Cybersecurity Incident Response and Management
PER371 – 24.00 Hours
Currently there are no scheduled classes for this course. However, in some cases a course can be scheduled to meet your organization’s specific needs. For more information about this course or to schedule a class, please contact Business & Cyber Solutions at or [email protected] to get the latest schedule.
Course Description
Cybersecurity has become one of the nation’s most serious challenges today. The US Department of Homeland Security’s 2022 National Preparedness Report (NPR) highlighted the emerging threats of compromised digital network infrastructures to both private and government sectors and to our communities. According to the 2022 NPR, SLTT governments and the private sector will experience an array of cyber-enabled threats designed to access sensitive information, steal money, force ransom payments, cause service disruptions, and even impact the health of people living in the United States. This increase in cyber threats and attacks makes it critical for technology personnel, risk managers, and emergency managers to understand how to work together to respond to cybersecurity incidents.
The Cybersecurity Incident Response and Management course utilizes NIST 800-61r2 to introduce participants to the cyber incident lifecycle. Through the use of a cyber range, participants will acquire hands-on experience responding to simulated, real-world cyber attacks and gain a better understanding of the importance of information sharing during cyber incidents.
The course will also integrate the Incident Command System (ICS) into the cyber incident response process to provide the public and private sectors with a framework for a more effective response.
Future Class Dates:
Jan 27-31, 2025
Feb 17-21, 2925
Mar 24-28, 2025
May 12-16, 2025
June 16-20, 2025
Aug 11-15, 2025
Prerequisites
Enrollment Requirements
Participants must be U.S. citizens. A FEMA Student ID is required to register for and participate in any training provided by FEMA agencies. All FEMA training providers, registration systems, and enrollment procedures are required to use this FEMA SID, which can be obtained at the following website: https://cdp.dhs.gov/femasid; or with TEEX assistance upon arrival for class.
Course Completion Requirements
Participants are required to score a 70% or better on the Post-Test and attend 80% of the course hours in order to receive a course certificate of completion.
Attendance Requirements
Class attendance is an essential part of the education process and participants in TEEX courses are expected to attend all class sessions and field exercises. The course requires participants to attend a minimum of 80% of the class hours as a component of successful course completion. During the course, your instructor will review any additional attendance requirements, for example a field exercise that cannot be missed.
Participants in a TCOLE credit course must complete the
class in its entirety to receive TCOLE credit.
Recommended
Participants are recommended to have successfully completed any one of the following courses:
AWR136: Essentials of Community Cybersecurity
AWR169-W: Introduction to Cyber Incident Management
AWR376: Understanding Targeted Cyber Attacks
AWR383: Cybersecurity Risk Awareness for Officials and Senior Management
AWR395-W: Cybersecurity in the Workplace
AWR399-W: Detecting and Responding to a Cyber Attack
AWR421: Demystifying Cyber Attacks
IS.100.C: Introduction to the Incident Command System, ICS 100
IS-200.C: Basic Incident Command System for Initial Response, ICS-200
IS-700.B: An Introduction to the National Incident Management System, ICS-700
Upon successful completion, you will be able to:
- Analyze elements of cybersecurity incident response
- Evaluate how cybersecurity operations can be integrated into the Incident Command System for a cybersecurity incident
- Analyze data discovered during simulated cybersecurity incidents
- Apply strategies for containing and eradicating malicious software.
- Assess appropriate recovery strategies that need to be implemented to ensure a timely and effective recovery from a cybersecurity incident
- Perform strategies for containing and eradicating malicious software
- Manage a multi-faceted cybersecurity incident
Suggested Audience
Effective response to a cyber incident requires a multi-discipline team approach. The target audience for this course includes representatives from information technology, cybersecurity, risk management, supply chain, and mid-to-senior level managers from public and private entities responsible for the cybersecurity incident response of their organization as well as emergency response managers and representatives from SLTT governments.
It is essential to have representation from cross-sector public and private entities who should coordinate with emergency management to address local jurisdiction emergencies or disasters. This includes representatives from:
- Information Technology
- Risk Management/Emergency Planning/Continuity Planning/Disaster Recovery
- Public Works/Wastewater and Water
- Schools/Universities
- Communication Sector
- Transportation Sector
- Energy Sector
- Defense/Industrial Base Sector
- Elected and Appointed Officials
- Financial Sector
- Health Care Sector
- Emergency Services Sector