Cybersecurity Incident Response and Management

PER371 – 24.00 Hours

Currently there are no scheduled classes for this course. However, in some cases a course can be scheduled to meet your organization’s specific needs. For more information about this course or to schedule a class, please contact Business & Cyber Solutions at or [email protected] to get the latest schedule.

Course Description

US Flag

Cybersecurity has become one of the nation’s most serious challenges today. The US Department of Homeland Security’s 2022 National Preparedness Report (NPR) highlighted the emerging threats of compromised digital network infrastructures to both private and government sectors and to our communities. According to the 2022 NPR, SLTT governments and the private sector will experience an array of cyber-enabled threats designed to access sensitive information, steal money, force ransom payments, cause service disruptions, and even impact the health of people living in the United States.  This increase in cyber threats and attacks makes it critical for technology personnel, risk managers, and emergency managers to understand how to work together to respond to cybersecurity incidents. 

The Cybersecurity Incident Response and Management course utilizes NIST 800-61r2 to introduce participants to the cyber incident lifecycle. Through the use of a cyber range, participants will acquire hands-on experience responding to simulated, real-world cyber attacks and gain a better understanding of the importance of information sharing during cyber incidents.  

The course will also integrate the Incident Command System (ICS) into the cyber incident response process to provide the public and private sectors with a framework for a more effective response.  

Future Class Dates:

• Jan 27-31, 2025

• Feb 17-21, 2925

• Mar 24-28, 2025

• May 12-16, 2025

• June 16-20, 2025

• Aug 11-15, 2025

Prerequisites

Enrollment Requirements

Participants must be U.S. citizens. A FEMA Student ID is required to register for and participate in any training provided by FEMA agencies. All FEMA training providers, registration systems, and enrollment procedures are required to use this FEMA SID, which can be obtained at the following website: https://cdp.dhs.gov/femasid; or with TEEX assistance upon arrival for class.

Course Completion Requirements

Participants are required to score a 70% or better on the Post-Test and attend 80% of the course hours in order to receive a course certificate of completion.

Attendance Requirements

Class attendance is an essential part of the education process and participants in TEEX courses are expected to attend all class sessions and field exercises. The course requires participants to attend a minimum of 80% of the class hours as a component of successful course completion. During the course, your instructor will review any additional attendance requirements, for example a field exercise that cannot be missed.

Participants in a TCOLE credit course must complete the
class in its entirety to receive TCOLE credit.

Participants are recommended to have successfully completed any one of the following courses:

AWR136: Essentials of Community Cybersecurity

AWR169-W: Introduction to Cyber Incident Management

AWR376: Understanding Targeted Cyber Attacks

AWR383: Cybersecurity Risk Awareness for Officials and Senior Management

AWR395-W: Cybersecurity in the Workplace 

AWR399-W: Detecting and Responding to a Cyber Attack

AWR421: Demystifying Cyber Attacks

IS.100.C:   Introduction to the Incident Command System, ICS 100

IS-200.C: Basic Incident Command System for Initial Response, ICS-200

IS-700.B: An Introduction to the National Incident Management System, ICS-700

Upon successful completion, you will be able to:

  • Analyze elements of cybersecurity incident response
  • Evaluate how cybersecurity operations can be integrated into the Incident Command System for a cybersecurity incident
  • Analyze data discovered during simulated cybersecurity incidents
  • Apply strategies for containing and eradicating malicious software.
  • Assess appropriate recovery strategies that need to be implemented to ensure a timely and effective recovery from a cybersecurity incident
  • Perform strategies for containing and eradicating malicious software
  • Manage a multi-faceted cybersecurity incident

Suggested Audience

Effective response to a cyber incident requires a multi-discipline team approach. The target audience for this course includes representatives from information technology, cybersecurity, risk management, supply chain, and mid-to-senior level managers from public and private entities responsible for the cybersecurity incident response of their organization as well as emergency response managers and representatives from SLTT governments. 

It is essential to have representation from cross-sector public and private entities who should coordinate with emergency management to address local jurisdiction emergencies or disasters. This includes representatives from: 

  • Information Technology
  • Risk Management/Emergency Planning/Continuity Planning/Disaster Recovery 
  • Public Works/Wastewater and Water 
  • Schools/Universities 
  • Communication Sector 
  • Transportation Sector 
  • Energy Sector 
  • Defense/Industrial Base Sector 
  • Elected and Appointed Officials 
  • Financial Sector 
  • Health Care Sector 
  • Emergency Services Sector 

Contact Information

Perla Carrillo

PER371 Coordinator
Phone: (979) 500-6755
Email: [email protected]