National CAE Designated Institution
  • Online, Instructor-Led

This course fosters cybersecurity incident response and investigative knowledge, from both the organizational and system perspective. Material includes laws, standards, codes of behavior and best practices for incident response, including the management of relationships (e.g., regulators, clients, vendors). Case studies are presented and discusses in light of organizational resource limitations, legal mandates, and jurisdictional boundaries.

Learning Objectives

With successful completion of this course, students are able to: 1. Situate cybersecurity incident response and investigation within an organization’s overall incident response policies and processes. 2. Identify rules and best practices for reporting or otherwise communicating information about cybersecurity events and incidents. 3. Identify concepts and methods for effective containment and mitigation of cybersecurity incidents. 4. Articulate the roles of common tools and techniques for investigating and analyzing cybersecurity incidents. 5. Explain and give examples of the differing mandates and priorities in the communities of interest for incident response and investigation (e.g., CERTs and CSIRTs, law enforcement agencies, regulators, vendors, intelligence community, etc.).

Framework Connections

The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):

Specialty Areas

  • Cybersecurity Management
  • Incident Response
  • Strategic Planning and Policy

Specialty Areas have been removed from the NICE Framework. With the recent release of the new NICE Framework data, updates to courses are underway. Until this course can be updated, this historical information is provided to give better context as to how it can help you with your cybersecurity goals.

Feedback

If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.