This course covers the duties of those who are responsible for monitoring and detecting security incidents in information systems and networks, and for executing a proper response to such incidents. Depending on the size of the organization, this individual may act alone or may be a member of a cybersecurity incident response team (CSIRT). The course introduces tools and tactics to manage cybersecurity risks, identify various types of common threats, evaluate the organization's security, collect and analyze cybersecurity intelligence, and handle incidents as they occur. Ultimately, the course promotes a comprehensive approach to security aimed toward those on the front lines of defense.
Learning Objectives
Assessing Information Security Risk Identify the Importance of Risk Management Assess Risk Mitigate Risk Integrate Documentation into Risk Management Creating an Information Assurance Lifecycle Process Evaluate Information Assurance Lifecycle Models Align Information Security Operations to the Information Assurance Lifecycle Align Information Assurance and Compliance Regulations Analyzing Threats to Computing and Network Environments Identify Threat Analysis Models Assess the Impact of Reconnaissance Incidents Assess the Impact of Systems Hacking Attacks Assess the Impact of Malware Assess the Impact of Hijacking and Impersonation Attacks Assess the Impact of Denial of Service Incidents Assess the Impact of Threats to Mobile Infrastructure Assess the Impact of Threats to Cloud Infrastructures Designing Secure Computing and Network Environments Information Security Architecture Design Principles Design Access Control Mechanisms Design Cryptographic Security Controls Design Application Security Design Computing Systems Security Design Network Security Operating Secure Computing and Network Environments Implement Change Management in Security Operations Implement Monitoring in Security Operations Test and Evaluate Information Assurance Architectures Assessing the Security Posture Within a Risk Management Framework Deploy a Vulnerability Assessment and Management Platform Conduct Vulnerability Assessments Conduct Penetration Tests on Network Assets Analyze and Report Penetration Test Results Collecting Cybersecurity Intelligence Information Deploy a Security Intelligence Collection and Analysis Platform Collect Data from Security Intelligence Sources Establish Baselines and Make Sense of Collected Data Analyzing Cybersecurity Intelligence Information Analyze Security Intelligence to Address Incidents Incorporate Security Intelligence and Event Management Deploy an Incident Handling and Response Architecture Perform Real-Time Incident Handling Tasks Prepare for Forensic Investigation Investigating Cybersecurity Incidents Create a Forensics Investigation Plan
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Work Roles
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.