CERT Cybersecurity Training & Education

Transcription

1 CERT Cybersecurity Training & Education Course Catalog 2016 SOFTWARE ENGINEERING INSTITUTE Cvr1

2

3 Our security training helps you use your knowledge, skills, and experience to successfully and effectively resist, recognize, and recover from attacks on networked systems. The CERT approach to security training builds your knowledge, skills, and experience in a continuous cycle of professional development. Each phase focuses on building a specific area of development that is leveraged and supplemented by the next phase of development. Knowledge building provides you with the fundamental concepts related to a particular topic area. Skill building develops your hands-on technical skills based on the foundational knowledge you learned in the Knowledge Building phase. Experience building develops your ability to adapt and successfully apply your security skills in changing and unfamiliar real-world environments. Evaluation uses performance metrics to assess your learning and identify areas of improvement for continued professional development. about the CERT approach to security training See cert.org/cyber-workforce-development. SOFTWARE ENGINEERING INSTITUTE i

4 Contents The CERT Approach to Cybersecurity Training... iii Our Cybersecurity Certificates and Courses... iv Our Cybersecurity Certificates CERT Certificate in Digital Forensics... 2 Insider Threat Program Manager (ITPM) Certificate... 2 Insider Threat Vulnerability Assessment (ITVA) Certificate... 3 Insider Threat Program Evaluator (ITPE) Certificate... 3 SEI Certificate in Incident Response Process... 4 SEI Certificate in Information Security... 4 CISO-Executive Certificate... 5 Secure Coding Professional Certificate: C and C Secure Coding Professional Certificate: Java... 6 Our Cybersecurity Courses Incident Handling Courses...7 Overview of Creating and Managing CSIRTs... 8 Creating a Computer Security Incident Response Team... 9 Managing Computer Security Incident Response Teams Fundamentals of Incident Handling Advanced Incident Handling Malware Analysis Apprenticeship Advanced Forensic Response & Analysis Network & Software Security Courses...15 Information Security for Technical Staff Applied Cybersecurity, Incident Response, and Forensics Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth DevOps Process and Implementation DevOps in Practice Workshop Secure Coding in C and C Secure Coding in Java Software Assurance Methods in Support of Cyber Security Security Requirements Engineering Using the SQUARE Method Risk Assessment & Insider Threat Courses...25 Introduction to the CERT Resilience Management Model CERT Resilience Management Model Appraisal Boot Camp CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series Assessing Information Security Risk Using the OCTAVE Approach Measuring What Matters: Security Metrics Workshop Insider Threat Awareness Training Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats Building an Insider Threat Program Insider Threat Program Manager: Implementation and Operation Insider Threat Vulnerability Assessor Training SGMM Navigator Training CERT STEPfwd Platform...37 Next Steps: Register for a Course...39 ii CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

5 The CERT Approach to Cybersecurity Training Technology has become such an integral part of our lives and business operations that it is important to have a skilled workforce to protect networked systems. You are faced with the ongoing challenge of ensuring that you have the most current knowledge, skills, and experiences to protect your organization from cyberattacks. However, this challenge is particularly difficult because industry trends, practices, and technologies are constantly changing. Attackers continually find new ways to circumvent security controls and infiltrate systems. Likewise, security practices and technologies evolve to keep pace with this changing landscape. To protect your organization, you must adapt to the changes in the ecosystem, whether they are problems posed by attackers or solutions supplied by researchers and developers. To apply the latest security practices and technologies successfully, you need to have the right knowledge, skills, and experience. How can we help? We developed training and certificate programs that help you learn how to tackle these cybersecurity challenges. The right training can help you by providing knowledge, skill development, and experience most relevant to your responsibilities a high level of cybersecurity proficiency a focus on high-priority, high-payoff elements of cybersecurity efficient and effective approaches you can apply in your organization affordable, high-quality training solutions scalable training solutions that can reach all relevant staff in your organization We have also responded to your need for flexible training options by developing remote training capabilities. Our STEP (Simulation, Training, and Exercise Platform) environment provides anytime, anywhere access to materials that include demonstrations, hands-on training labs, and an exercise environment that allows you to improve your skills through realistic and flexible training scenarios. Who we are For nearly 30 years, the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University has been a leader in cybersecurity. Originally focused on incident response, we have expanded into cybersecurity areas such as network situational awareness, malicious code analysis, secure coding, resilience management, insider threats, digital investigations and intelligence, workforce development, DevOps, forensics, software assurance, vulnerability discovery and analysis, and risk management. Since 1984, the SEI serves the nation as a federally funded research and development center based at Carnegie Mellon University, which is recognized worldwide for its programs in computer science and engineering. As part of Carnegie Mellon, the SEI operates at the leading edge of technical innovation. The SEI has served as a national resource in software engineering, computer security, and process improvement. SOFTWARE ENGINEERING INSTITUTE iii

6 Our Cybersecurity Certificates and Courses Take our courses individually or earn a certificate by combining courses. Certificates Formally acknowledge your professional accomplishments by earning one of our professional certificates in fields such as insider threat, digital forensics, and security management. You can benefit from the skills you acquire and the recognition the certificate provides in your continuing education and professional development. See our complete list of certificate programs on pages 1 5. Courses We offer courses in multiple cybersecurity topics grouped into three categories: 1. Incident Handling 2. Network & Software Security 3. Risk Assessment & Insider Threat See our complete list of courses and descriptions starting on page 7. Flexible delivery options P Public courses We offer public training courses, delivered in the Pittsburgh, PA and Arlington, VA SEI offices. Review the current schedule of public courses at cert.org/training. Pricing: Per student O Onsite courses We offer courses delivered onsite at your facility. Pricing: Flat fee L Live, virtual courses We deliver courses via synchronous distance learning from the CERT Distributed Learning Center (CDLC). The CDLC is equipped with the latest videoconferencing technology to allow you to attend a course from a remote location as though you were there with the other students in a virtual classroom. Pricing: Flat fee S STEPfwd Using the STEPfwd platform, we provide components of traditional classroom training, including lectures, slide presentations, hands-on labs, team cyber exercises, and quizzes from the convenience of a web browser. Pricing: Annual fee per person iv CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

7 Our Cybersecurity Certificates Join the many cybersecurity professionals who have benefited not only from the skills they acquire, but also from the recognition of their continuing education and professional development. SOFTWARE ENGINEERING INSTITUTE 1

8 CERT Certificate in Digital Forensics sei.cmu.edu/training/v34.cfm Knowledgeable first responders apply good forensic practices to routine administrative procedures and alert verification, and know how routine actions can adversely affect the forensic value of data. This awareness greatly enhances system and network administrators effectiveness when responding to security alerts and other routine matters. This certificate is designed to familiarize you, as an experienced system and network computer professional, with the essential elements of digital forensics and build on your existing technical skill set. Completing this professional certificate prepares you to approach both routine and unusual cybersecurity events in a systematic forensic manner. You will take two live, virtual classes: Introduction to Computer Forensics and Advanced Digital Forensics. You have 12 months to complete both courses. When you complete all elements of each course, you are awarded an electronic certificate of course completion. When you complete both courses, you are awarded the CERT Certificate in Digital Forensics. Visit our website for additional information about topics, prerequisites, materials, and schedule. Insider Threat Program Manager (ITPM) Certificate cert.org/insiderthreat/insider-threat-program-manager-itpm-certificate.cfm This certificate program helps you, as an insider threat program manager, develop a formal insider threat program. Its training components cover areas such as insider threat planning, identification of internal and external stakeholders, components of an insider threat program, insider threat team development, strategies for effective communication of the program, and how to effectively implement and operate the program within your organization. Required Courses Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats Page 32 Building an Insider Threat Program Page 33 Insider Threat Program Implementation and Operation Page 34 Insider Threat Program Manager Certificate Exam Visit our website for additional information about this certificate program. 2 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

9 Insider Threat Vulnerability Assessment (ITVA) Certificate cert.org/insiderthreat/insider-threat-vulnerability-assessor-itva-certificate.cfm This certificate enables you, as a prospective assessor, to help organizations gain a better understanding of their insider threat risk as well as effectively identify and manage the associated risks. In the courses that support this certificate, you use an assessment methodology to assist organizations by measuring how prepared they are to prevent, detect, and respond to the insider threat. Required Courses Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats Page 32 Building an Insider Threat Program Page 33 Insider Threat Vulnerability Assessor Training Page 35 Insider Threat Vulnerability Assessor Certificate Exam Visit our website for additional information about this certificate program. License the ITVA toolset and methodology Organizations can license the CERT Insider Threat Vulnerability Assessment toolset for internal use or to assess others for potential vulnerabilities. See sei.cmu.edu/certification/opportunities/itva/for more information. Insider Threat Program Evaluator (ITPE) Certificate cert.org/insiderthreat/ This certificate enables you, as a prospective evaluator, to help organizations gain a better understanding of the effectiveness of their established insider threat programs. In the courses that support this certificate, you learn how to build an insider threat program and perform an insider threat program evaluation. Required Courses Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats Page 32 Building an Insider Threat Program Page 33 Insider Threat Program Evaluator Training (available late Spring/Summer 2016) Insider Threat Program Evaluator Certificate Exam (available late Spring/Summer 2016) Visit our website for additional information about this certificate program. SOFTWARE ENGINEERING INSTITUTE 3

10 SEI Certificate in Incident Response Process sei.cmu.edu/training/certificates/security/response.cfm This certificate introduces you, as a prospective computer security incident response team (CSIRT) member, with a basic introduction to the main incident handling tasks and critical thinking skills that will help you perform your job. The second course covers common and emerging attacks that target a variety of operating systems and architectures. Ultimately, this certificate is designed to provide you with insight into the type and nature of work that you will perform as an incident handler. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, the nature of incident response activities, and the steps that incident handlers can take in response to system compromises at the privileged level. Required courses Fundamentals of Incident Handling Page 11 Advanced Incident Handling Page 12 Visit our website for additional information about this certificate program. SEI Certificate in Information Security sei.cmu.edu/training/certificates/security/infosecurity.cfm This certificate is designed to provide you with practical techniques for protecting the security of your organization s information assets and resources and increase the depth of your knowledge and skills to prepare you to administer and secure your information systems and networks. Security issues, technologies, and recommended practices are addressed at increasing layers of complexity, beginning with concepts and proceeding on to technical implementations. The courses required for this certificate involve extensive hands-on laboratories using a heterogeneous network environment, scenario-based exercises, lectures/ briefings, and open discussion to help participants develop their understanding of the problems and strategies for securing information systems and networks. Required courses Information Security for Technical Staff Page 16 Applied Cybersecurity, Incident Response, and Forensics Page 17 Visit our website for additional information about this certificate program. 4 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

11 CISO-Executive Certificate heinz.cmu.edu/school-of-information-systems-and-management/cio-institute/chiefinformation-security-officer-executive-education-and-certification-program/index.aspx This certificate enables you, as a Chief Information Security Officer (CISO), to develop and manage IS resources, and design and implement organizational IS policies. In the courses that support this certificate, you learn everything from security metrics to enterprise security governance to crisis communication to information security law. The CISO-Executive Education and Certificate Program is designed to address the issues CISOs face and provides a unique opportunity for peer-based, customized executive education. This program was developed and is jointly supported by the Heinz College CIO Institute at Carnegie Mellon and the CERT Division of the Software Engineering Institute (SEI). With classes taught by internationally recognized faculty and industry experts, the CISO-Executive program draws on the strengths of Carnegie Mellon University and the SEI, both recognized across the globe as leaders in information assurance, security, policy, and executive education. This program focuses on providing essential education and skills for professionals in the field and those seeking to enhance their career growth objectives. Required course topics Security Structure and Operations Digital Transformation (DT): Security Implications Cyber Risk Management & Security Metrics Operational Cyber Resilience Enterprise Security Governance & Planning A Realistic View of Security Technology Effective Incident Response Managing Operational Threat Developing a Crisis Communications Strategy Information Security Law Social Engineering Building an Insider Threat Program External Dependency Management Required practicum One of the fundamental tenets of the CISO-Executive program is that students should be able to use their experience and learning in a practical fashion while attending the program. In the practicum, a team of students conceive, develop, and deliver a solution to an information security issue applicable in today s cyber environment. Visit our website for additional information about this certificate program. SOFTWARE ENGINEERING INSTITUTE 5

12 Secure Coding Professional Certificate: C and C++ cert.org/go/secure-coding This certificate program helps you, as a C/C++ developer, increase the security of your software and reduce vulnerabilities in the programs you develop. This program covers areas such as recognizing common programming errors that lead to software vulnerabilities, thwarting buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic, avoiding the incorrect use of dynamic memory management functions, eliminating integer-related problems, and avoiding I/O vulnerabilities including race conditions. Required Courses Secure Software Concepts Secure Coding in C and C++ Page 21 Secure Coding in C and C++ Exam Visit our website for additional information about this certificate program. Secure Coding Professional Certificate: Java (available spring 2016) cert.org/go/secure-coding This certificate program helps you, as a Java developer, increase the security of your software and reduce vulnerabilities in the programs you develop. This program covers areas such as recognizing common programming errors that lead to software vulnerabilities, avoiding injection attacks, understanding Java s memory model, learning when to throw and catch exceptions, understanding how common errors can be exploited, employing mitigation strategies to prevent introducing common errors, and avoiding I/O vulnerabilities. Required Courses Secure Software Concepts Secure Coding in Java++ Page 22 Secure Coding in Java Exam Visit our website for additional information about this certificate program. 6 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

13 Our Cybersecurity Courses Our instructors have years of experience in the cybersecurity field and perform cutting-edge research. Incident Handling Courses Training in incident handling helps managers, project leaders, CSIRT staff, and computer forensic professionals create and manage CSIRTs, prepares incident handlers to respond to system compromises at the administrator level, teaches technical staff the best practices they can use for analyzing malicious code, and describes tools and best practices that can be used to support organizations incident response and forensic analysis investigations. SOFTWARE ENGINEERING INSTITUTE 7

14 O Overview of Creating and Managing CSIRTs One-Day Course Incident Handling sei.cmu.edu/training/p68.cfm This course provides a consolidated view of information that is contained in two other CERT courses: Creating a Computer Security Incident Response Team (page 9) and Managing CSIRTs (page 10). Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT). In this course, you explore the relationships among CSIRTs, incident management, and security management and discuss how successful incident management requires an enterprise view and approach. The course presents a process-based model for structuring incident management activities and provides an introductory view of CSIRTs. Learn more about the purpose and structure of CSIRTs; CSIRT services; and key policies, procedures, methods, tools, and infrastructure components needed to effectively operate a CSIRT. those tasked with creating a CSIRT C-level managers (e.g., CIOs, CSOs, CISOs) and CSIRT managers project leaders and team members system and network administrators, and security staff (e.g., privacy officers, audit or risk staff) human resources staff media or public relations staff CSIRT constituents law enforcement members legal counsel understand the terms incident management and CSIRT differentiate between incident management and incident response activities describe activities conducted in the five processes that make up the CERT Incident Management Process Model (Prepare, Protect, Detect, Triage, and Respond) identify the type of work that CSIRT managers and staff may be expected to handle and the policies and procedures that should be established for a CSIRT explain the purpose and structure of CSIRTs define the variety and level of services that can be provided by a CSIRT apply process improvement techniques for operating and evaluating an effective CSIRT Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. 8 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

15 P O Creating a Computer Security Incident Response Team One-Day Course Incident Handling 0.6 CEUs sei.cmu.edu/training/p25.cfm This course is designed to help you create a computer security incident response team (CSIRT) by covering the following topics: requirements for establishing an effective CSIRT the various organizational models for a CSIRT the variety and level of services that can be provided by a CSIRT the types of resources and infrastructure needed to support a team policies and procedures that should part of creating a CSIRT current and prospective CSIRT managers C-level managers (e.g., CIOs, CSOs, CISOs) project leaders interested in establishing or starting a CSIRT staff who interact with CSIRTs (e.g., CSIRT constituents, media relations, legal counsel, law enforcement, human resources, risk management staff) understand the requirements for establishing an effective CSIRT strategically plan the development and implementation of a new CSIRT highlight issues associated with assembling a responsive, effective team of computer security professionals identify policies and procedures to establish and implement in a CSIRT understand various organizational models for a new CSIRT understand the variety and level of services that can be provided by a CSIRT Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. Take a related course You may also want to register for the three-day companion course, Managing Computer Security Incident Response Teams, which takes place immediately after this course. See page 10 for details. SOFTWARE ENGINEERING INSTITUTE 9

16 P O Managing Computer Security Incident Response Teams Three-Day Course Incident Handling 1.8 CEUs sei.cmu.edu/training/p28.cfm This course provides you, as a manager of a computer security incident response team (CSIRT), with a pragmatic view of the issues that you face in operating an effective team. The course provides an overview of the incident handling process and the types of tools and infrastructure needed to be effective. We discuss issues such as hiring CSIRT staff, identifying critical information, publishing information, establishing effective working relationships, working with law enforcement, evaluating CSIRT operations, building CSIRT service capacity, and the importance of policies and procedures. There is some content overlap between the Managing CSIRTs course and the Fundamentals of Incident Handling course. We recommend that attendees register for one course or the other, but not both. managers responsible for implementing and working with a CSIRT those who want to learn more about operating effective CSIRTs staff who interact with CSIRTs (e.g., CSIRT constituents, media relations, legal counsel, law enforcement members, human resources staff, risk management staff) recognize the importance of establishing well-defined policies and procedures for incident management processes identify policies and procedures that should be established and implemented for a CSIRT recognize various processes involved in detecting, analyzing, and responding to computer security events and incidents identify components needed for protecting and sustaining CSIRT operations manage a responsive, effective team of computer security professionals evaluate CSIRT operations and identify performance gaps, risks, and needed improvements Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. Take a related course Before attending this course, we encourage you to attend the companion course, Creating a Computer Security Incident Response Team, which is offered the day before this course. See page 9 for details. 10 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

17 P O Fundamentals of Incident Handling Five-Day Course Incident Handling 3.1 CEUs sei.cmu.edu/training/p26.cfm This course provides you, as a prospective incident handler, with a basic introduction to the main incident handling tasks and critical thinking skills that will help you do your daily work. The course provides insight into the work that incident handlers perform and provides an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities. You learn how to gather the information required to handle an incident, learn more about CSIRT policies and procedures, understand the technical issues related to commonly reported attack types, and identify potential problems to avoid while performing CSIRT work. You participate in sample incidents and perform analysis and response tasks related to them. There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both. CSIRT technical staff with one to three months of experience experienced CSIRT staff who want to benchmark their CSIRT processes and skill sets against best practices anyone who wants to learn about basic incident handling functions and activities recognize the importance of following well-defined processes, policies, and procedures understand the issues involved in providing a CSIRT service critically analyze and assess the impact of computer security incidents effectively build and coordinate response strategies for computer security incidents Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. Get a certificate This course is part of our Certificate in Incident Response Process. See page 4 for details. Take a related course After completing this course, we encourage you to attend the companion course, Advanced Incident Handling. See page 12 for details. SOFTWARE ENGINEERING INSTITUTE 11

18 P O Advanced Incident Handling Five-Day Course Incident Handling 3.1 CEUs sei.cmu.edu/training/p23b.cfm In this course, you learn techniques for detecting and responding to current and emerging computer security threats and attacks that are targeted at a variety of operating systems and architectures. Building on the methods and tools discussed in the Fundamentals of Incident Handling course, this course provides guidance that you, as an incident handler, can use when responding to system compromises at the privileged (root or administrator) level. You work in a team throughout the week-long course to handle a series of escalating incidents that are presented as part of an ongoing scenario. You review broader aspects of CSIRT work such as computer forensics; artifact analysis; vulnerability handling; and the development of advisories, alerts, and management briefings. current computer security incident response team (CSIRT) members technical staff with three to six months of incident handling experience system and network administrators responsible for identifying and responding to security incidents detect and characterize various attack types understand the complexity of and effectively respond to privileged and major events and incidents within your CSIRT gain a practical understanding of various methods for analyzing artifacts left on a compromised system explore new developments in the area of computer forensics obtain practical experience in the analysis of vulnerabilities and the coordination of vulnerability handling tasks formulate effective advisories, alerts, and management briefings Visit our website for additional information about topics, prerequisites, materials, and schedule. Get a certificate This course is part of our Certificate in Incident Response Process. See page 4 for details. 12 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

19 O Malware Analysis Apprenticeship Five-Day Course Incident Handling 3.3 CEUs sei.cmu.edu/training/p88.cfm This hands-on course, available only to U.S. government employees and contractors, teaches you best practices for analyzing malicious code. In the course, you are given real-world malicious code samples to dissect. You gain a fundamental understanding of a variety of malware analysis tools and techniques that can directly support your organization s incident response function and improve your performance. Technical U.S. government employees and contractors who manage or support networked information systems differentiate between common classes of malware identify common attack vectors used to inject malicious code into a system understand fundamental malware analysis techniques perform surface analysis of malware, including calculating cryptographic hashes and file sizes build a secure environment where analyses can be performed identify malware network touch points via runtime analysis run a malicious program using a debugger recognize common malware fingerprints in assembly identify custom encoding routines Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. SOFTWARE ENGINEERING INSTITUTE 13

20 P O Advanced Forensic Response & Analysis Three-Day Course Incident Handling 2.5 CEUs sei.cmu.edu/training/p103.cfm This fast-paced, advanced course is designed for you if you are looking to expand your solid knowledge of incident response and forensic analysis. The course helps you improve your collection and processing skills by outlining a structured process (or flow) you can use to conduct incident response and intrusion investigations. You learn common areas where you can find evidentiary data to improve your investigations and learn the pros and cons of common evidence collection measures forensic analysis steps methods for organizing analysis results to identify evidentiary data forensic analysts in the public or private sector active computer forensic professionals with an understanding of core forensic and information technology principles those who conduct incident response, intrusion investigations, or other types of computer forensic investigations prepare for an intrusion investigation, including performing reconnaissance and developing a known toolset recognize best practices for responding to an incident understand methods for collecting data that s most relevant to your investigation perform analysis of victim and perpetrator systems identify malicious applications correlate system events with file activity perform runtime analysis of malicious applications identify resident artifacts subsequent to the intrusion Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. 14 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

21 Network & Software Security Courses Network Security training provides technical staff members, engineers, software managers, and technical leads best practices and practical techniques for protecting the security of their organization s information assets and resources. Topics covered include the SQUARE methodology, secure coding in C and C++, and four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement. SOFTWARE ENGINEERING INSTITUTE 15

22 P O L Information Security for Technical Staff Five-Day Course Network & Software Security 2.7 CEUs sei.cmu.edu/training/p27.cfm This course provides you with practical techniques for protecting the security of your organization s information assets and resources. In the course, you focus on understanding and applying the concept of survivability and effectively managing risk, threats, policy, system configuration, availability, and personnel. The course features extensive hands-on labs and demonstrations that cover topics such as network scanning and enumeration; packet capture and analysis; Windows Group Policy and Security templates; network traffic encryption with IPSec; intrusion detection and prevention with Snort; information on personal and enterprise firewalls, password cracking, and extensive hacking/hardening of Linux, Windows, and Cisco platforms in both wireless and cabled networks. You use a laptop during the course and have access to a wide variety of networked systems. Technical staff members who manage or support networked information systems; and have two years of practical experience with networked systems or equivalent training/education some degree of familiarity with the ISO/OSI 7-layered reference model and Ethernet, TCP/IP, and network operating systems such as Windows NT/2000/XP and Unix describe the components of survivability, risk and asset management as applied to networked systems, and the Security Knowledge in Practice (SKiP) methodology summarize key security concerns of the TCP/IP protocol suite describe common methods of gathering information on networked systems describe the types of vulnerabilities and threats and common attack methods describe best practices for actively defending systems from intrusions Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. Get a certificate This course is part of the curriculum for the Certificate in Information Security. See page 4 for details. 16 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

23 P O Applied Cybersecurity, Incident Response, and Forensics Five-Day Course Network & Software Security 3.3 CEUs sei.cmu.edu/training/p107.cfm This hands-on course is designed to increase your knowledge and skills as someone who administers and secures information systems and networks. The course covers vulnerability assessments, systems administration, network monitoring, incident response, digital forensics, and Intrusion Detection Systems.,You have direct administrative access to networked systems (e.g., Windows, Linux and Cisco), which will be modified and instrumented throughout the course. Working in a team, you review host and network system hardening concepts in hands-on labs begin implementing a network get well plan for a sample infrastructure apply your new skills to detect, analyze, and respond to real-world threats compete in identifying vulnerabilities and prioritizing defensive measures Technical staff members who manage or support networked information systems; we recommend you have one year of practical experience with networked systems or equivalent training/education six months of security administration experience background in data networking with entry-level Unix or Windows system administration experience familiarity with the OSI model and the TCP/IP protocol stack install and configure network access control technologies and intrusion detection sensors implement techniques for hardening host systems and services implement technology for monitoring the status/availability of network services implement system logging and networking monitoring safely collect and secure sensitive incident response data analyze and respond to network and system events Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. Get a certificate This course is part of the curriculum for the Certificate in Information Security. See page 4 for details. SOFTWARE ENGINEERING INSTITUTE 17

24 P O Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth Three-Day Course Network & Software Security 1.8 CEUs sei.cmu.edu/training/p61.cfm In this course, you are introduced to the CERT Defense-in-Depth Framework, which consists of eight operationally focused and interdependent management components. In the course, you synergistically apply these components to a fictitious organization s IT enterprise. You learn high-level best practices for effectively integrating the eight components into all aspects of IT operations. You then use a scenario to reinforce these best practices. Technical staff members, IT managers, security managers, system administrators, and IT security staff who have two years of practical experience with networked systems or equivalent training/ education some degree of familiarity with the ISO/OSI 7-layered reference model and Ethernet, TCP/IP, and major network operating systems such as Windows NT/2000/XP and Unix describe the CERT Defense-in-Depth framework and its components holistically examine IT operations for information assurance threats and vulnerabilities apply the framework to improve the overall security posture of IT operations Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. 18 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

25 O DevOps Process and Implementation One-Day Course Network & Software Security 0.5 CEUs sei.cmu.edu/training/p116.cfm In this course, you receive comprehensive training on DevOps principles and process and techniques for project planning, development, and deployment from start to finish. Using technical demonstrations and practical scenarios, you learn about use cases on Continuous Integration (CI) tools and practices, and reference architectures. Those working in software development, including technical managers, technical leads, developers, QA engineers, release/deployment engineers, and operational support staff who want to bring DevOps to their organization want to improve their existing DevOps strategy are challenged by slow deployment cycles see a disconnect among business needs, development, and operational teams are looking for strategies to convince their organization of the benefits of DevOps recognize the realities of DevOps, from tools and techniques to culture and specific organizational business and operational needs navigate the challenging tasks of adapting DevOps theories, practices, and tools to meet your particular business needs provide measurable value to your organization Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. Take a related course You may also want to register for the one-day companion workshop, DevOps in Practice Workshop. See page 20 for details. SOFTWARE ENGINEERING INSTITUTE 19

26 P O DevOps in Practice Workshop One-Day Workshop Network & Software Security 0.5 CEUs sei.cmu.edu/training/p115.cfm In this workshop, you receive a comprehensive, hands-on review of DevOps topics and process and techniques for project planning, development, and deployment from start to finish. Specifically, this workshop exposes you to reference architectures and hands-on experience with Continuous Integration (CI) tools and practices, including technical demonstrations and practical scenarios. Those working in software development who have direct knowledge and hands-on experience with their organization s development processes, including technical managers technical leads developers QA engineers release/deployment engineers operational support staff understand Dev Ops values and principles understand how modern automation and tooling solves common problems in software development and delivery recognize best practices employed by DevOps industry leaders better identify process improvements at your organization through new perspectives on software development and delivery best begin a DevOps transformation in your organization Visit our website for additional information about topics, prerequisites, materials, and schedule. Take a related course You may also want to register for the one-day companion course, DevOps Process and Implementation. See page 19 for details. 20 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

27 O Secure Coding in C and C++ Four-Day Course Network & Software Security 2.4 CEUs sei.cmu.edu/training/p63.cfm In this course, you learn common programming errors in C and C++ and how these errors can lead to code that is vulnerable to exploitation. The course focuses on security issues intrinsic to the C and C++ programming languages and associated libraries. This course is useful to you if you are involved in developing secure C and C++ programs regardless of the specific application. You bring your own laptop, equipped with the latest version of Adobe Reader and VMware Player for hands-on instruction. What you learn applies to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture (IA-32). Developers with basic C and C++ programming skills, but not necessarily an in-depth knowledge of software security avoid programming errors that lead to software vulnerabilities understand how these errors can be exploited implement mitigation strategies for preventing the introduction of these errors improve the overall security of any C or C++ application thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions eliminate integer-related problems: integer overflows, sign errors, and truncation errors correctly use formatted output functions without introducing format-string vulnerabilities avoid I/O vulnerabilities, including race conditions Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. SOFTWARE ENGINEERING INSTITUTE 21

28 O Secure Coding in Java Four-Day Course Network & Software Security 2.2 CEUs sei.cmu.edu/training/p118.cfm In this course, derived from the Addison Wesley books The CERT Oracle Secure Coding Standard for Java and Java Coding Guidelines, you learn common programming errors in Java and how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the Java programming languages and associated libraries. Java developers anyone involved in developing secure Java programs regardless of the specific application improve the overall security of any Java application avoid injection attacks, such as SQL injection and XSS understand Java s memory model with a thorough grounding of concurrency prevent race conditions while avoiding deadlock recognize when to throw and catch exceptions avoid I/O vulnerabilities, including file-based race conditions know how historical exploits on Java were executed and later disabled Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. 22 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

29 O Software Assurance Methods in Support of Cyber Security One-Day Course Network & Software Security 0.65 CEUs sei.cmu.edu/training/p108.cfm This course is designed to expose you, as a manager, engineer, or acquirer, to concepts and resources you can use now to address software security assurance across the acquisition and development lifecycles. This workshop focuses on four critical software assurance areas: security requirements software supply chain assurance mission thread analysis measurement Those who are concerned with software security assurance across the acquisition and development lifecycles, including software managers technical leads software and lead engineers software and system acquisition experts program/project managers understand the challenges of software assurance recognize key concepts and methods for security risk analysis and measurement, security requirements elicitation, mission thread analysis, supply chain risk analysis begin planning how to address software assurance for acquisition and development programs understand the best practices that can be implemented for software assurance Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. SOFTWARE ENGINEERING INSTITUTE 23

30 O Security Requirements Engineering Using the SQUARE Method Two-Day Course Network & Software Security 1.3 CEUs sei.cmu.edu/training/p104.cfm In this workshop, you receive an overview of security requirements engineering and the SQUARE methodology. The SQUARE methodology is an end-to-end process for security requirements engineering that helps you build security into the early stages of the production lifecycle. In the workshop, you discuss all nine steps of the SQUARE methodology in detail and participate as part of team case study. Requirements engineering defects, including those in security requirements, cost 10 to 200 times more to correct during implementation than if they are detected during requirements development. A study found returns on investment of 12 to 21 percent when security analysis and secure engineering practices are introduced early in the development cycle. Those concerned with security requirements in developed or acquired software, including software managers technical leads software engineers requirements engineers security specialists understand the challenges of security requirements engineering see how important it is to develop security requirements in the same time frame as functional requirements, rather than as an add-on patch understand why the methods used to identify functional requirements may not work directly for security requirements recognize methods for security risk analysis, security requirements elicitation, and security requirements prioritization apply the SQUARE method for security requirements engineering Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. 24 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

31 Risk Assessment & Insider Threat Courses Risk Assessment and Insider Threat training teaches managers, executives, security and business continuity professionals, risk managers, compliance personnel, and insider threat program managers to develop strategies for protecting their organizations from security threats and to better manage their risks. Topics covered include the CERT Resilience Management Model (CERT-RMM), OCTAVE Allegro method, and insider threat program management best practices. SOFTWARE ENGINEERING INSTITUTE 25

32 P O Introduction to the CERT Resilience Management Model Three-Day Course Risk Assessment & Insider Threat 1.9 CEUs sei.cmu.edu/training/p66.cfm This course introduces you to a model-based process improvement approach for managing operational resilience using the CERT Resilience Management Model (CERT-RMM). CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk. By improving operational resilience processes (e.g., vulnerability analysis, incident management, service continuity), you can improve and sustain the resilience of mission-critical assets and services. Using CERT-RMM as a guide, you can evaluate your current security, business continuity, and IT operations practices and make effective decisions about which practices are working and which need to be replaced. security and business continuity professionals process improvement professionals, particularly those looking to extend process improvement approaches into the operations phase of the lifecycle enterprise and operational risk management professionals anyone interested in applying a maturity model approach to managing operational resilience understand the challenges of managing operational resilience have a working knowledge of key operational resilience, operational risk, and resilience management concepts and their relationships understand the CERT-RMM model structure and how to use it apply a process improvement and maturity model approach to managing operational resilience have a working knowledge of the 26 CERT-RMM process areas understand how CERT-RMM is used to appraise an organization s capability for managing operational resilience begin planning for a process improvement effort in your organization Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. 26 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

33 O CERT Resilience Management Model Appraisal Boot Camp Two-Day Course Risk Assessment & Insider Threat 1.5 CEUs sei.cmu.edu/training/p101.cfm If you are seeking to become an SEI-certified CERT-RMM Lead Appraiser, you must complete this course as part of your certification requirements. This boot camp provides an overview of the CERT-RMM Capability Appraisal Method (CAM) and gives you the knowledge you need to apply your SCAMPI experience in a CERT- RMM context. The CAM is a tailored version of the SCAMPI method that addresses the unique challenges of appraising capability using CERT-RMM in the operations phase of the lifecycle. At the boot camp, you learn about important decisions for scoping an appraisal, characterizing practices, and deriving capability levels. You also learn about appraisal considerations for unique CERT-RMM model attributes (e.g., Targeted Improvement Roadmaps). In addition, you learn to properly interpret CERT- RMM process areas that were sourced from CMMI models, such as Resilience Requirements Development and Organizational Training and Awareness. This course is solely for CMMI Lead Appraisers who are looking to extend their process improvement capabilities into the operations phase of the lifecycle. After attending the course, you qualify as a candidate CERT-RMM Lead Appraiser. candidate CERT-RMM Lead Appraisers apply the CAM process to perform a CERT-RMM capability appraisal identify the major differences in using the SCAMPI process for CERT-RMM appraisals rather than CMMI models identify the CERT-RMM fine-grained scoping options: practice-level, asset, and resilience domains define and scope a CERT-RMM appraisal establish Targeted Improvement Roadmaps to commence a CERT-RMM process improvement effort Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. Become a CERT-RMM Appraiser See sei.cmu.edu/certification/opportunities/rmm-la/become-cert-rmm-la.cfm for information. SOFTWARE ENGINEERING INSTITUTE 27

34 O CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series Four Two-Day Workshops Risk Assessment & Insider Threat 2.0 CEUs sei.cmu.edu/training/p92.cfm You can improve your organizational resilience by attending a year-long series of workshops at an SEI facility. At these workshops, you experience hands-on activities to help you understand, compare, and enhance your organizational resilience using the CERT-RMM as the guide. The focus of each workshop session in the year-long series is guided by the needs of the organizations that register. Organizations that become a member of the users group receive registration for four two-day CERT-RMM workshops at a SEI facility (Participating organizations may send up to three attendees to each workshop.) participation in the Introduction to the CERT Resilience Management Model training course, which is delivered during the first workshop invitations to contribute to discussion forums and other interim collaboration opportunities, organized and conducted by CERT-RMM technical leaders, between the workshops those interested in a deep understanding of operational resilience and would like to implement the CERT-RMM internally in their organization security and business continuity professionals process improvement professionals operational risk professionals benchmark your organization s resilience activities against the CERT-RMM begin to answer key resilience measurement and analysis questions about your organization and identify measures you can use to evaluate and improve your resilience improve the effectiveness and efficiency of operational risk/management activities participate in peer-to-peer comparisons reduce the complexity and improve the efficiency of compliance activities Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. 28 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

35 P O L Assessing Information Security Risk Using the OCTAVE Approach Three-Day Course Risk Assessment & Insider Threat 2 CEUs sei.cmu.edu/training/p10b.cfm In this course, you learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method. OCTAVE Allegro focuses on information assets in their operational context to identify and analyze risks based on where they originate and where information is stored, transported, and processed. By focusing on operational risks to information assets, you learn to view risk assessment in the context of your organization s strategic objectives and risk tolerances. OCTAVE Allegro satisfies the requirement for an annual risk assessment outlined in paragraph of Standard PCI-DSS v2.0. those who want an in-depth understanding of the OCTAVE Allegro Risk Assessment Methodology security professionals, business continuity planners, compliance personnel, risk managers, and others who require the knowledge and skills to understand operational risk and perform risk assessments those who need to perform formal risk assessments to satisfy PCI-DSS requirements understand the various elements of operational risk understand the connections among information security, business continuity, IT operations, and operational risk management understand operational risk, threat, vulnerabilities, impact, services, and their related assets understand the purpose of the OCTAVE Allegro structured risk management approach how to prepare an organization for a risk assessment using OCTAVE Allegro how to get started and when to tailor the process to meet unique organizational needs Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. SOFTWARE ENGINEERING INSTITUTE 29

36 P O Measuring What Matters: Security Metrics Workshop Two-Day Course Risk Assessment & Insider Threat 1.3 CEUs sei.cmu.edu/training/p117.cfm It is critical to measure the right things to make informed management decisions, take the appropriate actions, and change behaviors. But how do you figure out what those right things are? In this course, you use real-world strategic objectives to develop specific business goals and the applicable questions, indicators, and actionable metrics that you can implement at your own organization to improve your ability to manage operational risks, particularly cybersecurity risks. Organizations today often make cyber risk management decisions based on fear, uncertainty, and doubt (FUD); the latest attack; compliance mandates (e.g., HIPAA, FISMA, SOX, PCI); and security risk frameworks that have little to do with the way the rest of the organization measures risk and prioritizes operational risk management activities. Instead, an organization s information risk management approach should align with its business objectives. A measurement approach tied to strategic business objectives ensures that planning, budgeting, and the allocation of operational resources focus on what matters most to the organization. In addition, using such an approach helps identify metrics that may not be worth the investment to collect. Directors and managers of operational risk management information technology (IT) cybersecurity/information security IT and cybersecurity compliance IT and cybersecurity audit security professionals who support these directors and managers refine a strategic or business objective that meets that SMARTER criteria Specific, Measureable, Achievable, Relevant, Time bound, Evaluated, Reviewed and can be used to initiate the Goal Question Indicator Metric (GQIM) process identify a core set of business goals based on your business objective formulate one or more key questions and indicators for each goal (Answers to the questions help determine how well the goal is being achieved and the indicators further inform the answer to each question.) identify one or more metrics for each indicator that most directly informs the answer to one or more questions Visit our website for additional information about topics, prerequisites, materials, and schedule. 30 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

37 L Insider Threat Awareness Training One-Hour Course Risk Assessment & Insider Threat sei.cmu.edu/training/v29.cfm This course provides you with a basic understanding of insider threats within an organization and what you, as an employee, should be aware are your responsibilities to protect your organization s critical assets. You learn how your work can be affected and how you can be targeted by insider threats. This training is necessary for compliance with the anticipated guidelines set forth in the National Industrial Security Program Operating Manual (NISPOM) in accordance with Executive Order all employees (especially those with security clearances) senior executives insider threat program team members insider threat program managers contractors and subcontractors suppliers and business partners define an insider and the threats they impose to critical assets recall common motivations of malicious insiders name different types of insider threats recognize how you can become an unintentional insider threat discuss impacts to your organization, the general public, and national security describe the consequences of being a malicious or unintentional insider understand how you can be targeted by a malicious individual as well as external adversaries identify reportable behaviors of malicious insiders identify steps you can take to protect yourself know what to do if you see or suspect an insider threat recognize resources available to you in your organization Visit our website for additional information about topics, prerequisites, materials, and schedule related to this course. SOFTWARE ENGINEERING INSTITUTE 31

38 L Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats Five-Hour Online Course Risk Assessment & Insider Threat 0.5 CEUs sei.cmu.edu/training/v26.cfm This course provides you with a thorough understanding of insider threat terminology, identifies different types of insider threats, teaches you how to recognize both technical and behavioral indicators, and outlines mitigation strategies. This training course supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance including Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes set forth in the National Industrial Security Program Operating Manual (NISPOM). insider threat program team members insider threat program managers define an insider and the threats he or she can impose to critical assets recognize the difference between malicious and unintentional insider threats recognize the most common types of insider threats identify legislation enacted to help prevent insider threats describe the activity, behavioral and technical precursors, and characteristics of fraud and theft of intellectual property recognize and avoid unintentional insider threats recognize controls to potentially prevent insider attacks identify best practices for insider threat mitigation recognize the purpose of an insider threat program Visit our website for additional information about topics, prerequisites, materials, and schedule. Get a certificate This course is a required component of the Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and Insider Threat Program Evaluator certificate programs. See cert.org/insiderthreat or pages 2 3 for details. 32 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

39 L Building an Insider Threat Program Seven-Hour Online Course Risk Assessment & Insider Threat 1.0 CEUs sei.cmu.edu/training/v27.cfm This course provides you with a thorough understanding of the organizational models for an insider threat program, the necessary components of an effective program, the key stakeholders who must be involved in the process, and basic education on the implementation and guidance of the program. This training course supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance including: Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes set forth in the National Industrial Security Program Operating Manual (NISPOM). insider threat program team members insider threat program managers state key components of an insider threat program identify critical participants in establishing the program create an implementation plan and roll-out identify the type of staff and skills needed on an insider threat program operational team identify the types of policies and procedures needed for an insider threat program identify existing policies and procedures to be updated to support the insider threat program determine the infrastructure requirements needed to support insider threat program operations identify the governance and management support needed to sustain a formal insider threat program Visit our website for additional information about topics, prerequisites, materials, and schedule. Get a certificate This course is a required component of the Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and Insider Threat Program Evaluator certificate programs. See cert.org/insiderthreat or pages 2 3 for details. SOFTWARE ENGINEERING INSTITUTE 33

40 P O Insider Threat Program Manager: Implementation and Operation Three-Day Course Risk Assessment & Insider Threat 2.2 CEUs sei.cmu.edu/training/p110.cfm This course builds on the concepts in the prerequisite courses Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats and Building an Insider Threat Program. This course teaches you a process roadmap that you can follow to build a robust insider threat program. The roadmap includes various techniques and methods for developing, implementing, and operating program components. This course supports organizations implementing and managing insider threat detection and prevention programs based on government mandates or guidance including Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes in the National Industrial Security Program Operating Manual (NISPOM). insider threat program team members insider threat program managers identify critical assets and protection schemes identify methods to gain management support and sponsorship plan implementation of an insider threat program identify policy and process updates that accommodate insider threat components identify sources and priorities for data collection identify infrastructure changes and enhancements necessary for implementing and supporting an insider threat program outline operational considerations and requirements needed to implement the program build policies and processes to help hire the right staff and develop a culture of security improve your security awareness training Visit our website for additional information about topics, prerequisites, materials, and schedule. Get a certificate This course is a required component of the Insider Threat Program Manager certificate program. See cert.org/insiderthreat or page 2 for details. This course is recommended for anyone pursing the certificates for the Insider Threat Vulnerability Assessor or Insider Threat Program Evaluator, but is not required. 34 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

41 P O Insider Threat Vulnerability Assessor Training Three-Day Course Risk Assessment & Insider Threat 1.8 CEUs sei.cmu.edu/training/p112.cfm This course helps you develop the skills and competencies to perform an insider threat vulnerability assessment of an organization. These assessments help you identify issues affecting your organization s insider threat risk, design and implement tactical countermeasures, and formulate a strategic action plan for long-term risk mitigation. The vulnerabilities and processes assessed in the class are based on real cases. You learn how to plan and execute an assessment and develop the final evaluation report. Those interested in performing insider threat vulnerability assessments To perform assessments using CERT tools, candidate assessors must be sponsored by an approved SEI Partner organization. on the process and associated fees, please refer to SEI Certification Opportunities: sei.cmu.edu/certification/opportunities/index.cfm. plan and schedule an assessment distinguish between capabilities, levels, and indicators scope an assessment for particular critical assets or business processes develop a data collection plan interview assessed organization s staff to corroborate performance of indicators enter evidence into the Joint Assessment Tool (JAT) substantiate evidence of indicators being met and score capabilities write sections of the assessment report defend results presented in the assessment report Visit our website for additional information about topics, prerequisites, materials, and schedule. License the ITVA tool Organizations can license the CERT Insider Threat Vulnerability Assessment tool for internal use or to assess others for potential vulnerabilities. See sei.cmu.edu/ certification/opportunities/itva/index.cfm for more information. Get a certificate This course is a required component of the Insider Threat Vulnerability Assessment certificate program. See cert.org/insiderthreat or page 3 for details. SOFTWARE ENGINEERING INSTITUTE 35

42 P SGMM Navigator Training Two-Day Online Course Risk Assessment & Insider Threat 1.8 CEUs sei.cmu.edu/training/p109.cfm This course introduces the Smart Grid Maturity Model (SGMM) Navigation process to those interested in becoming an SEI-certified SGMM navigator. The SGMM navigation process provides utilities with essential planning support and positions the navigator to initiate new engagements and gain follow-on work with utility customers. Using an interactive virtual classroom environment and a case study that simulates all aspects of the SGMM navigation process, you explore the SGMM s 175 aspects of smart grid implementation. Developed by utilities for utilities, the SGMM is a comprehensive analysis and planning tool. To complete the course, participants must pass a final examination, available at commercial testing centers. systems integrators consultants vendors those who want to assist utilities through SGMM planning and implementation deliver an SGMM overview plan and conduct a survey workshop for a utility that results in high-integrity data validate and analyze SGMM Compass survey data to produce findings plan and conduct an aspirations workshop that establishes a profile of the utility s smart grid aspirations understand roles, responsibilities, and how to become an SEI-Certified SGMM Navigator understand the utility industry and provide additional value to your customers Visit our website for additional information about topics, prerequisites, materials, and schedule. Become a certified SGMM Navigator See sei.cmu.edu/certification/opportunities/sgmm/index.cfm for information. Become licensed to use Navigator Organizations can license SGMM Navigator for internal use or to evaluate the effectiveness of other programs. See sei.cmu.edu/certification/opportunities/ sgmm/ for information. 36 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

43 CERT STEPfwd Platform CERT STEPfwd (Simulation, Training, and Exercise Platform) combines extensive research and innovative technology to offer a new solution to cybersecurity workforce research and development, helping you and your team achieve a continuous cycle of professional development. Platform features Get access to a rich library of cybersecurity and information assurance training. Become part of a virtual classroom that enables you to attend lectures, watch demonstrations, and conduct hands-on labs. View and manage members of your organization s workforce as they progress toward training objectives. Learn anywhere, anytime CERT STEPfwd makes components from traditional classroom training, including lectures, slide presentations, hands-on labs, team exercises, and quizzes, available from the convenience of a web browser. It provides you with a robust, cost-effective training and education option, focused on ensuring that personnel are able to resist, recognize, and recover from attacks on networked systems. Learning components The four learning components of CERT STEPfwd are 1. On-demand lectures. Recorded lectures on information security topics are captured from original classroom instruction and converted to an online format that includes audio transcripts. Materials are available in PDF format, and narrated demonstrations are used to explain specific techniques and technologies. Enhancements include an HTML5 video player and mobile device delivery capabilities. 2. Hands-on labs. You can get access to hundreds of hands-on training labs in an isolated virtual environment. These labs are designed to build student skill sets and can range from simple tool and technique familiarization to more complex course capstone events. Each lab includes a manual that provides context for the subject, a network map of machines students will interact with, and a series of step-by-step instructions with screenshots. These labs are not simulations; students provision real servers in preconfigured networks and access them in a web browser without modifying their own computers. Multiple connection options to the STEPfwd hands-on virtual labs are available including HTML5, ActiveX, Java, and using a native RDP Client. SOFTWARE ENGINEERING INSTITUTE 37

44 3. Team cyber exercises. Designed to address the challenges of realism and scalability of scenario-based cybersecurity exercises and simulations, STEPfwd provides a platform for team experience building by enabling delivery of customized, full-scale cybersecurity exercises that simulate real-world scenarios and environments. Multiple instantiations of the same exercise can be deployed simultaneously to accommodate a large number of participants. The platform provides easy access to thousands of virtual machine templates; automated deployment, removal, and reset of entire virtual topologies; automated and bulk execution of commands on virtual hosts; integration of thousands of virtual and physical devices to support large-scale events; and incorporation of large multiuse Internet topologies. 4. Progress and completion reporting. Quizzes are used to test mastery of the content through a variety of question types. A robust learning management system helps organizations manage enrollments and track student progress. Get an account Accounts are priced on a per person basis; each account provides access to the platform and content for a 12-month period. Contact us to request an account. Software Engineering Institute 4500 Fifth Avenue, Pittsburgh, PA Phone: Web: [email protected] 38 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

45 Next Steps: Register for a Course cert.org/training/ How to register You can register for many SEI courses online. Some courses require an application process. Please visit the SEI training website to submit your course registration and payment. Once your registration is processed, you receive an confirming course delivery details (e.g., start time, hotel, and accommodations). Use the URL provided on each page of this catalog to access details about individual courses and to register. Register early The number of students per course is limited, and many courses fill to capacity. Submit your registration early to ensure your space in your preferred course. What s included Your course fee includes comprehensive course materials a certificate of completion continental breakfasts, refreshment breaks, and lunches (classroom training only) Pricing guidelines All courses list prices for different types of students: government, academic, industry, and international. Government pricing applies to all U.S. government employees (federal, state, local). This pricing does NOT apply to government contractors. Academic pricing applies to all employees and students of a U.S. academic/ educational organization (university, college, institute). Industry pricing applies to all employees located within the United States. This pricing applies to government contractors, general industry, non-government employees, and those not part of an academic institution. International pricing applies to anyone whose office is located outside the United States. If a course is offered outside of the U.S., international rates still apply, regardless of the proximity of the course to the attendee s office. Forms of payment accepted Credit card (Visa, MasterCard, or American Express) Check Company or government purchase order Wire transfer Cancellation and refunds The SEI issues refunds (less a $75 administrative fee) if you submit a written cancellation that is received at least three weeks before the course begins. Refunds are not given for courses missed due to acts of nature. SOFTWARE ENGINEERING INSTITUTE 39

46 Substitutions and transfers You may send a substitute attendee to an SEI course (provided that the substitute meets the prerequisites) by ing a request prior to the start of the course. By sending a written request, you may transfer registration fees from one SEI course offering to another that occurs within 12 months. There is no charge for the first transfer if your request is received at least three weeks before the course begins. Transfer requests received later than three weeks before the course begins and all subsequent transfers incur a $50 administrative fee. Public training policies The SEI accepts qualified registrants for training on a first-come, first-served basis. Dates and prices are subject to change. The SEI reserves the right to cancel a course offering due to low enrollment. Travel planning The SEI training website provides lodging recommendations for courses held at SEI offices in Pittsburgh, Pennsylvania; Arlington, Virginia; and Frankfurt, Germany. For training events at other locations, the SEI attaches travel and lodging information to the that confirms your registration. You are responsible for arranging your own travel and lodging accommodations. Continuing education units Upon successful completion of SEI courses, you are awarded Continuing Education Units (CEUs). The number of CEUs earned for a course are included on the certificate of course completion. 40 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016

47 Statement of accessibility Carnegie Mellon University makes every effort to provide accessible facilities and programs for individuals with disabilities. To arrange accommodations/services, please contact the SEI by or telephone ( ) at least three weeks prior to the course start date. The Software Engineering Institute (SEI) is a federally funded research and development center (FFRDC) sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI mission is to advance software engineering and related disciplines to ensure systems with predictable and improved quality, cost, and schedule. Family Educational Rights and Privacy Act of 1974 (FERPA) Course participant records created at the SEI in connection with SEI education and training courses are strictly confidential, and their protection is mandated under federal legislation known as the Family Educational Rights and Privacy Act of 1974 (FERPA) Copyrights Carnegie Mellon University SEI-authored documents are sponsored by the U.S. Department of Defense under Contract FA C Carnegie Mellon University retains copyrights in all material produced under this contract. The U.S. government retains a non-exclusive, royalty-free license to publish or reproduce these documents, or allow others to do so, for U.S. government purposes only pursuant to the copyright license under the contract clause at For information and guidelines regarding permission to use specific copyrighted materials owned by Carnegie Mellon University (e.g., text and images), see Permissions at If you do not find the copyright information you need, please consult your legal counsel for advice. Trademarks and service marks Carnegie Mellon Software Engineering Institute (stylized), Carnegie Mellon Software Engineering Institute (and design), and the stylized hexagon are trademarks of Carnegie Mellon University. Architecture Tradeoff Analysis Method, ATAM, Capability Maturity Model, Carnegie Mellon, CERT, CERT Coordination Center, CMM, CMMI, and FloCon are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University. SM CMM Integration, Personal Software Process, PSP, SCAMPI, SEPG, Team Software Process, and TSP are service marks of Carnegie Mellon University. For information and guidelines regarding the proper referential use of Carnegie Mellon University service marks and trademarks, see Trademarks and Service Marks at by Carnegie Mellon University

48 About For nearly 30 years, the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University has been a leader in cybersecurity. Originally focused on incident response, we have expanded into cybersecurity areas such as network situational awareness, malicious code analysis, secure coding, resilience management, insider threats, digital investigations and intelligence, workforce development, DevOps, forensics, software assurance, vulnerability discovery and analysis, and risk management. To learn more, visit our website at or send us an at [email protected]. Contact Us Software Engineering Institute 4500 Fifth Avenue, Pittsburgh, PA Phone: Web: [email protected] 2016 Carnegie Mellon University Cvr4 CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2016