• Online, Instructor-Led
  • Online, Self-Paced
  • Classroom
Course Description

The workshop introduces and applies the Cyber Table Top (CTT) mission-based cyber risk assessment (MBCRA) method to help discover cyber vulnerabilities, gauge their risk, propose mitigations and inform other competencies, documents and events across the DoD acquisition lifecycle. The workshop will establish an understanding of the threat and “thinking like a Hacker”; provide a “wheel of access” methodology to identify and diagram surface-attack characteristics; include cross-competency personnel, including users, to identify and prioritize cyber-attacks / vulnerabilities in a Red / Blue / White Team “wargame” mission scenario; and provide a construct to characterizes and report risk and mitigations in order to design and maintain cyber resilient systems and personnel in the acquisition and operational phases of an Information or Platform weapons system.

Learning Objectives

The objective of this workshop includes the ability to: Given a cybersecurity scenario, the student will create a Threat-Surface attack characterization and CTT Methodology to perform cybersecurity risk management across the DoD acquisition lifecycle. Adversarial threat constructs will be analyzed to an acquisition cybersecurity scenario. Cyber vulnerabilities will be identified. CTT methodologies will be applied to multiple acquisition scenarios. A leadership level outbrief will be created delineating cybersecurity risks, mitigations and implications for test, requirements, design, logistics and safety. Participants will conduct exercises in each phase to reinforce and apply the concepts and methodologies in applying cybersecurity principles as well as acquisition and risk management strategies to their respective acquisition career fields. Tailorable to the specific customer needs.

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Exploitation Analysis
  • Risk Management
  • Training, Education, and Awareness
  • Vulnerability Assessment and Management
  • Systems Analysis