AWR366 – 6.00 Hours


EC AWR366 18Register


TEEX-Internet Moodle Campus

Texas A&M University Systems Building
College Station, TX 77845


Diane Cornwell

Start Time

08:00 AM Wednesday, July 01, 2020
Central Daylight Time (CDT)

This schedule is subject to change without notice. If you have not received confirmation of the class prior to the class start, please contact the division at (800) 541-7149 or to get the latest schedule.

Course Description

Cyber-attacks occur more frequently and have become increasingly sophisticated. Cybersecurity events now have the potential to significantly disrupt the business operations of government and critical infrastructure services. Public and private sectors, in the United States, are at increasing and continual risk of surprise attacks from nation-state and non-state actors. (Burgess, 2018)

The National Response Framework describes how preparedness can be achieved by developing an incident annex for each hazard. Incident annexes describe coordinating structures used to deliver core capabilities and support response missions unique to a specific type of incident. Incident annexes describe specialized response teams, resources, roles, responsibilities, and other scenario-specific considerations. 

At the end of this course, participants should possess the fundamentals needed to design and develop a cyber annex for states, locals, tribes, and/or territories (SLTTs). It addresses what the annex is, how it is used, who should participate in the design, implementation, and execution. 

This course was developed by the University of Texas at San Antonio Center for Infrastructure Assurance and Security through the DHS/FEMA Homeland Security National Training Program.  



Course Completion Requirements

Students must receive a minimum score of 70% on the Post-Test to receive their certificate.

Attendance Requirements

To meet attendance requirements, participants must review each training module and complete all required course assignments, activities, quizzes, and/or end of course exam.


Computer with an Internet connection and up-to-date web browser 


  • Definition and Purpose of a Cyber Incident Annex
  • Cyber Incident Definitions
  • Cyber Incident Annex Scope
  • Roles and Responsibilities
  • Components of a Cyber Incident
  • Incident Identification Process
  • Components of a Cyber Incident Response Plan
  • Building a Cyber Incident Response Team
  • Information Sharing
  • Training and Exercises
  • Cyber Incident Guidebook

Suggested Audience

The target audience for this course should include personnel assigned to work in the jurisdiction’s emergency operations center, policy makers, elected and/or appointed officials, emergency responders, IT personnel with responsibilities for identifying and responding to cyber events for SLTT government, private industry, and critical infrastructure representatives.

Continuing Education And Professional Credits

  • 0.60 CEUs

Government Programs

  • For DHS/FEMA Funded Courses, please contact or call (800) 541-7149

Contact Information

Knowledge Engineering
Phone: (979) 458-6710 | Toll-Free: (800) 541-7149

Course covered lots of information but instructors made sure it was all covered and everyone understood before moving forward.

— Forensic Technician
Back to top