)2 CAP certification exam.
Date: 2014
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | CAP Course Introduction | Risk Management Approach to Security Authorization | Risk Management Framework Steps | Risk Management Framework Phases | RMF Roles and Responsibilities | Organization Wide Risk Management | Managing Risk | Assessor Independence and External Environments | System Development Life Cycle | Alignment of RMF with SDLC Review | RMF Legal and Regulatory Requirements | NIST Publications | Continuous Monitoring Strategies | RMF Guidance Review | Defining Categorization | Categorization Examples | Categorization Process | Security Plans and Registration | Categorize | Selection Step Tasks | Selection Step Definitions | Security Controls Guidance | Privacy and Security Controls | Control Selection and Supplemental Guidance | Tailoring Security Controls | Control Assurance and Monitoring | Control Assurance and Monitoring - Continued | Select | Implementing Security Controls Overview | Integrating Implementation | Implement | Preparing for Control Assessments | Conducting Control Assessments | Security Assessment Report | Remediation Actions and Process Review | Assess | Authorization Documentation | Risk Determination and Acceptance Part 1 of 3 | Risk Determination and Acceptance Part 2 of 3 | Risk Determination and Acceptance Part 3 of 3 | Authorization Decisions | Prioritized Risk Mitigation and Authorization Review | Authorize | Assessments and Configuration Management | Ongoing Security Control Assessments | Monitor | CAP Certification Prep Practice Exam |
|
|
|
 22.5 Hours (ISC)2 (TM) CISSP (R) Certification Prep 2018 | Skill Level: Advanced |  | + Description | | This course prepares learners for the CISSP certification exam. This course focuses on the information security field, exam objectives, and the eight domains upon which the exam is based. This course includes reinforcing video demonstrations and a final practice exam.
Learning Objectives:
- Explain and apply concepts to design, implement, and manage secure cyber operations.
- Develop, document, and implement security policy, standards, procedures, and guidelines.
- Apply risk management concepts.
Date: 2019
Training Purpose: Management Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
Securely Provision |
Systems Architecture |
Enterprise Architecture |
|
| + Course Modules/Units | | CISSP Course Introduction | Security and Risk Management Concepts | Regulatory Compliance and Frameworks | Organizational Privacy Responsibilities | Acquisition Strategies | Computer Crime and Incident Response | International Laws Pertaining to Security | Legal Regulations and Privacy | (ISC)2 Code of Ethics and Ethic Bases | Legal Regulations and Ethics | Policy and Components Overview | BC and DR Initiation and Management | BCP Business Impact Analysis | Vendor Management | System Threats and Countermeasures | Risk Assessment and Countermeasures | Access Control Types | RMF Security Control Assessment Process | Conducting Security Control Assessments | Security Assessment Report | Asset Valuation | Threat Modeling and Reduction Analysis | Security Awareness and Training | DEMO: Security Policy Review | Data Classification | Data Ownership and Retention | Privacy Protection and Data Governance | Security Control Application and Tailoring | Security Control Selection | Data Protection Method (DLP) | Secure Design Principles | Secure Design Standards and Models | Database System | Key Crypto Concepts and Definitions | Securing ICS and SCADA Systems | Industrial Control System Security | DEMO: SCADA Honeynet | Cloud Computing | Cloud Computing Security Issues | Distributed Systems | Parallel and Distributed Systems Security Issues | Internet of Things | Assess and Mitigate Vulnerabilities in Mobile Systems | Cryptographic Lifecycle | Cryptographic Methods | Symmetric Ciphers | Asymmetric Ciphers | Public Key Infrastructure (PKI) | Key Management Practices | Digital Signatures | Hashes and Other Integrity Controls | Salting Hashes | Methods of Cryptanalytic Attacks | Digital Rights Management | Site and Facility Design Criteria | Physical Security Controls | Physical and Environmental Threats | OSI and TCP/IP Models | Telecom and NW Security Layer 1 | Telecom and NW Security Layer 2 | Telecom and NW Security Layer 3 | Telecom and NW Security Layer 4 and 5 | Telecom and NW Security Layer 6 and 7 | Multilayer and Converged Protocols | Mobile and Wireless Security | Content Distribution Networks | Implementing and Using Remote Access | Virtualization | Access Control Technologies | Access Control Types | Access Control System Strategies | Building Access Control | Operations Area Access Control | Credential Management Systems | Third-Party Identification Service | Cloud Identity | Data Authorization Mechanisms | Rule-Based Access Control | Audit and Assurance Mechanisms | Synthetic Transactions | Code Review and Testing | Misuse Case Testing | Test Coverage Analysis | Interface Testing | Security Audits and Agreements | Digital Investigation and Evidence Analysis | Legal System Investigation Types | Electronic Discovery | Intrusion Detection and Prevention | Continuous Monitoring | Egress Monitoring | Security Operations Concepts | Security Operations Incident Management | Managing Security Services Effectively | DEMO: Whitelisting and Blacklisting | Security Operations Resource Protection | Disaster Recovery Strategy | Maintaining Operational Resilience | Managing Recovery Communications | Test Disaster Recovery Plans (DRP) | Security Education Training and Awareness | Perimeter Security | Perimeter Intrusion Detection | Biometrics and Authentication Accountability | Personnel Privacy and Safety | DEMO: Intro to Dshell Toolkit | SDLC Phases | Software Development Models | System Security Protections and Controls | Agile Development Models | Maturity Models | Integrated Product Teams | Security Environment and Controls | SW Development Security and Malware | Impact of Acquired Software | DEMO: Automated Code Review | CISSP Practice Exam |
|
|
|
 7 Hours (ISC)2 (TM) CISSP Concentration: ISSEP Prep | Skill Level: Advanced |  | + Description | | This course is focused on applying security and systems engineering principles into business functions. This self-study prep course is designed to help learners prepare for the specialized Information Systems Security Engineering Professional (ISSEP) certification exam. The topics in the course cover the five domain areas of the CISSP-ISSEP.
Learning Objectives:
- Incorporate security into business processes and information systems.
- Demonstrate subject matter expertise in security engineering.
- Apply engineering principles into business functions.
Date: 2018
Training Purpose: Skill Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
|
| + Course Modules/Units | | ISSEP Course Introduction | ISSE Responsibilities and Principles | ISSE and IATF | Security Design Principles | Elements of Defense in Depth | RMF Characteristics | Maintaining Operational Resilience | Risk Management Overview | Assessing Risk Part 1 of 2 | Assessing Risk Part 2 of 2 | Determining Risks | Categorizing Information Systems | Stakeholder Roles and Responsibilities | Requirements Analysis | Using Common and Tailored Controls | Assessing Security Controls | Implementing Security Controls | Authorizing Information Systems | Systems Verification and Validation | Monitor, Manage, and Decommissioning | Defense Acquisition System Overview | Acquisitions Process | System Development Process Models | Project Processes | Project Management | ISSEP Practice Exam |
|
|
|
 12.5 Hours (ISC)2 (TM) CISSP:ISSMP Prep 2018 | Skill Level: Advanced |  | + Description | | This course is intended for individuals with strong management and leadership skills and interested in focusing on establishing, presenting, and governing information security programs. This self-study prep course reviews the six common body of knowledge domains for the Information Security System Management Professional (CISSP-ISSMP) certification exam.
Learning Objectives:
- Demonstrate ability to apply leadership and management skills to manage an organization information security program.
- Apply the security lifecycle management processes and principles into the system Development lifecycles.
- Apply contingency management practices to plan and implement processes to reduce the impact of adverse events.
Date: 2018
Training Purpose: Management Development
Training Proficiency Area: Level 3 - Advanced
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner |
|
| + Course Modules/Units | | ISSMP Course Introduction | Security’s Role - Culture, Vision and Mission | Security’s Role – Management, Support and Commitment | Security’s Role – Board of Dir, Steering Committee | Security Role – IT, HR and Legal | Security’s Role – Strategic Alignment | IS Governance Defined | IS Governance Goals Part 1 of 2 | IS Governance Goals Part 2 of 2 | Importance of IS Governance | Information Security Strategies | Data Classification and Privacy | Threats to Data Privacy | Data Classification and Privacy Implementations | Security Policy Framework and Lifecycle | Security Requirements in Contracts and Agreements | Security Awareness and Training Programs | Managing the Security Organization | Security Metrics | Security Metrics Indicators | Integrating Project Management with SDLC | System Development Life Cycle (SDLC) | Systems Engineering (CMM) | Vulnerability Management and Security Controls | Service Oriented Architecture Controls | Oversee System Security Testing | Managing Change Control | Risk Management | Risk Management – Threats and Vulnerabilities | Risk Management – Risk Assessments | Calculating Risks | Mitigating Risks | Cyber Threat Intelligence | Detection of Attack Sources | Discovery Challenges and Escalation | DEMO: Escalating Event to Incident | Common Attack Vectors | Root Cause and Investigation | Incident Management Concepts | Incident Management Process | Incident Management Classification | Financial Impact of Incidents | Investigation and Forensic Evidence | Investigations, IH and Response | DEMO: Ditigal Forensics Investigation | Security Compliance Frameworks | Auditing Introduction and Preparation | Evidence Reporting and Auditors | Exception Management | Continuity and Disaster Recovery Planning | Understanding the Business | Insurance | Critical Processes Recovery Objectives | Recovery Obligation Considerations | BCM Site and IT Strategies | Personnel and Recommended Strategies | Design and Testing BCP and COOP | Implementing Continuity and Recovery Plans | Intellectual Property and Licensing | (ISC)2 Code of Ethics | DEMO: Verification and Quality Control | Audit Planning Process | ISSMP Self Study Practice Exam |
|
|
|
 1 Hour Professors in Practice | Skill Level: Beginner |  | + Description | | This hour-long webinar recorded on July 31, 2020 features National Defense University Professor Mark Duke discussing some key leadership decisions when assessing and authorizing systems. The Assessment & Authorization (A&A) process is a comprehensive assessment of policies, technical and non-technical security components, and a system's technical controls followed by leadership agreement that the system meets adequate risk levels before the system is authorized to go into full production.
Learning Objectives:
- Explain why we have to do Assessment & Authorization.
- Explain Roles & Responsibilities of Assessment & Authorization.
- Introduce seven major components of Assessment & Authorization.
- Establish Authorization Boundaries.
- Introduce Assessment Scanning Tools.
- Explain the Role of Security Technical Implementation Guides (STIGs) as potential criteria for Assessment activities.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
Securely Provision |
Systems Requirement Planning |
Systems Requirements Planner |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
|
| |
|
 8.5 Hours Managing Computer Security Incident Response Teams (CSIRTs) | Skill Level: Intermediate |  | + Description | | This course focuses on the type and nature of work the CSIRTs may be expected to handle. It provides an overview of the incident response field, including the nature of incident response activities and an overview of the incident handling processes. The course focuses on foundation material, staffing issues, incident management processes, and other issues such as working with law enforcement, insider threat, and publishing information.
Learning Objectives:
- Provide an overview of the incident response arena, the nature of incident response activities, and incident handling processes.
- Guide learners to understand technical issues from a management perspective, problems and pitfalls to avoid, and best practices where applicable.
- Emphasize the importance of CSIRT management predefined policies and procedures.
- Discuss what is needed to operate an effective CSIRT.
Date: 2020
Training Purpose: Management Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
All-Source Analyst |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
|
| + Course Modules/Units | | Managing CSIRTS Introduction | CSIRT Management Issues | CSIRT Environment Introduction Part 1 of 2 | CSIRT Environment Introduction Part 2 of 2 | Formalization of Incident Management | The Incident Handling Process | CSIRT Environment Terms | The Incident Handling Roles and Responsibilities | CSIRT Environment Summary | CSIRT Environment Resources and Summary | CSIRT Staffing | How to Grow & Retain Staff | CSIRT Code of Conduct Part 1 of 2 | CSIRT Code of Conduct Part 2 of 2 | Media Issues Part 1 of 2 | Media Issues Part 2 of 2 | Managing the CSIRT Infrastructure Components | Data Security | Physical Security | Equipment for CSIRT Staff | Network and Systems for CSIRT Staff | CSIRT Tools | Incident Management Processes Introduction | IM Processes: Prepare, Sustain, and Improve | IM Processes: Protect Infrastructure | IM Processes: Detect | Situational Awareness | Network and System Monitoring | Critical Information | IM Process: Triage | Triage Activities | IM Process: Response | Response Actions | Response Process Issues | Handling Major Events Part 1 of 2 | Handling Major Events Part 2 of 2 | Building a Crisis Communication Plan | Publishing Information | Publishing Document Types | Information Sharing | Publishing Information Summary | General Guidance for Measuring and Evaluating | Types of Evaluations | Building a Quality Assurance Framework | Issues to Consider in Your Framework | Resources for Building an Assurance Framework | What Is Insider Threat? | Types of Insider Threat Activities | Malicious Insider Activity Examples | How Bad Is Insider Threat? | CERT Insider Threat Research | Insider Threat Mitigation | Mitigation Security Controls and Practices | Insider Threat Summary | Working with Law Enforcement Part 1 of 2 | Working with Law Enforcement Part 2 of 2 | Managing CSIRTs Wrap-Up | Video [CSIRTs Resource Overview] (required) |
|
|
|
 1.5 Hours Measuring What Matters: Security Metrics Workshop | Skill Level: Beginner |  | + Description | | This workshop focuses on how to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty, and doubt (FUD), and the latest attack. The Measuring What Matters: Security Metrics Workshop, the learner will learn how to refine a strategic or business objective that meets that S.M.A.R.T.E.R. criteria: Specific, Measurable, Achievable, Relevant, Time-bound, Evaluated, Reviewed, and can be used to initiate the Goal - Question - Indicator - Metric (GQIM) process.
Learning Objectives:
- Identify a core set of business goals, based on the business objective, to which the cybersecurity risk measurement program will be applied.
- Formulate one or more key questions for each business goal, and use them to help determine the extent to which the goal is being achieved.
- Identify one or more indicators for each business goal key question.
- Identify one or more metrics for each indicator that most directly inform the answer to one or more questions.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Collect and Operate |
Cyber Operational Planning |
Cyber Ops Planner |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Securely Provision |
Risk Management |
Security Control Assessor |
|
| + Course Modules/Units | | Measuring What Matters Course Introduction | Why Measure? | Measurement Defined | GQIM Overview | Selecting Business Objectives | Objectives to Goals | Goals to Question | Questions to Indicators | Indicators to Metrics | The Big Picture: Putting It All in Context | Validate Current Questions or Metrics | Getting Started with GQIM | Appendix Cybersecurity Metrics Template | GQIM Process Template |
|
|
|
 1 Hour Migration and Security Strategies for FedRAMP Cloud Computing | Skill Level: Intermediate |  | + Description | | The Migration and Security Strategies for FedRAMP Cloud Computing course is designed to introduce students to the structure and employment of cloud computing using the Federal Risk and Authorization Management Program, or FedRAMP. Topics include cloud computing architecture, FedRAMP structure and roles, FedRAMP security implementations, and FedRAMP-approved cloud deployment options.
Learning Objectives:
- Describe the three major deployment models for cloud computing
- Discuss cybersecurity issues related to cloud computing
- Explain the authority, structure, and roles of major parties that make up FedRAMP
- Explain how Cloud Service Providers (CSPs) and FedRAMP processes work to meet federal security requirements
- Describe how the FedRAMP framework of "do once, use many times" allows government agencies to reuse previously-approved security documents and structures to simplify data deployments to the cloud
- Describe how FedRAMP processes enable a second agency to use a previously approved CSP.
- Identify how FedRAMP processes map to and are designed to assure compliance with applicable standards outlined by the National Institute for Standards and Technology (NIST) in its Special Publications 800 series of documents.
Date: 2021
Training Purpose: Management Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
|
| + Course Modules/Units | | Cloud Security Through FedRAMP | The FedRAMP Authorization Process | FedRAMP Security Assessment Framework (SAF) |
|
|
|
 22 Hours Mobile and Device Security (2015) | Skill Level: Beginner |  | + Description | | This course focuses on mobile devices, how they operate, and their security implications. This course includes topics such as signaling types, application stores, managing mobile devices, and emerging trends and security and privacy concerns with social media.
Learning Objectives:
- Discover mobile device technology components and architectures and how to properly secure them.
- Examine historical and current threats to mobile devices and methods for remediating against them.
- Establish best practices and procedures for performing mobile device forensic investigations.
Date: 2015
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst |
Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Legal Advice and Advocacy |
Privacy Officer/Privacy Compliance Manager |
|
| + Course Modules/Units | | Mobile Security Course Introduction | Cellular Network Generations | Network Standards Introduction | CDMA TDMA and GSM Introduction | GPRS Edge and UMTS Introduction | Additional Network Standards | Bluetooth and Wi-Fi | Cellular Network Components | Mobile Switching Center Database | Authentication and Government Standards | 4G LTE | Mobile Device Components | Mobile Device Operating Systems | Android Customization | Wireless Technology Introduction | WiFi Standards | Wi-Fi Standards : 802.11ac | WiFi Types | Wireless Fidelity Part 2 | WiFi Channels and SSIDs | WiFi Signals and Hardware | Bluetooth | WiMAX | Additional Standards | Near Field Communication | Introduction to Threats | Lost and Stolen Devices | Additional Device-Level Threats | Near Field Communications and Mobile Threats | Application-Level Threats | Rogue Applications | Network-Level Threats | Pineapple Router | Malicious Hotspot | Malicious Use Threats | Mobile Hacking Tools | Mobile Device Security Introduction | Mobile Device Security Introduction Cont. | Android Introduction | Android Security | Android Application Security | Google Android OS Features | Installing Antivirus | iOS Security Model and Platform | iOS Application Security | Jailbreaking iOS | iOS Application Security Cont. | Apple iOS Update Part 1 of 2 | Apple iOS Update Part 2 of 2 | Windows Phone Security Model and Platform | Windows Implementation and Application Security | Windows Phone Update | WiFi Security | WiMax and Bluetooth | Bluetooth Attack | Protecting Data | Encryption | Android Encryption | iOS Encryption | Email Security | Android and iOS Email Security | Windows Email Security | iOS Hardening | iOS Hardening Cont | Blackberry Hardening | Android Hardening | Android Hardening Cont. | Windows Phone Hardening | Windows Phone Password and Cookies | Windows Phone Wi-Fi | Windows Phone - Find, Wipe, and Backup | Device Security Policies | Exchange and BES | Mobile Device Management | Mobile Device Management Cont. | McAfee Mobility Management | Forensics Overview | Forensics Role and Framework | Device Identification | Device Identification Cont. | Network Data | Network Data Cont. | Preservation | Preservation Cont. | Acquisition | Acquisition Cont. | Device Specific Acquisition | Hashing | Hashing Cont. | Analysis | Archiving and Reporting | Cellebrite | Forensics Demonstration | XRY/XACT | Oxygen and CellXtract | Paraben and MOBILedit! | Additional Methods | Subscriber Data | Benefits of Social Media | Risks of Social Media | Liabilities Associated with Social Media | Social Media Controls | Emerging Trends | Emerging Trends Cont. | New Technologies in Mobile Devices | Mobile Devices and the Cloud | Mobile Security Course Quiz |
|
|
|
|
 4 Hours Overview of Creating and Managing Computer Security Incident Response Teams (CSIRTs) | Skill Level: Beginner |  | + Description | | This course focuses on what is needed to create and operate a Computer Security Incident Response Team (CSIRT). The intended audience is individuals tasked with creating a CSIRT and those who may be new to CSIRT issues and processes. Objectives within the course include the benefits and limitations of a CSIRT, CSIRT requirements, services, common policies and procedures, and operational best practices. Previous incident handling experience is not required to partake in this course.
Learning Objectives:
- Identify managerial, organizational, procedural, and operational issues regarding the CSIRT role and function.
- Describe the issues involved with creating and operating a CSIRT.
- Discuss specific topics regarding CSIRT benefits and limitations, requirements and framework, services, policies and procedures, and operational best practices.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
Threat Analysis |
Threat/Warning Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications Security Manager |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
|
| + Course Modules/Units | | Creating and Managing CSIRTS Introduction | Defining the Problem | Defining Incident Management | Effective Incident Management Processes | Defining Terms Used Throughout the Course | Institutionalizing IM Capabilities | Incident Handling Terms Used Throughout the Course | Defining CSIRTs | Creating an Effective CSIRT | Building a CSIRT: Action Plan Part 1 of 2 | Building a CSIRT: Action Plan Part 2 of 2 | Building a CSIRT: Where to Begin | Lessons Learned and Team Maturity | CSIRT Components | CSIRT Organizational Models Part 1 of 2 | CSIRT Organizational Models Part 2 of 2 | CSIRT Policies and Procedures | CSIRT Staffing and Hiring | CSIRT Facilities and Infrastructure | Incident Management Processes Overview | IM Process: Prepare, Sustain, and Improve | IM Process: Protect Infrastructure | IM Process: Detect Events | IM Process: Triage Events | IM Process: Triage Best Practices | IM Process: Respond | IM Process: Respond Issues | IM Process: Best Practices | Creating and Managing CSIRTs Summary | Creating and Managing CSIRTs Resources |
|
|
|
|
 2.5 Hours Pre-Post Assessment Training | Skill Level: Beginner |  | + Description | | Pre-Assessment and Post-Assessment Training (P2T) Description
The P2T training supports CISA strategies that are designed to provide more consistent and effective outcome-based cyber risk management support for its customers. The course provides information that includes:
- Overview of the CISA assessment process, the Pre-Assessment Questionnaire, and suggested post-assessment support enhancements
- How to utilize the Pre-Assessment Questionnaire and the post assessment materials to facilitate an improved customer experience with DHS assessments
- Tips and strategies for the effective delivery of an assessment engagement
Audience
- DHS Cybersecurity Advisors (CSA), and regional/state cyber support teams
- Users of DHS assessments such as the CRR, CRE, and EDM
Objectives
- Provide training on the use of the Pre-Assessment Questionnaire and the PostAssessment Process
- Facilitate making the assessment engagement more customer relevant
- Provide an understanding of techniques that can help CSAs leverage assessments to assist customers with managing cyber risk
- Improve cyber risk outcomes for organizations
Materials
This course is comprised of a three-hour virtual delivery of targeted content presented by an expert from Carnegie Mellon’s SEI|CERT Division, supplemented by materials developed by the SEI to support CISA. The course materials include a variety of references to resources related to the course topics, resilience management, risk, and the cyber assessment process Downloadable* materials include:
- Course content slides
- Pre-Assessment Questionnaire Guide
- Post-Assessment-Enhancing Post-Assessment Activities
*Available for download on the FedVTE P2T course content Lesson selection page |
| + Course Modules/Units | | Course Objectives & Background: Lecture 1 of 4
| Pre-Assessment Questionnaire: Lecture 2 of 4
| Post-Assessment Questionnaire: Lecture 3 of 4
| Course Summary: Lecture 4 of 4
| Supplementary PDF Files
|
|
|
|
 1 Hour Professors in Practice | Skill Level: Beginner |  | + Description | | This webinar recorded on July 10, 2020 features National Defense University Professor Mark Duke discussing key leadership decisions to implement the NIST Risk Management Framework (RMF). The RMF is a risk-based approach to implement security within an existing enterprise - it is leadership’s responsibility to ensure adequate and effective system security.
Learning Objectives:
- How to prepare your component or organization to initiate the RMF.
- How to define, understand, and manage risk to your Information Systems by identifying your threats and vulnerabilities.
- Understand the link to the RMF with Supply Chain Risk Management (SCRM) and the Software Development Life Cycle (SDLC).
- Understand the new "Prepare" step of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 v2 RMF.
- Explain managers’ roles and involvement in each step of the RMF.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner, Cyber Workforce Developer and Manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer, Cyber Instructor |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirement Planning |
Systems Requirements Planner |
|
| |
|
 1 Hour Securing Internet- Accessible Systems | Skill Level: Beginner |  | + Description | | This course focuses on Internet-accessible systems or "Internet of Things" (IoT). Each of these systems and devices can be targeted by threat actors and used to conduct malicious activity if they are unsecured, or worse, these systems can leave vulnerabilities and sensitive information open to exploitation if not properly configured and maintained. This course explains the vulnerabilities of internet-accessible systems and how to prepare for, mitigate, and respond to a potential attack. This course provides key knowledge to inform organizational awareness of internet-accessible system attacks as well as best practices that minimize the likelihood of a successful attack and enable effective response and recovery if an attack occurs.
This webinar is accessible to non-technical learners including managers and business leaders and offers an organizational perspective useful to technical specialists.
Learning Objectives
Enable learners to better defend their internet-accessible systems through awareness of common vulnerabilities, best practices, CISA guidance, and resources:
- Define Internet-Accessible Systems and common vulnerabilities
- Explain cyber hygiene best practices that prevent attacks.
- Understand the impacts of real-life cyberattacks and what an effective organizational response looks like.
- Learn steps to identify, mitigate, and recover from Internet-Accessible System attacks.
Date: 2020
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Operate and Maintain |
Data Administration |
Data Analyst, Database Administrator |
Operate and Maintain |
Systems Administration |
Systems Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications Security Manager; Information Systems Security Manager |
Oversee and Govern |
Program Management and Acquisition |
IT Investment Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Oversee and Govern |
Strategic Planning and Policy |
Cyber Policy and Strategy Planner; Cyber Workforce Developer and Manager |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative; Security Control Assessor |
Securely Provision |
System Requirements Planning |
System Requirements Planner |
|
| |
|
 0.5 Hours Ransomware Overview | Skill Level: Beginner |  | + Description | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This training course focuses on basic Ransomware concepts and methodology. This course will explain what ransomware is, preventative measures that can be used to prevent a ransomware attack, and ransomware incident response and recovery.
Learning Objectives:
- Present an overview of ransomware attacks
- Identify preventative measures to block ransomware attacks
- Discuss incident response best practices for ransomware attacks
- Detail ways to implement recovery measure after a ransomware attack
- Learn to strategically plan the development and implementation of your CSIRT.
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
 0.5 Hours Securing Systems: How to Block Malicious IPs | Skill Level: Beginner |  | + Description | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This interactive training module provides mitigation strategies and techniques as it relates to firewall rules. This module will explain what firewalls are, present the importance of implementing firewall rules and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Block Malicious IPs Demo provides a walkthrough of the tasks you'll need to complete, the Block Malicious IPs Try allows you the opportunity to test out the tasks presented in the Block Malicious IPs Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Identify the purpose of firewalls
- Present the importance of implementing firewall rules
- Identify specific firewall rules to apply
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
 0.25 Hours Securing Systems: How to Sinkhole a Malicious Domain | Skill Level: Beginner |  | + Description | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This interactive training module focuses on sinkholing as a mitigation technique. This module will explain what Domain Name Service (DNS) sinkholes are, present the importance of implementing sinkholes, and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Sinkhole Demo provides a walkthrough of the tasks you'll need to complete, the Sinkhole Try allows you the opportunity to test out the tasks presented in the Sinkhole Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Present the definition of a DNS Sinkhole
- Identify key terms related to the Sinkholing process
- Explain the importance of implementing a DNS Sinkhole
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
 0.25 Hours How to Disable SMBv1 | Skill Level: Beginner |  | + Description | | Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.
This interactive training module provides information on how to disable SMBv1 using the group policy mitigation technique. This module will explain Server Message Block (SMB), provide an overview of the versions of SMB, present the importance of blocking SMBv1, and provide an opportunity for you to practice applying group policies that disable SMBv1 in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The SMBv1 Demo provides a walkthrough of the tasks you'll need to complete, the SMBv1 Try allows you the opportunity to test out the tasks presented in the SMBv1 Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Define Server Message Block
- Identify the three versions of SMB
- Present the importance of disabling SMBv1
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
 0.5 Hours Securing Systems: How to Create Application Allowlisting Policies | Skill Level: Beginner |  | + Description | | Application Allowlisting is a controlled list of applications and components such as libraries, configuration files, etc. that are authorized to be present or active on a host according to a well-defined baseline. It is a highly effective security strategy that acts as a preventative file execution policy to allow only certain programs to run and prevents others from executing. Every organization must verify and trust each and every application they allow on their network. They do this by adapting allowlisting to help block the execution of malware, unlicensed software, and other unauthorized software.
This interactive training module focuses on basic Application Allowlisting concepts and methodologies. This module will explain what Application Allowlisting is, present the importance of implementing Application Allowlisting, and provide an opportunity for you to practice applying specific Application Allowlisting rules in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Application Allowlisting Demo provides a walkthrough of the tasks you'll need to complete, the Application Allowlisting Try allows you the opportunity to test out the tasks presented in the Application Allowlisting Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Create Windows Defender Application Control (WDAC) allowlisting policies with PowerShell
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| + Course Modules/Units | | Application Allowlisting - Video | Application Allowlisting - Demo | Application Allowlisting- Try |
|
|
|
 0.5 Hours How to Backup and Restore Active Directories | Skill Level: Beginner |  | + Description | | Active Directory (AD) is one of the most vital components in a Windows network. Cybercriminals today are targeting AD, performing reconnaissance to discover users, servers, and computers in an enterprise network, and then moving laterally to carry out multi-stage attacks to gain access and abuse organization resources and data. An AD backup and restoration disaster recovery strategy is vital for operation continuity. Backing up AD regularly is important, sometimes the backup is the only way for an organization to recover its data after a cyberattack.
This interactive training module focuses on basic AD concepts and methodologies. This module will explain how to identify the Primary Domain Controller (PDC) of the domain, explain how to make changes to AD without backing up again, and provide an opportunity for you to practice confirming the changes made after the backup are replaced with the information in the backup file.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The AD Backup Restore Demo provides a walkthrough of the tasks you'll need to complete, the AD Backup Restore Try allows you the opportunity to test out the tasks presented in the AD Backup Restore Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Backup Active Directory on a Domain Controller
- Restore Active Directory on a Domain Controller
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
 0.25 Hours How to Reset a KRBTGT Account Password | Skill Level: Beginner |  | + Description | | Kerberos Ticket Granting Ticket (KRBTGT) is a local default account used for Microsoft’s implementation of Kerberos, the default Microsoft Windows authentication protocol for granting access to network applications and services. KRBTGT acts as a service account for the Key Distribution Center (KDC) service. KRBTGT account in Active Directory (AD) plays a key role that encrypts and signs all Kerberos tickets for the domain.
This interactive training module focuses on basic KRBTGT concepts and methodology. This module will explain how to reset the KRBTGT account password using the Active Directory Users and Computers app in the Administrative tools in our virtual environment.
This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Reset KRBTGT Account Password Demo provides a walkthrough of the tasks you'll need to complete, the Reset KRBTGT Try allows you the opportunity to test out the tasks presented in the Reset KRBTGT Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF
Learning Objectives:
- Reset the KRBTGT Account password
Date: 2022
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Analyze |
Exploitation Analysis |
Exploitation Analyst |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Investigate |
Digital Forensics |
Cyber Defense Forensics Analyst; Law Enforcement/ Counterintelligence Forensics Analyst |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leadership |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| + Course Modules/Units | | Reset KRBTGT Account Password - Video | Reset KRBTGT Account Password - Demo | Reset KRBTGT Account Password - Try |
|
|
|
|
 7 Hours SiLK Traffic Analysis | Skill Level: Intermediate |  | + Description | | This course is designed for analysts involved in daily response to potential cybersecurity incidents, and who have access to the Einstein environment. The course begins with an overview of network flow and how the SiLK tools collect and store data. The next session focuses specifically on the Einstein environment. The basic SiLK tools are covered next, giving the analyst the ability to create simple analyses of network flow. Advanced SiLK tools follow and cover how to create efficient and complex queries. The course culminates with a lab where learners use their new skills to profile a network.
Learning Objectives:
- Use of the SiLK network flow analysis tool suite to perform tasks such as querying for records related to a specific incident or indicator, creating sets of indicators for batch analysis, and leveraging network flow to provide basic network situational awareness.
Date: 2013
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
|
| + Course Modules/Units | | Introduction to SiLK | iSiLK | What is Network Flow? | Interpreting SiLK Network Flow | SiLK Flows | SiLK Traffic Analysis Quiz 1 | The SiLK Repository | Basic SiLK Tools | SiLK Traffic Analysis Quiz 2 | rwfilter | rwfilter Examples | rwfilter Demo | rwfilter Continued | SiLK Traffic Analysis Quiz 3 | rwcount | rwcount Demo | rwstats | rwstats Demo 1 | rwstats Continued 1 | rwstats Demo 2 | rwstats Continued 2 | rwuniq | SiLK Traffic Analysis Quiz 4 | PySiLK | Python Expressions and SilkPython | SiLK Traffic Analysis Quiz 5 | IP Sets | Bags | SiLK Traffic Analysis Quiz 6 | Prefix Maps | Tupples | SiLK Traffic Analysis Quiz 7 | rwgroup | rwmatch | SiLK File Utilities | IPv6 in SiLK | SiLK Traffic Analysis Quiz 8 | Network Profiling Introduction |
|
|
|
 10 Hours Software Assurance Executive Course (SAE) | Skill Level: Intermediate |  | + Description | | This course is designed for executives and managers who wish to learn more about software assurance as it relates to acquisition and development. The purpose of this course is to expose participants to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.
Learning Objectives:
- Understanding of software assurance practices and challenges.
- Advice for organizations and the future of software assurance.
- Understanding of software supply chain risk management.
- Awareness of agile methods and adopting software trustworthiness.
Date: 2013
Training Purpose: Skill Development
Training Proficiency Area: Level 2 - Intermediate
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Cybersecurity Manager |
Oversee and Govern |
Executive Cyber Leadership |
Executive Cyber Leader |
Securely Provision |
Software Development |
Software Developer |
|
| + Course Modules/Units | | Interview with William Scherlis: Introduction and Background | Software Assurance Challenges | Encouraging Adoption of Software Assurance Practices Through People and Incentives | The Path Toward Software Assurance: Advice for Organizations | Learning from Failure | The Future of Software Assurance | Introduction, Current Software Assurance Activities by DHS, and Current SW Assurance Environment | Managing Risks in a Connected World | A Need for Diagnostic Capabilities and Standards | Changing Behavior: Resources | Establishing a Foundation for Software Assurance | Conclusion: The Rugged Manifesto and Challenge | Introduction to Software Assurance | Software Assurance Landscape | Software Assurance Principles | Current Software Realities | Introduction to Software Assurance, Part 2 | Building Security In | Microsoft Secure Development Lifecycle (MS SDL) | Requirements Engineering | Security Requirements Methods | Threat Modeling: STRIDE (used by Microsoft) | Industry Case Study in Threat Modeling: Ford Motor Company | Topic Summary | Creating and Selling the Security Development Lifecycle (SDL) | Managing the Process | Making a Difference | Introduction and Key Components of Agile Development | Traditional & Agile Acquisition Life Cycles | Common Agile Methods and Scrum - the Most Adopted Agile Method | Challenges to Agile Adoption | Suggestions for Successful Use of Agile Methods in DHS Acquisition | Agile Summary | Software Assurance, Introduction to Part 3: Mission Assurance | What Does Mission Failure Look Like? | Mission Thread Analysis for Assurance | Applying Mission Thread Analysis Example 1 | Applying Mission Thread Analysis Example 2 | Applying Mission Thread Analysis | Software Assurance, Introduction to Part 4: SwA for Acquisition | Software Supply Chain Challenges | Supply Chain Risk Mitigations for Products | System Supply Chains | SCRM Standards | Summary | Software Assurance in the Software Development Process and Supply Chain: Introduction | Scope of the Problem | Governance for System and Software Assurance | Strategy Solutions: System Security Engineering, Software Sustainment | Process Solutions | Introduction, History, and Current State of Software | Trustworthy Software | The UK Trustworthy Software Initiative (TSI) | Trustworthy Software Framework | Current Focus and Future Direction of UK TSI | Questions and Answers |
|
|
|
|
 2 Hours Static Code Analysis using HPE Fortify | Skill Level: Beginner |  | + Description | | This course focuses on integrating static code analysis tools into the software development process from a developer's/cybersecurity professional's perspective. The course demonstrates how Fortify is used to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available.
Learning Objectives:
- Understand how static code analysis tools work.
- Utilize integrated development environment (IDE) plugins in order to find CWE in source code during the development phase.
- Apply visualization tools available to developers and security professionals.
- Participate in accreditation reporting.
Date: 2014
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Legal Advice and Advocacy |
Privacy Officer/Privacy Compliance Manager |
Securely Provision |
Systems Development |
Systems Developer |
|
| + Course Modules/Units | | AppSec with HPE Product Overview and Workflow | HPE Fortify Static Code Analyzer Suite Overview | HPE Static Code Analyzer Command Line Demo | Audit Workbench Demo | Fortify SCA Process Flow | Audit Workbench Demo Continued | STIG Reporting with Audit Workbench | IDE Plugin | Questions and Answers | Fortify Priority | Software Security Center |
|
|
|
 1.5 Hours Static Code Analysis using Synopsis Coverity | Skill Level: Beginner |  | + Description | | This course focuses on integrating static code analysis tools into the software development process. This course explains how developers can use tools such as Coverity to identify and remove Common Weakness Enumeration (CWE) from applications in which the source code is available, prior to deployment.
Learning Objectives:
- Understand how static code analysis tools work.
- The use of integrated development environment (IDE) plugins in order to find CWE in source code during the development phase.
- Visualization tools available to developers and security.
Date: 2014
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Legal Advice and Advocacy |
Privacy Officer/Privacy Compliance Manager |
Securely Provision |
Systems Development |
Systems Developer |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| + Course Modules/Units | | Overview of Synopsis Software Integrity Platform | Demonstration | Questions and Answers | Closing |
|
|
|
 2.5 Hours Supply Chain Assurance using Sonatype Nexus | Skill Level: Beginner |  | + Description | | This course focuses on integrating static code analysis tools into the software development process from both a developer's and a security professional's perspective. This course demonstrates how tools such as Sonatype can be used to evaluate the software supply chain in order to identify and remove components with known Common Vulnerabilities and Exposures (CVE) from applications in which the source code is available.
Learning Objectives:
- Understand why software supply chain is important.
- Utilize integrated development environment (IDE) plugins in order to identify and avoid the use of libraries, applications, tools, etc. with known CVE used by an application.
- Apply tools to enforce organizational security policies and governance.
Date: 2014
Training Purpose: Skill Development
Training Proficiency Area: Level 1 - Beginner
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Legal Advice and Advocacy |
Privacy Officer/Privacy Compliance Manager |
Securely Provision |
Systems Development |
Systems Developer |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| + Course Modules/Units | | Overview of Sonatype Success Engineering | Developer Perspective | Policies | Dashboard | Repository Manager | Questions and Answers | Success from the Start | Preparing for Deployment - Overview | Preparing for Deployment - Licenses | Preparing for Deployment - Architectural Risk | Preparing for Deployment - Evaluation | Preparing for Deployment - Policy Elements | Preparing for Deployment - Default Policy Demo | Preparing for Deployment - Policy Demo |
|
|
|
|
|
|
 1 Hour Understanding DNS Attacks | Skill Level: Beginner |  | + Description | | The Domain Name System, commonly known as DNS, is often referred to as the "phone book" of the Internet. Every time we access the Internet to visit our favorite websites, shop and pay bills online, or access online portals for healthcare or banking, we depend on DNS infrastructure to securely route us to our intended destinations. While this shared infrastructure is incredibly powerful and useful, it also presents a rich attack surface for threat actors: allowing them to shut down websites and online services, replace legitimate website content with threats and extortion attempts, or even route traffic to a carbon copy of a legitimate website to steal any information entered by users intending to conduct business as usual. "Understanding DNS Attacks" provides key information you need to know to protect yourself and your organization from DNS infrastructure tampering including common vulnerabilities, how to identify a potential attack, and guidance and best practices to mitigate the likelihood and impact of a successful DNS attack.
This webinar is accessible to non-technical learners including managers and business leaders, and offers an organizational perspective useful to technical specialists.
Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from DNS infrastructure attacks through awareness of common attack schemes, best practices, CISA guidance, and resources.
- Define DNS Tampering and explain common attack methods
- Identify signs of a DNS attack
- Learn mitigation steps for DNS attacks
- Understand the process to recover from a DNS attack
- Explore impacts of DNS attacks through case studies
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
Mission Assessment Specialist |
Collect and Operate |
Collection Operations |
All-Source Collection Manager, All-Source Collection Requirements Manager |
Operate and Maintain |
Customer Service and Technical Support |
Technical Support Specialist |
Operate and Maintain |
Data Administration |
Data analyst, database administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operation Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Strategic Planning and Policy |
Cyber policy and strategy planner; cyber workforce developer and manager |
Oversee and Govern |
Training, Education, and Awareness |
Cyber Instructional Curriculum Developer |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support Specialist |
Protect and Defend |
Incident Response |
Cyber Defense Incident Responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability Assessment Analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect, Security Architect |
Securely Provision |
Systems Requirements Planning |
Systems Requirements Planner |
Securely Provision |
Test and Evaluation |
System Testing and Evaluation Specialist |
|
| |
|
 1 Hour Incident Response Training: Defending Internet Accessible Systems (IR 104) | Skill Level: Beginner |  | + Description | | This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Internet-accessible systems have become the backbone of modern business and communication infrastructure, from smartphones to web applications, to the explosive growth of the “Internet of Things” (IoT). Each of these systems and devices, however, can be targeted by threat actors and used to conduct malicious activity if they are unsecured. Worse, these systems can leave vulnerabilities and sensitive information freely available to exploit if not properly configured and maintained. This webinar includes the following information and more: - Common attacks and vulnerabilities: Understand common vulnerabilities of internet-accessible systems, how they are exploited by threat actors, and how to mitigate them to prevent attacks from succeeding.
- CISA guidance: Learn key guidance, resources, and best practices to address vulnerabilities and prepare effective incident response and recovery.
- Case studies: Examine the methods and impacts of real-life cyberattacks, and how the targets responded and recovered.
- Knowledge checks: Knowledge check questions will be asked throughout the course to reinforce key concepts and important takeaways.
This awareness webinar is designed for both technical and non-technical audiences. Date: 2022 Training Proficiency Area: Level 1 - Beginner Training Purpose: Skill Development Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5) Category | Specialty Area | Work Roles | Protect and Defend | Incident Response | Cyber Defense Incident Responder | Protect and Defend | Vulnerability Assessment and Management | Vulnerability Assessment Analyst | Operate and Maintain | Systems Analysis | Systems Security Analyst | Securely Provision | Systems Requirements Planning | System Requirements Planner | Oversee and Govern | Program Management and Acquisition | IT Project Manager |
|
| |
|
 1 Hour Incident Response Training: Preventing Web and Email Server Attacks (IR 105) | Skill Level: Beginner |  | + Description | | This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit: https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Web and email servers are the workhorses of the Internet — we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers. This webinar includes the following information and more:
- Common attacks and vulnerabilities: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.
- Key guidance for organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.
- Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
- Knowledge checks: The course concludes with a brief knowledge check section to reinforce key concepts and takeaways.
This awareness webinar is designed for both technical and non-technical audiences.
Date: 2022
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category | Specialty Area | Work Roles |
Protect and Defend | Incident Response | Cyber Defense Incident Responder | Protect and Defend | Vulnerability Assessment and Management | Vulnerability Assessment Analyst | Operate and Maintain | Systems Analysis | Systems Security Analyst | Securely Provision | Systems Requirements Planning | System Requirements Planner | Oversee and Govern | Program Management and Acquisition | IT Project Manager | |
| |
|
 0.02 Hours What is CDM and the DCM Agency Dashboard? | Skill Level: Beginner |  | + Description | | This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.
Learning Objectives:
- Understand what are CDM and the CDM Agency Dashboard
- Understand the New CDM Agency Dashboard
- Provide an overview on the AWARE Scoring Algorithm 1.0
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
 0.25 Hours Introduction to the New CDM Agency Dashboard | Skill Level: Beginner |  | + Description | | This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.
Learning Objectives:
- Understand the New CDM Agency Dashboard
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
 0.02 Hours Introduction to the AWARE Scoring Algorithm | Skill Level: Beginner |  | + Description | | This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.
Learning Objectives:
- Provide an overview on the AWARE Scoring Algorithm 1.0
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
 0.25 Hours AWARE Scoring Algorithm Details | Skill Level: Beginner |  | + Description | | This short video (5-11 minutes) of the new CDM Agency Dashboard will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the new dashboard.
Learning Objectives:
- Provide an overview on the AWARE Scoring Algorithm 1.0
Date: 2021
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Oversee and Govern |
Cybersecurity Management |
Information Systems Security Manager |
Oversee and Govern |
Program/Project Management and Acquisition |
IT Investment/Portfolio Manager, IT Program Auditor, IT Project Manager, Product Support Manager, Program Manager |
Securely Provision |
Risk Management |
Authorizing Official/Designating Representative, Security Control Assessor |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 1 Hour Understanding Indicators of Compromise (IR 108)” | Skill Level: Beginner |  | + Description | |
This is a recorded version of an Incident Response Training Webinar delivered to a live audience by instructors. For information on how to register for live and instructor-led courses, please visit:
https://www.cisa.gov/resources-tools/programs/Incident-Response-Training.
Learning Objectives:
Major cyber-attacks have made headlines for years and the pace of threat activity faced by government and private sector organizations is accelerating. Often, the most damaging
attacks reported are traced to Advanced Persistent Threats (APTs): groups of sophisticated hackers who gain entry into an unauthorized system and remain undetected for extended periods of time, allowing them to surveil and gather information, test security,
or execute malicious activity without tripping network defenses.
Indicators of Compromise (IOCs) are the digital and informational "clues" that incident responders use to detect, diagnose, halt, and remediate malicious activity in their networks.
This webinar provides an overview of IOCs for incident responders and those who work with them, introduces example scenarios and how IOCs can be used to trace activity and piece together a timeline of the threat, and discusses tools and frameworks to help
incident responders use IOCs to detect, analyze, respond to, and report cyber threat activity.
This webinar includes the following information and more:
-
Define IOCs and why tracking, investigating, and reporting IOCs are crucial to enterprise cybersecurity.
-
Understand how IOCs are used for threat hunting and incident response, different types of indicators, and how to collect different categories of IOCs.
-
Learn about the MITRE ATT&CK® framework and how it supports the analysis of IOCs, potential threat actors related to the activity and their associated strategies and tactics.
-
Introduce free CISA cybersecurity tools, services, and resources to help organizations further advance their cybersecurity capabilities.
This awareness webinar is designed for both technical and non-technical audiences.
Date: 2022
Training Proficiency Area: Level 1 – Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework (Top 5)
Category
|
Specialty Area
|
Work Roles
|
Protect and Defend
|
Incident Response
|
Cyber Defense Incident Responder
|
Protect and Defend
|
Vulnerability Assessment and Management
|
Vulnerability Assessment Analyst
|
Operate and Maintain
|
Systems Analysis
|
Systems Security Analyst
|
Securely Provision
|
Systems Requirements Planning
|
System Requirements Planner
|
Oversee and Govern
|
Program Management and Acquisition
|
IT Project Manager
|
|
| |
|
 1 Hour Understanding Web and Email Server Security | Skill Level: Beginner |  | + Description | | Web and email servers are the workhorses of the Internet: we couldn't run government, businesses, or our personal lives without them! However, the information exchanged through web and email servers can offer a tempting target for cyber attackers. Participants can request 1 CPE credit for completing this course.
This webinar includes the following information and more:
- Attack methods: Hackers can target and decode victims' web and email traffic, compromise email security to make phishing attempts more likely to succeed, or can even use botnets to shut down access to websites and conduct large-scale campaigns of malicious activity.
- Key Guidance for Organizations: CISA provides resources and best practices to help individuals and organizations secure their web and email infrastructure.
- Case studies: Explore the methods and impacts of real-life cyberattacks, and how the victims responded and recovered.
- Incident Response overview: Key steps to identify a potential attack, mitigate damage through proper preparation and response, and recover after an attack occurs.
Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from web and email server cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.
- Define web and email server infrastructure, and explain common attack methods
- Identify signs of a potential attack
- Learn mitigation steps for web and email server attacks
- Understand the process to recover from a web or email server attack
- Explore impacts of web and email server attacks through case studies
Date: 2020
Training Proficiency Area: Level 1 - Beginner
Training Purpose: Skill Development
Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework
Category | Specialty Area | Work Roles |
Analyze |
All-Source Analysis |
All-source analysis |
Analyze |
Threat Analysis |
Threat/ warning analyst |
Collect and Operate |
Collection Operations |
All Source Collection Manager; All Source Collection Requirements Manager |
Collect and Operate |
Cyber Operational Planning |
Cyber Intel Planner; Cyber Ops Planner; Partner Integration Planner |
Operate and Maintain |
Data Administration |
Data analyst, database administrator |
Operate and Maintain |
Knowledge Management |
Knowledge Manager |
Operate and Maintain |
Network Services |
Network Operations Specialist |
Operate and Maintain |
Systems Administration |
System Administrator |
Operate and Maintain |
Systems Analysis |
Systems Security Analyst |
Oversee and Govern |
Cybersecurity Management |
Communications security manager; information systems security manager |
Oversee and Govern |
Program Management and Acquisition |
IT investment manager, IT program auditor, IT project manager, product support manager, program manager |
Oversee and Govern |
Strategic Planning and Policy |
Cyber policy and strategy planner; cyber workforce developer and manager |
Protect and Defend |
Cyber Defense Analysis |
Cyber Defense Analyst |
Protect and Defend |
Cyber Defense Infrastructure Support |
Cyber Defense Infrastructure Support specialist |
Protect and Defend |
Incident Response |
Cyber defense incident responder |
Protect and Defend |
Vulnerability Assessment and Management |
Vulnerability assessment analyst |
Securely Provision |
Risk Management |
Authorizing official; security control assessor |
Securely Provision |
Systems Architecture |
Enterprise Architect; Security Architect |
Securely Provision |
System Requirements Planning |
System requirements planner |
|
| |
|