The Cyber Incident Response (CIR) Course of Instruction provides training on computer network detection and response techniques, tools and supporting systems. This training and exercise follow the NIST Special Publication 800-61 Incident Response Life Cycle. Participants will defend ICS/SCADA devices and organizational systems against an Advanced Persistent Threat. The training is intended for use by local, state, commercial and educational institutions.
• Discuss the use and purpose of the Cyberoperations Enhanced Network & Training Simulators (CENTS) to support training and exercises.
• Review the use and purpose of Remote Login Tools to support normal and maintenance operations in the CENTS environment IAW the SLAM-R Systems Administrator Guide.
• Apply critical thinking and legislation/directives to assist in security the network.
• Identify cybersecurity chains of command and reporting structures.
• Understand compliance with national and international laws, regulations, policies, and ethics as they relate to cybersecurity.
• Discuss cybersecurity principles to support defense-in-depth of the network using systems provided in the CENTS environment.
• Understand information assurance (IA), mission assurance (MA), and organizational requirements to protect confidentiality, integrity, availability, authenticity, and non-repudiation of information and data.
• Understand incident categories, incident responses, and timelines for responses.
• Examine strategies for containing, eradicating, and recovering from an incident.
• Discuss the cyber environment and uses of systems within the cyber environment to support normal and maintenance operations in the CENTS environment.