This course is designed to provide guidance for the implementation of an effective cybersecurity incident recovery program from a pre-incident and post-incident perspective. The training focuses on connecting IT with emergency management and is intended for government, critical infrastructure, and private sector personnel who have the responsibility for recovering after a cyber incident. Short term tactical and long-term strategic activities are discussed culminating in the development of an action plan.
FEMA / SID Number
Students must have a FEMA Student Identification Number (SID) to attend class.
To obtain a SID, register online at cdp.dhs.gov/femasid
Course Completion Requirements
A Pre-Test and Post-Test are given to measure participants’
understanding of the material. Participants are required to score a 70% or
better on the Post-Test and attend 80% of the course hours in order to receive
a course certificate of completion.
Class attendance is an essential part of the education process and participants in TEEX courses are expected to attend all class sessions and field exercises. This course requires participants to attend a minimum of 80% of the class hours as a component of successful course completion. During the course, your instructor will review any additional attendance requirements, for example a field exercise that cannot be missed.
TopicsCyber terminology+Cyber incident life cycle+Threat levels+Emergency management+Recovery continuum+Government’s role in cybersecurity+Cyber and the incident command system+Federal resources for cyber+Key programmatic elements that improve recovery+Plan, organize, equip, train, exercise considerations+Short-term recovery actions+Long-term recovery actions+Cyber incident recovery action plan
- Government and private sector IT staff
- Local administrators and upper-level management personnel
- System administration
- Risk management personnel
- Local government administration
- Emergency management coordinators