The workshop introduces and applies the Cyber Table Top (CTT) mission-based cyber risk assessment (MBCRA) method to help discover cyber vulnerabilities, gauge their risk, propose mitigations and inform other competencies, documents and events across the DoD acquisition lifecycle. The workshop will establish an understanding of the threat and “thinking like a Hacker”; provide a “wheel of access” methodology to identify and diagram surface-attack characteristics; include cross-competency personnel, including users, to identify and prioritize cyber-attacks / vulnerabilities in a Red / Blue / White Team “wargame” mission scenario; and provide a construct to characterizes and report risk and mitigations in order to design and maintain cyber resilient systems and personnel in the acquisition and operational phases of an Information or Platform weapons system.
Learning Objectives
The objective of this workshop includes the ability to: Given a cybersecurity scenario, the student will create a Threat-Surface attack characterization and CTT Methodology to perform cybersecurity risk management across the DoD acquisition lifecycle. Adversarial threat constructs will be analyzed to an acquisition cybersecurity scenario. Cyber vulnerabilities will be identified. CTT methodologies will be applied to multiple acquisition scenarios. A leadership level outbrief will be created delineating cybersecurity risks, mitigations and implications for test, requirements, design, logistics and safety. Participants will conduct exercises in each phase to reinforce and apply the concepts and methodologies in applying cybersecurity principles as well as acquisition and risk management strategies to their respective acquisition career fields. Tailorable to the specific customer needs.
Framework Connections
- Cyberspace Intelligence
- Design and Development
- Implementation and Operation
- Oversight and Governance
- Protection and Defense
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Exploitation Analysis
- Risk Management
- Training, Education, and Awareness
- Vulnerability Assessment and Management
- Systems Analysis
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.