Attention: CISA Learning is now available! If you are an EXTERNAL (non-CISA) user access the new system using this url: CISA Learning. The Federal Virtual Training Environment (FedVTE) has been permanently decommissioned and replaced by CISA Learning. Please reference the CISA Learning page for the latest information. Please note: CISA Users (staff and contractors) should access CISA Learning through the internal site. You should have received an email on December 4, 2024, titled “CISA Learning is LIVE!” with more information.

Knowledge ID: K0726

Knowledge of incident handling tools and techniques

Work roles with this Knowledge

Communications Security (COMSEC) Management
Category: Oversight and Governance
NICE Framework ID: OG-WRL-001
Responsible for managing the Communications Security (COMSEC) resources of an organization.
Systems Security Management
Category: Oversight and Governance
NICE Framework ID: OG-WRL-014
Responsible for managing the cybersecurity of a program, organization, system, or enclave.
Technical Support
Category: Implementation and Operation
NICE Framework ID: IO-WRL-007
Responsible for providing technical support to customers who need assistance utilizing client-level hardware and software in accordance with established or approved organizational policies and processes.
Defensive Cybersecurity
Category: Protection and Defense
NICE Framework ID: PD-WRL-001
Responsible for analyzing data collected from various cybersecurity defense tools to mitigate risks.
Digital Forensics
Category: Protection and Defense
NICE Framework ID: PD-WRL-002
Responsible for analyzing digital evidence from computer security incidents to derive useful information in support of system and network vulnerability mitigation.
Incident Response
Category: Protection and Defense
NICE Framework ID: PD-WRL-003
Responsible for investigating, analyzing, and responding to network cybersecurity incidents.
Infrastructure Support
Category: Protection and Defense
NICE Framework ID: PD-WRL-004
Responsible for testing, implementing, deploying, maintaining, and administering infrastructure hardware and software for cybersecurity.
Digital Evidence Analysis
Category: Investigation
NICE Framework ID: IN-WRL-002
Responsible for identifying, collecting, examining, and preserving digital evidence using controlled and documented analytical and investigative techniques.

Source: Workforce Framework for Cybersecurity (NICE Framework) (NIST SP 800-181 Rev 1) (Version: 1.0.0)