This short CDM Agency Dashboard video will provide a foundation level of knowledge and background that will help end users of the dashboard prepare for training demonstrations and hands-on activities, as well as the implementation of the Elastic dashboard.

Learning Objectives:

• Become familiar with the Kibana User Interface of the CDM Agency Dashboard
• Better understand the CDM Agency Dashboard architecture and data flow
• Understand the general architecture, data flow, and data structure and schema
• Become familiar with JSON Documents

Date: 2022

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Micro Learn: The Federal Dashboard and Cross Cluster Search

Description:

Learn about the concepts and features of the CDM Federal Dashboard. This video will describe the Federal Dashboard, use case scenarios, and how Cross Cluster Searching can provide its many benefits to federal agencies.

Learning Objectives:

• Learning the new features of the Federal Dashboard and the primary use cases of the dashboard.
• Understanding the data trends within the Federal Dashboard
• What are the primary user roles of the Federal Dashboard?
• Learn about Cross Cluster Searching and how the federal dashboard increases the security of the .GOV domain

Date: April  2023

Length: 13 minutes

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Course Title: API Key Self-Creation

Length (mins): 5 minutes

Description: Learn how to create an API key yourself using Kibana.

Learning Objectives:

• Perform the steps to create an API key using Kibana.

Training Purpose: Skill Development

Training Level: Advanced

Alignment to NICE Framework

Course Title: Change Number Format with Kibana

Length (mins): 5 minutes

Description: Kibana allows for custom number formatting. Learn how to display values as whole numbers and not as rounded ones. This MicroLearn demonstrates how to do this by changing general and custom settings.

Learning Objectives:

• Change the number format in Kibana.

Training Purpose: Skill Development

Training Level: Intermediate

Alignment to NICE Framework

Course Title: Create a Dashboard with Existing Visualizations

Length (mins): 4 minutes

Description: This MicroLearn demonstrates how to create a dashboard and quickly add existing visualizations to the dashboard. Before beginning, please read the following restrictions.

Learning Objectives:

• Create a new dashboard with existing visualizations.

Training Purpose: Skill Development

Training Level: Intermediate

Alignment to NICE Framework

Course Title: Create a Visualization with Lens

Length (mins): 4 minutes

Description: Kibana's Lens feature makes it easy to create visualizations. This MicroLearn demonstrates how to create a simple graph using the Lens feature.

Learning Objectives:

• Create a line graph using Lens.

Training Purpose: Skill Development

Training Level: Intermediate

Alignment to NICE Framework

Course Title: Dashboard Navigation – An Introduction

Length (mins): 2 minutes

Description: Finding data that’s meaningful to you shouldn’t be challenging. Following these four easy steps will allow you to navigate seamlessly through the CDM Dashboard to find exactly what you are looking for.

Learning Objectives:

• Identify ways to navigate the CDM Dashboard.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Federal Benchmark Subscores

Length (mins): 3 minutes

Description: This MicroLearn is a demonstration of how to view Federal Benchmark metrics. These metrics consist of Averages, Maximum Values, and Minimum Values. Metrics are derived from Agency Dashboard data reported to the Federal Dashboard.

Learning Objectives:

• View the Federal Benchmarks used in the CDM Dashboard.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: FireEye Reporting – Search for the Latest CVE Data from FireEye

Length (mins): 4 minutes

Description: This MicroLearn teaches you how to search and view the latest FireEye enriched NIST CVE reference data shared by the Federal Dashboard.

Learning Objectives:

• Retrieve the NIST CVE data that is enriched by FireEye.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Interface Overview – Discover, Dashboard, and Visualize

Length (mins): 2 minutes

Description: This MicroLearning introduces three important Kibana interface tools: Discover, Dashboard, and Visualize.

Learning Objectives:

• Identify the Discover, Dashboard, and Visualize areas of the CDM Dashboard.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Manual Filtering (Add Filter) – Filter by Critical Severity

Length (mins): 2 minutes

Description: Add filters to display only those documents that contain a particular value in a field. You can also create negative filters that exclude documents that contain the specified field value.

• Perform the steps to create a negative filter, also known as filter out.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Manual Filtering – Adding Multiple Filters on One Dashboard

Length (mins): 2:30 minutes

Description: Add filters to display only those documents that contain a particular value in a field. In this MicroLearn, you will learn how to add multiple filters to the same dashboard.

• Add multiple filters to a dashboard.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Search Function – Search for Mac Machines

Length (mins): 2 minutes

Description: In this MicroLearn, you will perform a Free Text Search – a search performed on all fields. The KQL Search bar allows you to search the indices that match the current index pattern. You will learn how to enter search criteria in the query bar and why to avoid Elastic's Global Search Bar.

• Create a filter using the KQL Search bar to locate Mac end points.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: STIG Dictionary Filter Sort and View Details

Length (mins): 3:30 minutes

Description: This MicroLearn demonstrates how to use Kibana's Discover feature to Filter, Sort, and View STIG information. This tutorial begins with the Discover feature within the CDM Agency Dashboard space. The steps used in this tutorial are the same for the CDM Federal Dashboard.

• Locate STIG information in the CDM Agency or Federal Dashboard using Kibana's Discover feature.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: The Data Dictionary

Length (mins): 5 minutes

Description: This MicroLearn demonstrates how to view the CDM Dashboard's Data Dictionary to lookup field descriptions and view the fields that compose a data view using the Discover tool.

• Use the Discover tool to view field definitions.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: The KQL Search Bar – An Introduction to Field Level Searches

Length (mins): 5 minutes

Description: The Kibana Query Language (KQL) makes it easy to find the fields and syntax for your Elasticsearch query. Learn more about data fields and field level searches in this MicroLearn.

• Write a query using KQL.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Time Filter – Show ‘Absolute’ Dates

Length (mins): 1:30 minutes

Description: Learn how to filter for time in the CDM Dashboard using the Absolute feature. Use the Absolute tab in the Show Dates dropdown menu to choose a specific date range. By default, the time filter on the CDM Dashboard is set to the last 30 Days.

• Locate and select absolute date ranges.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Time Filter – ‘Commonly Used’ Feature

Length (mins): 1:30 minutes

Description: By default, the time filter on the CDM Dashboard is set to the last 30 Days. Learn how to use the time filter to change the date range to meet your data analysis needs. The time filter is a powerful tool with a multitude of features. This MicroLearn focuses on how to filter for time within the Commonly Used date feature.

• Locate and select the Commonly Used date ranges.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Trend Chart Filtering - Filtering for Time

Length (mins): 1 minute

Description: It is possible to change the Time Range from within a Trending Chart without using the Time Filter. Learn how in this MicroLearn.

• Change the data range in a Trend graph without using the Time Filter.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

Course Title: Using Multiple Filter Types

Length (mins): 2:30 minutes

Description: There are a multitude of ways to filter data in Kibana. This MicroLearn walks you through four variations in one dashboard experience.

• Apply four different methods of applying filters in Kibana.

Training Purpose: Skill Development

Training Level: Beginner

Alignment to NICE Framework

This course explores the guidance from the Cloud Security Alliance (CSA), National Institute of Standards and Technology (NIST), National Security Agency (NSA), and several Cloud Service Providers (CSPs). Objectives cover cloud security risks and threats, basic operations, incident response considerations, along with application, data and infrastructure security concepts. Where applicable, demonstrations of cloud provider tools and capabilities will be used to reinforce key points.

Learning Objectives:

• Define cloud models and components.
• Apply CSA security guidance and other best practices to cloud deployments.
• Understand cybersecurity requirements within the Shared Responsibilities model.
• Prepare for cloud computing governance and compliance challenges.
• Relate traditional cybersecurity controls to popular cloud solutions.
• Recognize and prepare for cloud computing threats.
• Review additional cloud security tools and use cases.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

The Cloud Computing Concepts course highlights concepts and best practices for cloud architecture, design, security, and operations. Topics include leveraging cloud environments for critical assets or operations, and the impacts on data and application security, as well as legal, risk, and compliance considerations.

Learning Objectives:

• Compare cloud service and deployment models and each’s impact on customer control and responsibilities
• Identify data security strategies within cloud environments
• Explain secure data center design concepts including example risks and security controls
• Describe the Secure Software Development Life Cycle (SDLC) and its relation to applications within cloud environments
• Summarize concepts for building, operating, and managing physical and logical infrastructure for cloud environments
• Outline privacy, legal, and audit requirements with cloud environments, and how it relates to evaluating providers

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course introduces concepts around Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Software as a Service (SaaS), Multiple Cloud Hosting and Hybrid Cloud Hosting.

Date: 2021

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course features National Defense University Professor Robert Richardson who discusses important security and oversight requirements for commercial cloud solutions.

Learning Objectives:

• Overview of the cloud physically, logically, and architecturally.
• Discuss cloud deployment models and characteristics.
• Overview of cloud infrastructure characteristics.
• Cloud Supply Chain Risk Management and considerations of commercial cloud as third-party cloud services; senior leaders should "beware of the gaps and seams."
• Cloud software components - microservices & APIs.
• The driving forces and key technology enablers of commercial cloud services in the Federal Government.
• Must-have security requirements and policies for cloud solutions.
• The top ten cybersecurity cloud risks such as: loss of service, data breaches, human error. As well as non-cybersecurity risks such as: outsourcing risks, personnel security, and supply chain risk management.
• Where Federal Government adoption of commercial cloud is now and predictions for the future.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on the basics of computer programming and how to give a machine a set of instructions to produce a desired behavior. This course also provides information on the elements of programming and programming languages, frameworks, and models. The course includes an interactive programming game, interactive knowledge checks, and the chance to write a fully functional code.

Learning Objectives:

• Define programming.
• Describe the structure and purpose of major programming paradigms.
• Explain the difference between high-level and low-level languages.
• Describe the uses of scripting and compiled languages.
• State the elements of programming.
• Explain when to use a variable in programming.
• List basic data types.
• State how operators are used in programming.
• Explain why logic and flow are important in programming.
• State the purpose of programming frameworks.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course discusses the influence, impact, and need for cybersecurity when defending the critical infrastructure and key resources of the United States. This course provides the definition of critical infrastructure, examples of cybersecurity threats to critical infrastructure, and information on what is being done to protect critical infrastructure from these cybersecurity threats.

Learning Objectives:

• Define and give examples of critical infrastructure.
• Identify possible cyber threats to critical infrastructure.
• Describe U.S. cybersecurity policies and programs.
• Explain the cybersecurity roles of the Department of Homeland Security (DHS) and other Federal agencies.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on cyber supply chain risk management, also known as C-SCRM, and the role it plays within our society today. This course will explain how to securely provision, analyze, oversee and govern, protect and defend a supply chain.

Learning Objectives:

• Describe product supply chains and life cycles.
• Identify the role of adversaries in supply chain risk management.
• Define the risks associated with supply chains.
• State the principles of supply chain management.
• Identify security measures taken to protect a supply chain.
• Apply suggested tools to address supply chain vulnerabilities.
• Explain how knowledge of the 'internet of things' (IoT) is used to evaluate products as IoT devices.
• Recognize potential dangers posed by various devices brought to work.
• Identify the threats outlined for acquisitions personnel through the Federal Acquisition Regulation (FAR).
• Define how to personally safeguard your organization's cybersecurity.

Date: 2019

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on basic database security concepts and methodology. This course demonstrates how tools such as AppDetectivePRO and DbProtect can be used to scan databases in order to uncover configuration mistakes, identification and access control issues, missing patches or any toxic combination of settings that could lead to escalation-of-privilege or denial-of-service attacks, data leakage, or unauthorized modification of data.

Learning Objectives:

• Understand importance of database security.
• Understand how tools such as AppDetectivePRO and db-Protect can be used to evaluate a database's security posture.

Date: 2016

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This 1/2-day course is a joint collaboration of the Cybersecurity & Infrastructure Security Agency (CISA) and the CERT Division of the Software Engineering Institute at Carnegie Mellon University. The purpose of this training is to help federal civilian agencies meet required actions of BOD 20-01, the Binding Operational Directive to Develop and Publish a Vulnerability Disclosure Policy (VDP) by covering the knowledge of and providing resources for:

• Vulnerability report receipt and intake
• Developing and publishing a vulnerability disclosure policy
• Developing vulnerability disclosure handling procedures
• Developing a vulnerability disclosure capability development
• Reporting metrics

After completing this course, participants should be able to

• Describe agency requirements for developing and publishing a vulnerability disclosure policy (VDP).
• Describe the minimum capacity needed to support your vulnerability disclosure handling process.
• Explain how vulnerability disclosure and handling is dependent on successful human interaction.
• Explain the importance of establishing trust and good relationships with reporters and stakeholders.
• List the key resources that can help your agency build your VDP and supporting processes.
• Meet the requirements to develop and publish a VDP and supporting handling process.
• Understand how and when to work with CISA for assistance and escalation.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course covers the basics of Domain Name System Security Extensions (DNSSEC), how it integrates into the existing global DNS and provides a step-by-step process to deploying DNSSEC on existing DNS zones.

Learning Objectives:

• Discuss DNSSEC and supporting mechanisms.
• Sign a DNS zone.
• Configure Delegation Signer (DS) resource records.
• Set up a Secure Resolver.
• Discuss server operational considerations.

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware attacks hit a new target every 14 seconds: shutting down digital operations, stealing information and exploiting businesses, essential services and individuals alike. "Don't Wake Up to a Ransomware Attack" provides essential knowledge and reviews real-life examples of these attacks to help you and your organization to prevent, mitigate, and respond to the ever-evolving threat of ransomware.

This webinar includes the following information and more:

• Definition of ransomware, summary of its large-scale impacts, and how these attacks have developed over time
• Common signs of a ransomware attack and how to respond if an attack is suspected
• Guidance for how to mitigate the impact of ransomware attacks and recover in the event of an attack
• Case studies demonstrating the impacts of ransomware attacks
• A concluding Knowledge Check to reinforce understanding and key takeaways

Learning Objectives:
Enable learners to prevent, flag, and protect themselves and their organizations from ransomware cyberattacks through awareness of common attack schemes, best practices, CISA guidance, and resources.

• Define ransomware
• Be able to identify signs of a ransomware attack
• Learn mitigation steps of ransomware attacks
• Understand how to recover from a ransomware attack
• Understand impacts of ransomware attacks though case studies

Date: 2020

Training Proficiency Area: Level 1 - Beginner

Training Purpose: Skill Development

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course introduces learners to dynamic testing tools for web applications and demonstrates how they can be used to identify, evaluate, and mitigate a web application’s potential security vulnerabilities. The focus is on using HPE WebInspect to perform and manage dynamic security vulnerability testing and address results from a developer’s perspective/cybersecurity professional's perspective.

Learning Objectives:

• Understand how dynamic testing tools work on web-based applications.
• Utilize dynamic testing tools to find common Weakness Enumeration.

Date: 2014

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course is a collaboration between the U.S. Election Assistance Commission (EAC) and the U.S. Department of Homeland Security (DHS) and provides an opportunity to learn why election officials must view themselves as IT managers. The course serves as an overview of information technology and how to ensure security is included in the planning, procuring, designing, implementing, and maintaining of interconnected electronic election systems, including public-facing websites. The content introduces the key concepts of identifying vulnerabilities and how to protect election systems from internal and external threats and provides information on cybersecurity resources available from the EAC and DHS.

Date: 2018

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on why Election Officials must view themselves as IT systems managers and introduces the knowledge and skills necessary to effectively function as an IT manager. The course includes a review of Election Systems, Election Night Reporting, and Interconnected Election Systems vulnerabilities and liabilities. The content also covers Social Media and Website best practices, vulnerabilities, and liabilities, and addresses Procuring IT, Vendor Selection, Testing and Audits, Security Measures, and Risk Assessments. In addition, this course includes a review of resources available to the election community from the Department of Homeland Security.

Date: 2018

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course highlights technical knowledge and skills required for implementing secure solutions in the enterprise. A broad spectrum of disciplines is covered to aid practitioners in applying frameworks and controls to improve the security posture while supporting the business mission.

Learning Objectives:

• Describe risk management's role in the enterprise and mitigation strategies for specific threats.
• Detail implementing network security strategies and controls for connected devices.
• Explain how cloud technologies are leveraged and can support a secure enterprise architecture.
• List sources and methods to help stay current with cybersecurity best practices and threat trends and analyzing potential impact to the enterprise.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

In this hour-long webinar National Defense University Professor Roxanne Everetts discusses some key leadership decisions around using Federal Risk and Authorization Management Program (FedRAMP) solutions. FedRAMP is a unique government cloud - it is a combination of cloud security, cybersecurity, and risk management.

Learning Objectives:

• Explain FedRAMP and why Federal agencies use FedRAMP. (Hint: It's the law!)
• Discuss knowledge key leaders need for cloud solutions, including: FedRAMP structure, how it helps, and how agencies can leverage it.
• Describe the FedRAMP governing bodies.
• Examine the roles of Cloud Service Providers (CSPs) and Third-Party Assessment Organizations (3PAOs) as FedRAMP participants.
• Identify agency responsibilities, which include ensuring they have an Authority to Operate (ATO) letter on file with the FedRAMP Program Management Office (PMO).
• Explore the FedRAMP Security Framework (SAF), based on the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37.
• Use the FedRAMP Marketplace to find services that meet agency needs. Any service listed in the Marketplace meets federal security requirements and has already been authorized.

Date: 2020

Training Purpose: Management Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on key concepts, issues, and considerations for managing risk. Discussions include identifying critical assets and operations, risk assessment and analysis methodologies, risk management frameworks, and how to determine threats to your business function, mitigation strategies, and response and recovery.

Learning Objectives:

• Describe key concepts related to cyber risk management.
• Detail risk assessment and analysis methodologies and frameworks.
• Identify security controls and countermeasures to mitigate risks and support response and recovery.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course orients analysts to the various types of information that can be found in packets, uses Wireshark as the packet capture and analysis tool, and explains why data available in packets can be affected by the location of the packet capture in the network environment.

This course begins with a primer of IPv6 addressing and its current deployment state, discusses Internet Control Manager Protocol version 6 (ICMPv6), Dynamic Host Configuration Protocol version 6 (DHCPv6), and Domain Name System version 6 (DNSv6), and concludes with IPv6 Transition Mechanisms, security concerns, and management strategies. This course includes several reinforcing video demonstrations, as well as a final knowledge assessment.

Learning Objectives:

• Primer of IPv6 addressing
• Describe current deployment state
• Explain ICMPv6, DHCPv6, and DNSv6
• Explore IPv6 Transition mechanisms
• Identify security concerns
• Incorporate management strategies

Date: 2015

Training Purpose: Skill Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course prepares learners for the CISSP certification exam. This course focuses on the information security field, exam objectives, and the eight domains upon which the exam is based. This course includes reinforcing video demonstrations and a final practice exam.

Learning Objectives:

• Explain and apply concepts to design, implement, and manage secure cyber operations.
• Develop, document, and implement security policy, standards, procedures, and guidelines.
• Apply risk management concepts.

Date: 2019

Training Purpose: Management Development

Training Proficiency Area: Level 3 - Advanced

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course serves as a preparation for the Systems Security Certified Practitioner (SSCP) certification exam, by demonstrating advanced technical skills and knowledge required to implement and administer infrastructure using security best practices, policies, and procedures.

Learning Objectives:

• Demonstrate knowledge of security operations and administration.
• Implement risk monitoring, analysis, and mitigation strategies.
• Develop and implement incident response and recovery plans.

Date: 2018

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This hour-long webinar recorded on July 31, 2020 features National Defense University Professor Mark Duke discussing some key leadership decisions when assessing and authorizing systems. The Assessment & Authorization (A&A) process is a comprehensive assessment of policies, technical and non-technical security components, and a system's technical controls followed by leadership agreement that the system meets adequate risk levels before the system is authorized to go into full production.

Learning Objectives:

• Explain why we have to do Assessment & Authorization.
• Explain Roles & Responsibilities of Assessment & Authorization.
• Introduce seven major components of Assessment & Authorization.
• Establish Authorization Boundaries.
• Introduce Assessment Scanning Tools.
• Explain the Role of Security Technical Implementation Guides (STIGs) as potential criteria for Assessment activities.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This workshop focuses on how to measure the right things in order to make informed management decisions, take the appropriate actions, and change behaviors. But how do managers figure out what those right things are? Public and private organizations today often base cyber risk management decisions on fear, uncertainty, and doubt (FUD), and the latest attack. The Measuring What Matters: Security Metrics Workshop, the learner will learn how to refine a strategic or business objective that meets that S.M.A.R.T.E.R. criteria: Specific, Measurable, Achievable, Relevant, Time-bound, Evaluated, Reviewed, and can be used to initiate the Goal - Question - Indicator - Metric (GQIM) process.

Learning Objectives:

• Identify a core set of business goals, based on the business objective, to which the cybersecurity risk measurement program will be applied.
• Formulate one or more key questions for each business goal, and use them to help determine the extent to which the goal is being achieved.
• Identify one or more indicators for each business goal key question.
• Identify one or more metrics for each indicator that most directly inform the answer to one or more questions.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

The Migration and Security Strategies for FedRAMP Cloud Computing course is designed to introduce students to the structure and employment of cloud computing using the Federal Risk and Authorization Management Program, or FedRAMP. Topics include cloud computing architecture, FedRAMP structure and roles, FedRAMP security implementations, and FedRAMP-approved cloud deployment options.

Learning Objectives:

• Describe the three major deployment models for cloud computing
• Discuss cybersecurity issues related to cloud computing
• Explain the authority, structure, and roles of major parties that make up FedRAMP
• Explain how Cloud Service Providers (CSPs) and FedRAMP processes work to meet federal security requirements
• Describe how the FedRAMP framework of "do once, use many times" allows government agencies to reuse previously-approved security documents and structures to simplify data deployments to the cloud
• Describe how FedRAMP processes enable a second agency to use a previously approved CSP.
• Identify how FedRAMP processes map to and are designed to assure compliance with applicable standards outlined by the National Institute for Standards and Technology (NIST) in its Special Publications 800 series of documents.

Date: 2021

Training Purpose: Management Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

At the end of this course, participants will be able to

• list the characteristics that distinguish Mothra from SiLK,
• identify the major architectural features of Mothra,
• describe how analysis can be performed in Mothra, and
• discuss the advantages of using a Jupyter Notebook for collaborative analysis.

This course reviews troubleshooting methods used in Layer 1 and Layer 2 of the Open Systems Interconnection (OSI) Model. This course covers how to detect, trace, identify, and fix network connectivity issues at the Physical and Data Link layers of the OSI stack. The basics of the Physical and Data Link layers will be covered along with a review of the devices, signaling, and cabling which operate at these layers. Learners will be presented with methods for tracing connectivity issues back to the source and identifying mitigation solutions.

Learning Objectives:

• Understand basic overview of components of the first two layers of the OSI model.
• Recognize common issues associated with Layer 1 & 2 of the OSI model.
• Apply troubleshooting methods associated with the Physical and Data Link Layer.

Date: 2015

Training Purpose: Functional Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on the basics of reverse engineering, the process of analyzing a technology to determine how it was designed or how it operates. By starting with a finished product, in this case computer software, and working backwards to determine its component parts.

Learning Objectives:

• Identify common uses for reverse engineering.
• Explain the process and methodology of reverse engineering.
• Understand some of the legal questions involved in reverse engineering.

Date: 2017

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This webinar recorded on July 10, 2020 features National Defense University Professor Mark Duke discussing key leadership decisions to implement the NIST Risk Management Framework (RMF). The RMF is a risk-based approach to implement security within an existing enterprise - it is leadership’s responsibility to ensure adequate and effective system security.

Learning Objectives:

• How to prepare your component or organization to initiate the RMF.
• How to define, understand, and manage risk to your Information Systems by identifying your threats and vulnerabilities.
• Understand the link to the RMF with Supply Chain Risk Management (SCRM) and the Software Development Life Cycle (SDLC).
• Understand the new "Prepare" step of the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-37 v2 RMF.
• Explain managers’ roles and involvement in each step of the RMF.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on physical security, operating system security, management traffic security, device service hardening, securing management services, and device access privileges.

Learning Objectives:

• Understand considerations for securing physical assets, patch management and change management.
• Apply methods for securing network management traffic.
• Understanding of securing management services such as NTP, SNMP, Syslog.
• Understand hardware device hardening.

Date: 2010

Training Purpose: Skill Development

Training Proficiency Area: Level 2 - Intermediate

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

This course focuses on Internet-accessible systems or "Internet of Things" (IoT). Each of these systems and devices can be targeted by threat actors and used to conduct malicious activity if they are unsecured, or worse, these systems can leave vulnerabilities and sensitive information open to exploitation if not properly configured and maintained. This course explains the vulnerabilities of internet-accessible systems and how to prepare for, mitigate, and respond to a potential attack. This course provides key knowledge to inform organizational awareness of internet-accessible system attacks as well as best practices that minimize the likelihood of a successful attack and enable effective response and recovery if an attack occurs.

This webinar is accessible to non-technical learners including managers and business leaders and offers an organizational perspective useful to technical specialists.

Learning Objectives
Enable learners to better defend their internet-accessible systems through awareness of common vulnerabilities, best practices, CISA guidance, and resources:

• Define Internet-Accessible Systems and common vulnerabilities
• Explain cyber hygiene best practices that prevent attacks.
• Understand the impacts of real-life cyberattacks and what an effective organizational response looks like.
• Learn steps to identify, mitigate, and recover from Internet-Accessible System attacks.

Date: 2020

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This training course focuses on basic Ransomware concepts and methodology. This course will explain what ransomware is, preventative measures that can be used to prevent a ransomware attack, and ransomware incident response and recovery.

Learning Objectives:

• Present an overview of ransomware attacks
• Identify preventative measures to block ransomware attacks
• Discuss incident response best practices for ransomware attacks
• Detail ways to implement recovery measure after a ransomware attack
• Learn to strategically plan the development and implementation of your CSIRT.

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module provides mitigation strategies and techniques as it relates to firewall rules. This module will explain what firewalls are, present the importance of implementing firewall rules and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Block Malicious IPs Demo provides a walkthrough of the tasks you'll need to complete, the Block Malicious IPs Try allows you the opportunity to test out the tasks presented in the Block Malicious IPs Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Identify the purpose of firewalls
• Present the importance of implementing firewall rules
• Identify specific firewall rules to apply

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module focuses on sinkholing as a mitigation technique. This module will explain what Domain Name Service (DNS) sinkholes are, present the importance of implementing sinkholes, and provide an opportunity for you to practice applying specific firewall rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Sinkhole Demo provides a walkthrough of the tasks you'll need to complete, the Sinkhole Try allows you the opportunity to test out the tasks presented in the Sinkhole Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Present the definition of a DNS Sinkhole
• Identify key terms related to the Sinkholing process
• Explain the importance of implementing a DNS Sinkhole

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Really, anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a networks defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure.

This interactive training module provides information on how to disable SMBv1 using the group policy mitigation technique. This module will explain Server Message Block (SMB), provide an overview of the versions of SMB, present the importance of blocking SMBv1, and provide an opportunity for you to practice applying group policies that disable SMBv1 in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The SMBv1 Demo provides a walkthrough of the tasks you'll need to complete, the SMBv1 Try allows you the opportunity to test out the tasks presented in the SMBv1 Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Define Server Message Block
• Identify the three versions of SMB
• Present the importance of disabling SMBv1

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Application Allowlisting is a controlled list of applications and components such as libraries, configuration files, etc. that are authorized to be present or active on a host according to a well-defined baseline. It is a highly effective security strategy that acts as a preventative file execution policy to allow only certain programs to run and prevents others from executing. Every organization must verify and trust each and every application they allow on their network. They do this by adapting allowlisting to help block the execution of malware, unlicensed software, and other unauthorized software.

This interactive training module focuses on basic Application Allowlisting concepts and methodologies. This module will explain what Application Allowlisting is, present the importance of implementing Application Allowlisting, and provide an opportunity for you to practice applying specific Application Allowlisting rules in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Application Allowlisting Demo provides a walkthrough of the tasks you'll need to complete, the Application Allowlisting Try allows you the opportunity to test out the tasks presented in the Application Allowlisting Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Create Windows Defender Application Control (WDAC) allowlisting policies with PowerShell

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Active Directory (AD) is one of the most vital components in a Windows network. Cybercriminals today are targeting AD, performing reconnaissance to discover users, servers, and computers in an enterprise network, and then moving laterally to carry out multi-stage attacks to gain access and abuse organization resources and data. An AD backup and restoration disaster recovery strategy is vital for operation continuity. Backing up AD regularly is important, sometimes the backup is the only way for an organization to recover its data after a cyberattack.

This interactive training module focuses on basic AD concepts and methodologies. This module will explain how to identify the Primary Domain Controller (PDC) of the domain, explain how to make changes to AD without backing up again, and provide an opportunity for you to practice confirming the changes made after the backup are replaced with the information in the backup file.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The AD Backup Restore Demo provides a walkthrough of the tasks you'll need to complete, the AD Backup Restore Try allows you the opportunity to test out the tasks presented in the AD Backup Restore Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives:

• Backup Active Directory on a Domain Controller
• Restore Active Directory on a Domain Controller

Date: 2022

Training Purpose: Skill Development

Training Proficiency Area: Level 1 - Beginner

Alignment to the NIST SP 800-181 Cybersecurity Workforce Framework

Kerberos Ticket Granting Ticket (KRBTGT) is a local default account used for Microsoft’s implementation of Kerberos, the default Microsoft Windows authentication protocol for granting access to network applications and services. KRBTGT acts as a service account for the Key Distribution Center (KDC) service. KRBTGT account in Active Directory (AD) plays a key role that encrypts and signs all Kerberos tickets for the domain.

This interactive training module focuses on basic KRBTGT concepts and methodology. This module will explain how to reset the KRBTGT account password using the Active Directory Users and Computers app in the Administrative tools in our virtual environment.

This module consists of 3 elements. The Intro Video provides an overview of the topic information. The Reset KRBTGT Account Password Demo provides a walkthrough of the tasks you'll need to complete, the Reset KRBTGT Try allows you the opportunity to test out the tasks presented in the Reset KRBTGT Demo. Remember to download the "Try" instructions titled: Lesson Instructions PDF

Learning Objectives: