cert cybersecurity training & education course catalog · pdf...

SOFTWARE ENGINEERING INSTITUTE Cvr1

CERT Cybersecurity Training & EducationCourse Catalog

Our security training helps you use your knowledge, skills, and experience to successfully and effectively resist, recognize, and recover from attacks on networked systems.The CERT approach to security training builds your knowledge, skills, and experience in a continuous cycle of professional development. Each phase focuses on building a specific area of development that is leveraged and supplemented by the next phase of development.

Knowledge buildingprovides you with the fundamental concepts related to a particular topic area.

Skill buildingdevelops your hands-on technical skills based on the foundational knowledge you learned in the Knowledge Building phase.

Experience buildingdevelops your ability to adapt and successfully apply your security skills in changing and unfamiliar real-world environments.

Evaluationuses performance metrics to assess your learning and identify areas of improvement for continued professional development.

For more information about the CERT approach to security training See cert.org/cyber-workforce-development.

SOFTWARE ENGINEERING INSTITUTE i

ContentsThe CERT Approach to Cybersecurity Training ......................................................... iii

Our Cybersecurity Certificates and Courses............................................................. iv

Our Cybersecurity Certificates CERT Certificate in Digital Forensics ............................................................................. 2Insider Threat Program Manager (ITPM) Certificate ......................................................... 2Insider Threat Vulnerability Assessor (ITVA) Certificate.................................................... 3Insider Threat Program Evaluator (ITPE) Certificate ......................................................... 3SEI Certificate in Incident Response Process ................................................................. 4SEI Certificate in Information Security ........................................................................... 4CISO-Executive Certificate ............................................................................................ 5Secure Coding in C and C++ Professional Certificate ..................................................... 6Secure Coding in Java Professional Certificate ............................................................... 6

Our Cybersecurity Courses Incident Handling Courses .......................................................................................9Overview of Creating and Managing CSIRTs ................................................................. 10Creating a Computer Security Incident Response Team ................................................ 11Managing Computer Security Incident Response Teams ............................................... 12Fundamentals of Incident Handling ............................................................................. 13Advanced Incident Handling ....................................................................................... 14Advanced Forensic Response & Analysis ..................................................................... 15

Network & Software Security Courses ....................................................................17Information Security for Technical Staff ....................................................................... 18Applied Cybersecurity, Incident Response, and Forensics .............................................. 19Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth .................................................................................... 20Secure DevOps Process and Implementation ............................................................... 21DevOps in Practice Workshop ..................................................................................... 22Secure Coding in C and C++ ...................................................................................... 23Secure Coding in Java ............................................................................................... 24Software Assurance Methods in Support of Cyber Security ........................................... 25Security Requirements Engineering Using the SQUARE Method ..................................... 26Vulnerability Response Capability ............................................................................... 27

Risk Assessment & Insider Threat Courses ............................................................29Introduction to the CERT Resilience Management Model .............................................. 30CERT Resilience Management Model Appraisal Boot Camp .......................................... 31CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series .......... 32Assessing Information Security Risk Using the OCTAVE Approach .................................. 33Measuring What Matters: Security Metrics Workshop ................................................... 34Insider Threat Awareness Training ............................................................................... 35Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats ......... 36Building an Insider Threat Program ............................................................................. 37Insider Threat Program Manager: Implementation and Operation .................................. 38Insider Threat Vulnerability Assessor Training .............................................................. 39SGMM Navigator Training ........................................................................................... 40

CERT STEPfwd Platform ........................................................................................41

Next Steps: Register for a Course ..........................................................................43

CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2017ii

SOFTWARE ENGINEERING INSTITUTE iii

The CERT Approach to Cybersecurity TrainingTechnology has become such an integral part of our lives and business operations that it is important to have a skilled workforce to protect networked systems. You are faced with the ongoing challenge of ensuring that you have the most current knowledge, skills, and experiences to protect your organization from cyberattacks. However, this challenge is particularly difficult because industry trends, practices, and technologies are constantly changing.

Attackers continually find new ways to circumvent security controls and infiltrate systems. Likewise, security practices and technologies evolve to keep pace with this changing landscape. To protect your organization, you must adapt to the changes in the ecosystem, whether they are problems posed by attackers or solutions supplied by researchers and developers. To apply the latest security practices and technologies successfully, you need to have the right knowledge, skills, and experience.

How can we help?We developed training and certificate programs that help you learn how to tackle these cybersecurity challenges. The right training can help you by providing

• knowledge, skill development, and experience most relevant to your responsibilities

• a high level of cybersecurity proficiency

• a focus on high-priority, high-payoff elements of cybersecurity

• efficient and effective approaches you can apply in your organization

• affordable, high-quality training solutions

• scalable training solutions that can reach all relevant staff in your organization

We have also responded to your need for flexible training options by developing remote training capabilities. Our STEP (Simulation, Training, and Exercise Platform) environment provides “anytime, anywhere” access to materials that include demonstrations, hands-on training labs, and an exercise environment that allows you to improve your skills through realistic and flexible training scenarios.

Who we areFor nearly 30 years, the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University has been a leader in cybersecurity. Originally focused on incident response, we have expanded into cybersecurity areas such as network situational awareness, malicious code analysis, secure coding, resilience management, insider threats, digital investigations and intelligence, workforce development, DevOps, forensics, software assurance, vulnerability discovery and analysis, and risk management.

Since 1984, the SEI serves the nation as a federally funded research and development center based at Carnegie Mellon University, which is recognized worldwide for its programs in computer science and engineering. As part of Carnegie Mellon, the SEI operates at the leading edge of technical innovation. The SEI has served as a national resource in software engineering, computer security, and process improvement.

CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2017iv

Our Cybersecurity Certificates and CoursesTake our courses individually or earn a certificate by combining courses.

CertificatesFormally acknowledge your professional accomplishments by earning one of our professional certificates in fields such as insider threat, digital forensics, and security management. You can benefit from the skills you acquire and the recognition the certificate provides in your continuing education and professional development. See our complete list of certificate programs on pages 1–6.

CoursesWe offer courses in multiple cybersecurity topics grouped into three categories:

1. Incident Handling2. Network & Software Security3. Risk Assessment & Insider Threat

See our complete list of courses and descriptions starting on page 9.

Flexible delivery options

PPublic coursesWe offer public training courses, delivered in the Pittsburgh, PA and Arlington, VA SEI offices. Review the current schedule of public courses at cert.org/training.

Pricing: Per student

OOnsite coursesWe offer courses delivered onsite at your facility.

Pricing: Flat fee

LLive, virtual coursesWe deliver courses via synchronous distance learning from the CERT Distributed Learning Center (CDLC). The CDLC is equipped with the latest videoconferencing technology to allow you to attend a course from a remote location as though you were there with the other students in a virtual classroom.

Pricing: Flat fee

SSTEPfwdUsing the STEPfwd platform, we provide components of traditional classroom training, including lectures, slide presentations, hands-on labs, team cyber exercises, and quizzes from the convenience of a web browser.

Pricing: Annual fee per person

Our Cybersecurity Certificates

CERT Certificate in Digital Forensics ............................................................................. 2

Insider Threat Program Manager (ITPM) Certificate ......................................................... 2

Insider Threat Vulnerability Assessor (ITVA) Certificate.................................................... 3

Insider Threat Program Evaluator (ITPE) Certificate ......................................................... 3

SEI Certificate in Incident Response Process ................................................................. 4

SEI Certificate in Information Security ........................................................................... 4

CISO-Executive Certificate ............................................................................................ 5

Secure Coding in C and C++ Professional Certificate ..................................................... 6

Secure Coding in Java Professional Certificate ............................................................... 6

Join the many cybersecurity professionals who have benefited not only from the skills they acquire, but also from the recognition of their continuing education and professional development.

1SOFTWARE ENGINEERING INSTITUTE

CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 20172

CERT Certificate in Digital Forensicssei.cmu.edu/training/v34.cfm

Knowledgeable first responders apply good forensic practices to routine administrative procedures and alert verification, and know how routine actions can adversely affect the forensic value of data. This awareness greatly enhances system and network administrators’ effectiveness when responding to security alerts and other routine matters.

This certificate is designed to familiarize you, as an experienced system and network computer professional, with the essential elements of digital forensics and build on your existing technical skill set. Completing this professional certificate prepares you to approach both routine and unusual cybersecurity events in a systematic forensic manner.

You will take two asynchronous eLearning classes: Introduction to Computer Forensics and Advanced Digital Forensics. You have 12 months to complete both courses. When you complete all elements of each course, you are awarded an electronic certificate of course completion. When you complete both courses, you are awarded the CERT Certificate in Digital Forensics.

For more informationVisit our website for additional information about topics, prerequisites, materials, and schedule.

Insider Threat Program Manager (ITPM) Certificatecert.org/insiderthreat/insider-threat-program-manager-itpm-certificate.cfm

This certificate program helps you, as an insider threat program manager, develop a formal insider threat program. Its training components cover areas such as insider threat planning, identification of internal and external stakeholders, components of an insider threat program, insider threat team development, strategies for effective communication of the program, and how to effectively implement and operate the program within your organization.

Required Courses• Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats Page 36

• Building an Insider Threat Program Page 37

• Insider Threat Program Implementation and Operation Page 38

• Insider Threat Program Manager Certificate Exam

For more informationVisit our website for additional information about this certificate program.

SOFTWARE ENGINEERING INSTITUTE 3

Insider Threat Vulnerability Assessor (ITVA) Certificatecert.org/insiderthreat/insider-threat-vulnerability-assessor-itva-certificate.cfm

This certificate enables you, as a prospective assessor, to help organizations gain a better understanding of their insider threat risk as well as effectively identify and manage the associated risks. In the courses that support this certificate, you use an assessment methodology to assist organizations by measuring how prepared they are to prevent, detect, and respond to the insider threat.

Required Courses• Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats Page 36


• Insider Threat Vulnerability Assessor Training Page 39

• Insider Threat Vulnerability Assessor Certificate Exam


Insider Threat Program Evaluator (ITPE) Certificatecert.org/insiderthreat/

This certificate enables you, as a prospective evaluator, to help organizations gain a better understanding of the effectiveness of their established insider threat programs. In the courses that support this certificate, you learn how to build an insider threat program and perform an insider threat program evaluation.

Required Courses• Insider Threat Overview: Preventing, Detecting, and Responding to

Insider Threats Page 36


• Insider Threat Program Evaluator Training (available Fall 2017)

• Insider Threat Program Evaluator Certificate Exam (available Fall 2017)


License the ITVA toolset and methodologyOrganizations can license the CERT Insider Threat Vulnerability Assessment toolset for internal use or to assess others for potential vulnerabilities. See sei.cmu.edu/certification/opportunities/itva/for more information.


SEI Certificate in Incident Response Processsei.cmu.edu/training/certificates/security/response.cfm

This certificate introduces you, as a prospective computer security incident response team (CSIRT) member, with a basic introduction to the main incident handling tasks and critical thinking skills that will help you perform your job. The second course covers common and emerging attacks that target a variety of operating systems and architectures.

Ultimately, this certificate is designed to provide you with insight into the type and nature of work that you will perform as an incident handler. It will provide an overview of the incident handling arena, including CSIRT services, intruder threats, the nature of incident response activities, and the steps that incident handlers can take in response to system compromises at the privileged level.

Required courses• Fundamentals of Incident Handling Page 13

• Advanced Incident Handling Page 14


SEI Certificate in Information Securitysei.cmu.edu/training/certificates/security/infosecurity.cfm

This certificate is designed to provide you with practical techniques for protecting the security of your organization’s information assets and resources and increase the depth of your knowledge and skills to prepare you to administer and secure your information systems and networks. Security issues, technologies, and recommended practices are addressed at increasing layers of complexity, beginning with concepts and proceeding on to technical implementations.

The courses required for this certificate involve extensive hands-on laboratories using a heterogeneous network environment, scenario-based exercises, lectures/briefings, and open discussion to help participants develop their understanding of the problems and strategies for securing information systems and networks.

Required courses• Information Security for Technical Staff Page 18

• Applied Cybersecurity, Incident Response, and Forensics Page 19



CISO-Executive Certificateheinz.cmu.edu/school-of-information-systems-and-management/cio-institute/ chief-information-security-officer-executive-education-and-certification-program/index.aspx

This certificate enables you, as a Chief Information Security Officer (CISO), to develop and manage IS resources, and design and implement organizational IS policies. In the courses that support this certificate, you learn everything from security metrics to enterprise security governance to crisis communication to information security law.

The CISO-Executive Education and Certificate Program is designed to address the issues CISOs face and provides a unique opportunity for peer-based, customized executive education. This program was developed and is jointly supported by the Heinz College CIO Institute at Carnegie Mellon and the CERT Division of the Software Engineering Institute (SEI).

With classes taught by internationally recognized faculty and industry experts, the CISO-Executive program draws on the strengths of Carnegie Mellon University and the SEI, both recognized across the globe as leaders in information assurance, security, policy, and executive education.

This program focuses on providing essential education and skills for professionals in the field and those seeking to enhance their career growth objectives.

Required course topics• Security Structure and Operations

• Digital Transformation (DT): Security Implications

• Cyber Risk Management & Security Metrics

• Operational Cyber Resilience

• Enterprise Security Governance & Planning

• A Realistic View of Security Technology

• Effective Incident Response

• Managing Operational Threat

• Developing a Crisis Communications Strategy

• Information Security Law

• Social Engineering

• Building an Insider Threat Program

• External Dependency Management

Required practicumOne of the fundamental tenets of the CISO-Executive program is that students should be able to use their experience and learning in a practical fashion while attending the program. In the practicum, a team of students conceive, develop, and deliver a solution to an information security issue applicable in today’s cyber environment.



Secure Coding in C and C++ Professional Certificatecert.org/go/secure-coding

This certificate program helps you, as a C/C++ developer, increase the security of your software and reduce vulnerabilities in the programs you develop. This program covers areas such as recognizing common programming errors that lead to software vulnerabilities, thwarting buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic, avoiding the incorrect use of dynamic memory management functions, eliminating integer-related problems, and avoiding I/O vulnerabilities including race conditions.

Required Courses• Secure Software Concepts

• Secure Coding in C and C++ Page 23

• Secure Coding in C and C++ Exam


Secure Coding in Java Professional Certificatecert.org/go/secure-coding

This certificate program helps you, as a Java developer, increase the security of your software and reduce vulnerabilities in the programs you develop. This program covers areas such as recognizing common programming errors that lead to software vulnerabilities, avoiding injection attacks, understanding Java’s memory model, learning when to throw and catch exceptions, understanding how common errors can be exploited, employing mitigation strategies to prevent introducing common errors, and avoiding I/O vulnerabilities.

Required Courses• Secure Software Concepts

• Secure Coding in Java Page 24

• Secure Coding in Java Exam


Our Cybersecurity CoursesOur instructors have years of experience in the cybersecurity field and perform cutting-edge research.

Incident Handling Courses .......................................................................................9

Network & Software Security Courses ....................................................................17

Risk Assessment & Insider Threat Courses ............................................................29


Incident Handling CoursesTraining in incident handling helps managers, project leaders, CSIRT staff, and computer forensic professionals create and manage CSIRTs, prepares incident handlers to respond to system compromises at the administrator level, teaches technical staff the best practices they can use for analyzing malicious code, and describes tools and best practices that can be used to support organizations’ incident response and forensic analysis investigations.

Overview of Creating and Managing CSIRTs ................................................................. 10

Creating a Computer Security Incident Response Team ................................................ 11

Managing Computer Security Incident Response Teams ............................................... 12

Fundamentals of Incident Handling ............................................................................. 13

Advanced Incident Handling ....................................................................................... 14

Advanced Forensic Response & Analysis ..................................................................... 16



O Overview of Creating and Managing CSIRTsOne-Day Course • Incident Handling

sei.cmu.edu/training/P68.cfm

This course provides a consolidated view of information that is contained in two other CERT courses: Creating a Computer Security Incident Response Team (page 11) and Managing CSIRTs (page 12). Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT).

In this course, you explore the relationships among CSIRTs, incident management, and security management and discuss how successful incident management requires an enterprise view and approach. The course presents a process-based model for structuring incident management activities and provides an introductory view of CSIRTs. Learn more about the purpose and structure of CSIRTs; CSIRT services; and key policies, procedures, methods, tools, and infrastructure components needed to effectively operate a CSIRT.

Who should attend?• those tasked with creating a CSIRT

• C-level managers (e.g., CIOs, CSOs, CISOs) and CSIRT managers

• project leaders and team members

• system and network administrators, and security staff (e.g., privacy officers, audit or risk staff)

• human resources staff

• media or public relations staff

• CSIRT constituents

• law enforcement members

• legal counsel

You will learn to• understand the terms “incident management” and “CSIRT”

• differentiate between incident management and incident response activities

• describe activities conducted in the five processes that make up the CERT Incident Management Process Model (Prepare, Protect, Detect, Triage, and Respond)

• identify the type of work that CSIRT managers and staff may be expected to handle and the policies and procedures that should be established for a CSIRT

• explain the purpose and structure of CSIRTs

• define the variety and level of services that can be provided by a CSIRT

• apply process improvement techniques for operating and evaluating an effective CSIRT

For more informationVisit our website for additional information about topics, prerequisites, materials, and schedule related to this course.


P O Creating a Computer Security Incident Response TeamOne-Day Course • Incident Handling • 0.6 CEUs


This course is designed to help you create a computer security incident response team (CSIRT) by covering the following topics:

• requirements for establishing an effective CSIRT

• the various organizational models for a CSIRT

• the variety and level of services that can be provided by a CSIRT

• the types of resources and infrastructure needed to support a team

• policies and procedures that should part of creating a CSIRT

Who should attend?• current and prospective CSIRT managers

• C-level managers (e.g., CIOs, CSOs, CISOs)

• project leaders interested in establishing or starting a CSIRT

• staff who interact with CSIRTs (e.g., CSIRT constituents, media relations, legal counsel, law enforcement, human resources, risk management staff)

You will learn to• understand the requirements for establishing an effective CSIRT

• strategically plan the development and implementation of a new CSIRT

• highlight issues associated with assembling a responsive, effective team of computer security professionals

• identify policies and procedures to establish and implement in a CSIRT

• understand various organizational models for a new CSIRT

• understand the variety and level of services that can be provided by a CSIRT


Take a related courseYou may also want to register for the three-day companion course, Managing Computer Security Incident Response Teams, which takes place immediately after this course. See page 12 for details.


P O Managing Computer Security Incident Response TeamsThree-Day Course • Incident Handling • 1.8 CEUs


This course provides you, as a manager of a computer security incident response team (CSIRT), with a pragmatic view of the issues that you face in operating an effective team. The course provides an overview of the incident handling process and the types of tools and infrastructure needed to be effective.

We discuss issues such as hiring CSIRT staff, identifying critical information, publishing information, establishing effective working relationships, working with law enforcement, evaluating CSIRT operations, building CSIRT service capacity, and the importance of policies and procedures.

There is some content overlap between the Managing CSIRTs course and the Fundamentals of Incident Handling course. We recommend that attendees register for one course or the other, but not both.

Who should attend?• managers responsible for implementing and working with a CSIRT

• those who want to learn more about operating effective CSIRTs

• staff who interact with CSIRTs (e.g., CSIRT constituents, media relations, legal counsel, law enforcement members, human resources staff, risk management staff)

You will learn to• recognize the importance of establishing well-defined policies and procedures for

incident management processes

• identify policies and procedures that should be established and implemented for a CSIRT

• recognize various processes involved in detecting, analyzing, and responding to computer security events and incidents

• identify components needed for protecting and sustaining CSIRT operations

• manage a responsive, effective team of computer security professionals

• evaluate CSIRT operations and identify performance gaps, risks, and needed improvements


Take a related courseBefore attending this course, we encourage you to attend the companion course, Creating a Computer Security Incident Response Team, which is offered the day before this course. See page 11 for details.


P O Fundamentals of Incident HandlingFive-Day Course • Incident Handling • 3.1 CEUs


This course provides you, as a prospective incident handler, with a basic introduction to the main incident handling tasks and critical thinking skills that will help you do your daily work. The course provides insight into the work that incident handlers perform and provides an overview of the incident handling arena, including CSIRT services, intruder threats, and the nature of incident response activities.

You learn how to gather the information required to handle an incident, learn more about CSIRT policies and procedures, understand the technical issues related to commonly reported attack types, and identify potential problems to avoid while performing CSIRT work. You participate in sample incidents and perform analysis and response tasks related to them.

There is significant content overlap between the Fundamentals of Incident Handling course and the Managing CSIRTs course. We recommend that attendees register for one course or the other, but not both.

Who should attend?• CSIRT technical staff with one to three months of experience

• experienced CSIRT staff who want to benchmark their CSIRT processes and skill sets against best practices

• anyone who wants to learn about basic incident handling functions and activities

You will learn to• recognize the importance of following well-defined processes, policies, and

procedures

• understand the issues involved in providing a CSIRT service

• critically analyze and assess the impact of computer security incidents

• effectively build and coordinate response strategies for computer security incidents


Get a certificateThis course is part of the SEI Certificate in Incident Response Process. See page 4 for details.

Take a related courseAfter completing this course, we encourage you to attend the companion course, Advanced Incident Handling. See page 14 for details.


P O Advanced Incident HandlingFive-Day Course • Incident Handling • 3.1 CEUs

sei.cmu.edu/training/p23b.cfm

In this course, you learn techniques for detecting and responding to current and emerging computer security threats and attacks that are targeted at a variety of operating systems and architectures.

Building on the methods and tools discussed in the Fundamentals of Incident Handling course, this course provides guidance that you, as an incident handler, can use when responding to system compromises at the privileged (root or administrator) level.

You work in a team throughout the week-long course to handle a series of escalating incidents that are presented as part of an ongoing scenario. You review broader aspects of CSIRT work such as computer forensics; artifact analysis; vulnerability handling; and the development of advisories, alerts, and management briefings.

Who should attend?• current computer security incident response team (CSIRT) members

• technical staff with three to six months of incident handling experience

• system and network administrators responsible for identifying and responding to security incidents

You will learn to• detect and characterize various attack types

• understand the complexity of and effectively respond to privileged and major events and incidents within your CSIRT

• gain a practical understanding of various methods for analyzing artifacts left on a compromised system

• explore new developments in the area of computer forensics

• obtain practical experience in the analysis of vulnerabilities and the coordination of vulnerability handling tasks

• formulate effective advisories, alerts, and management briefings


Get a certificateThis course is part of the SEI Certificate in Incident Response Process. See page 4 for details.


P O Advanced Forensic Response & AnalysisThree-Day Course • Incident Handling • 2.5 CEUs


This fast-paced, advanced course is designed for you if you are looking to expand your solid knowledge of incident response and forensic analysis. The course helps you improve your collection and processing skills by outlining a structured process (or flow) you can use to conduct incident response and intrusion investigations. You learn common areas where you can find evidentiary data to improve your investigations and learn the pros and cons of

• common evidence collection measures

• forensic analysis steps

• methods for organizing analysis results to identify evidentiary data

Who should attend?• forensic analysts in the public or private sector

• active computer forensic professionals with an understanding of core forensic and information technology principles

• those who conduct incident response, intrusion investigations, or other types of computer forensic investigations

You will learn to• prepare for an intrusion investigation, including performing reconnaissance and

developing a known toolset

• recognize best practices for responding to an incident

• understand methods for collecting data that’s most relevant to your investigation

• perform analysis of victim and perpetrator systems

• identify malicious applications

• correlate system events with file activity

• perform runtime analysis of malicious applications

• identify resident artifacts subsequent to the intrusion


Information Security for Technical Staff ....................................................................... 18

Applied Cybersecurity, Incident Response, and Forensics .............................................. 19

Managing Enterprise Information Security: A Practical Approach for

Achieving Defense-in-Depth .................................................................................... 20

Secure DevOps Process and Implementation ............................................................... 21

DevOps in Practice Workshop ..................................................................................... 22

Secure Coding in C and C++ ...................................................................................... 23

Secure Coding in Java ............................................................................................... 24

Software Assurance Methods in Support of Cyber Security ........................................... 25

Security Requirements Engineering Using the SQUARE Method ..................................... 26

Vulnerability Response Capability ............................................................................... 27

Network & Software Security CoursesNetwork Security training provides technical staff members, engineers, software managers, and technical leads best practices and practical techniques for protecting the security of their organization’s information assets and resources. Topics covered include DevOps, the SQUARE methodology, secure coding in Java, C, and C++, the development of an organization’s vulnerability response capability, and four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement.



P O S

Information Security for Technical StaffFive-Day Course • Network & Software Security • 2.7 CEUs

sei.cmu.edu/training/P27.cfm • sei.cmu.edu/training/V21.cfm

This course provides you with practical techniques for protecting the security of your organization’s information assets and resources. In the course, you focus on understanding and applying the concept of survivability and effectively managing risk, threats, policy, system configuration, availability, and personnel.

The course features extensive hands-on labs and demonstrations that cover topics such as network scanning and enumeration; packet capture and analysis; Windows Group Policy and Security templates; network traffic encryption with IPSec; intrusion detection and prevention with Snort; information on personal and enterprise firewalls, password cracking, and extensive hacking/hardening of Linux, Windows, and Cisco platforms in both wireless and cabled networks. You use a laptop during the course and have access to a wide variety of networked systems.

Who should attend?Technical staff members who manage or support networked information systems; and have

• two years of practical experience with networked systems or equivalent training/education

• some degree of familiarity with the ISO/OSI 7-layered reference model and Ethernet, TCP/IP, and network operating systems such as Windows NT/2000/XP and Unix

You will learn to• describe the components of survivability, risk and asset management as applied to

networked systems, and the Security Knowledge in Practice (SKiP) methodology

• summarize key security concerns of the TCP/IP protocol suite

• describe common methods of gathering information on networked systems

• describe the types of vulnerabilities and threats and common attack methods

• describe best practices for actively defending systems from intrusions


Get a certificateThis course is part of the curriculum for the SEI Certificate in Information Security. See page 4 for details.


P O Applied Cybersecurity, Incident Response, and ForensicsFive-Day Course • Network & Software Security • 3.3 CEUs


This hands-on course is designed to increase your knowledge and skills as someone who administers and secures information systems and networks. The course covers vulnerability assessments, systems administration, network monitoring, incident response, digital forensics, and Intrusion Detection Systems.

,You have direct administrative access to networked systems (e.g., Windows, Linux and Cisco), which will be modified and instrumented throughout the course.

Working in a team, you

• review host and network system hardening concepts in hands-on labs

• begin implementing a network “get well” plan for a sample infrastructure

• apply your new skills to detect, analyze, and respond to real-world threats

• compete in identifying vulnerabilities and prioritizing defensive measures

Who should attend?Technical staff members who manage or support networked information systems; we recommend you have

• one year of practical experience with networked systems or equivalent training/education

• six months of security administration experience

• background in data networking with entry-level Unix or Windows system administration experience

• familiarity with the OSI model and the TCP/IP protocol stack

You will learn to• install and configure network access control technologies and intrusion detection

sensors

• implement techniques for hardening host systems and services

• implement technology for monitoring the status/availability of network services

• implement system logging and networking monitoring

• safely collect and secure sensitive incident response data

• analyze and respond to network and system events


Get a certificateThis course is part of the curriculum for the SEI Certificate in Information Security. See page 4 for details.


O Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-DepthThree-Day Course • Network & Software Security • 1.8 CEUs


In this course, you are introduced to the CERT Defense-in-Depth Framework, which consists of eight operationally focused and interdependent management components. In the course, you synergistically apply these components to a fictitious organization’s IT enterprise. You learn high-level best practices for effectively integrating the eight components into all aspects of IT operations. You then use a scenario to reinforce these best practices.

Who should attend?Technical staff members, IT managers, security managers, system administrators, and IT security staff who have

• two years of practical experience with networked systems or equivalent training/education

• some degree of familiarity with the ISO/OSI 7-layered reference model and Ethernet, TCP/IP, and major network operating systems such as Windows NT/2000/XP and Unix

You will learn to• describe the CERT Defense-in-Depth framework and its components

• holistically examine IT operations for information assurance threats and vulnerabilities

• apply the framework to improve the overall security posture of IT operations



O L

Secure DevOps Process and ImplementationHalf-Day Course • Network & Software Security • 0.5 CEUs


In this course, you receive comprehensive training on DevOps principles and process and techniques for project planning, development, and deployment from start to finish. Using technical demonstrations and practical scenarios, you learn about use cases on Continuous Integration (CI) tools and practices, and reference architectures. Students who complete this course receive a certificate of completion.

Who should attend?Those working in software development, including technical managers, technical leads, developers, QA engineers, release/deployment engineers, and operational support staff who

• want to bring DevOps to their organization

• want to improve their existing DevOps strategy

• are looking for solutions to manage evolving software development needs

• are challenged by slow deployment cycles

• see a disconnect among business needs, development, and operational teams

• are looking for strategies to convince their organization of the benefits of DevOps

You will learn to• recognize the realities of DevOps, from tools and techniques to culture and specific

organizational business and operational needs

• navigate the challenging tasks of adapting DevOps theories, practices, and tools to meet your particular business needs

• provide measurable value to your organization


Take a related courseYou may also want to register for the one-day companion workshop, DevOps in Practice Workshop. See page 22 for details.


P O DevOps in Practice WorkshopOne-Day Workshop • Network & Software Security • 0.5 CEUs


In this workshop, you receive a comprehensive, hands-on review of DevOps topics and process and techniques for project planning, development, and deployment from start to finish. Specifically, this workshop exposes you to reference architectures and hands-on experience with Continuous Integration (CI) tools and practices, including technical demonstrations and practical scenarios.

Who should attend?Those working in software development who have direct knowledge and hands-on experience with their organization’s development processes, including

• technical managers

• technical leads

• developers

• QA engineers

• release/deployment engineers

• operational support staff

You will learn to• understand Dev Ops values and principles

• understand how modern automation and tooling solves common problems in software development and delivery

• recognize best practices employed by DevOps industry leaders

• better identify process improvements at your organization through new perspectives on software development and delivery

• best begin a DevOps transformation in your organization


Take a related courseYou may also want to register for the one-day companion course, Secure DevOps Process and Implementation. See page 21 for details.


O Secure Coding in C and C++Four-Day Course • Network & Software Security • 2.4 CEUs


In this course, you learn common programming errors in C and C++ and how these errors can lead to code that is vulnerable to exploitation. The course focuses on security issues intrinsic to the C and C++ programming languages and associated libraries. This course is useful to you if you are involved in developing secure C and C++ programs regardless of the specific application.

What you learn applies to various development environments, but the examples are specific to Microsoft Visual Studio and Linux/GCC and the 32-bit Intel Architecture (IA-32).

Who should attend?Developers with basic C and C++ programming skills, but not necessarily an in-depth knowledge of software security

You will learn to• avoid programming errors that lead to software vulnerabilities

• understand how these errors can be exploited

• implement mitigation strategies for preventing the introduction of these errors

• improve the overall security of any C or C++ application

• thwart buffer overflows and stack-smashing attacks that exploit insecure string manipulation logic

• avoid vulnerabilities and security flaws resulting from the incorrect use of dynamic memory management functions

• eliminate integer-related problems: integer overflows, sign errors, and truncation errors

• correctly use formatted output functions without introducing format-string vulnerabilities

• avoid I/O vulnerabilities, including race conditions



O Secure Coding in Java Four-Day Course • Network & Software Security • 2.2 CEUs


In this course, derived from the Addison Wesley books The CERT Oracle Secure Coding Standard for Java and Java Coding Guidelines, you learn common programming errors in Java and how these errors can lead to code that is vulnerable to exploitation. The course concentrates on security issues intrinsic to the Java programming languages and associated libraries.

Who should attend?• Java developers

• anyone involved in developing secure Java programs regardless of the specific application

You will learn to• improve the overall security of any Java application

• avoid injection attacks, such as SQL injection and XSS

• understand Java’s memory model with a thorough grounding of concurrency

• prevent race conditions while avoiding deadlock

• recognize when to throw and catch exceptions

• avoid I/O vulnerabilities, including file-based race conditions

• know how historical exploits on Java were executed and later disabled



O Software Assurance Methods in Support of Cyber SecurityOne-Day Course • Network & Software Security • 0.65 CEUs


This course is designed to expose you, as a manager, engineer, or acquirer, to concepts and resources you can use now to address software security assurance across the acquisition and development lifecycles. This workshop focuses on four critical software assurance areas:

• security requirements

• software supply chain assurance

• mission thread analysis

• measurement

Who should attend?Those who are concerned with software security assurance across the acquisition and development lifecycles, including

• software managers

• technical leads

• software and lead engineers

• software and system acquisition experts

• program/project managers

You will learn to• understand the challenges of software assurance

• recognize key concepts and methods for security risk analysis and measurement, security requirements elicitation, mission thread analysis, supply chain risk analysis

• begin planning how to address software assurance for acquisition and development programs

• understand the best practices that can be implemented for software assurance



O Security Requirements Engineering Using the SQUARE MethodTwo-Day Course • Network & Software Security • 1.3 CEUs


In this workshop, you receive an overview of security requirements engineering and the SQUARE methodology. The SQUARE methodology is an end-to-end process for security requirements engineering that helps you build security into the early stages of the production lifecycle. In the workshop, you discuss all nine steps of the SQUARE methodology in detail and participate as part of team case study.

Requirements engineering defects, including those in security requirements, cost 10 to 200 times more to correct during implementation than if they are detected during requirements development. A study found returns on investment of 12 to 21 percent when security analysis and secure engineering practices are introduced early in the development cycle.

Who should attend?Those concerned with security requirements in developed or acquired software, including

• software managers

• technical leads

• software engineers

• requirements engineers

• security specialists

You will learn to• understand the challenges of security requirements engineering

• see how important it is to develop security requirements in the same time frame as functional requirements, rather than as an add-on patch

• understand why the methods used to identify functional requirements may not work directly for security requirements

• recognize methods for security risk analysis, security requirements elicitation, and security requirements prioritization

• apply the SQUARE method for security requirements engineering



O Vulnerability Response CapabilityOne-Day Course • Network & Software Security • 0.7 CEUs


This course is designed to help you respond when vulnerabilities are reported in your products. It provides a high-level overview of the key issues, processes, and decisions that your organization must make to build its vulnerability response capability. As part of the course, you will develop an action plan that is a starting point for planning and implementing a vulnerability response capability in your organization.

Through lectures and class exercises, you will learn

• requirements for establishing an effective vulnerability response capability

• various organizational models to choose from

• a variety and level of services that can be provided

• types of resources and infrastructures needed to support a team

• policies and procedures that should be established when creating a vulnerability response capability

By the end of this course, you will understand the importance of a vulnerability response capability and how it can demonstrate to current and potential customers, business partners, security researchers, the media, and the general public that you take product security seriously.

Who should attend?• current and prospective product security managers

• project leaders who are interested in establishing a vulnerability response capability

• staff who interact with product security teams (e.g., higher level management, media relations, legal counsel, product engineers)

You will learn to• understand the requirements for establishing an effective vulnerability response

capability

• strategically plan the development and implementation of a new vulnerability response capability

• identify policies and procedures that should be established

• understand and take action on vulnerability disclosure issues

• communicate and work with security researchers


Risk Assessment & Insider Threat CoursesRisk Assessment and Insider Threat training teaches managers, executives, security and business continuity professionals, risk managers, compliance personnel, and insider threat program managers to develop strategies for protecting their organizations from security threats and to better manage their risks. Topics covered include the CERT Resilience Management Model (CERT-RMM), OCTAVE Allegro method, and insider threat program management best practices.

Introduction to the CERT Resilience Management Model .............................................. 30

CERT Resilience Management Model Appraisal Boot Camp .......................................... 31

CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series .......... 32

Assessing Information Security Risk Using the OCTAVE Approach .................................. 33

Measuring What Matters: Security Metrics Workshop ................................................... 34

Insider Threat Awareness Training ............................................................................... 35

Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats ......... 36

Building an Insider Threat Program ............................................................................. 37

Insider Threat Program Manager: Implementation and Operation .................................. 38

Insider Threat Vulnerability Assessor Training .............................................................. 39

SGMM Navigator Training ........................................................................................... 40



P O Introduction to the CERT Resilience Management ModelThree-Day Course • Risk Assessment & Insider Threat • 1.9 CEUs


This course introduces you to a model-based process improvement approach for managing operational resilience using the CERT Resilience Management Model (CERT-RMM). CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk.

By improving operational resilience processes (e.g., vulnerability analysis, incident management, service continuity), you can improve and sustain the resilience of mission-critical assets and services. Using CERT-RMM as a guide, you can evaluate your current security, business continuity, and IT operations practices and make effective decisions about which practices are working and which need to be replaced.

Who should attend?• security and business continuity professionals

• process improvement professionals, particularly those looking to extend process improvement approaches into the operations phase of the lifecycle

• enterprise and operational risk management professionals

• anyone interested in applying a maturity model approach to managing operational resilience

You will learn to• understand the challenges of managing operational resilience

• have a working knowledge of key operational resilience, operational risk, and resilience management concepts and their relationships

• understand the CERT-RMM model structure and how to use it

• apply a process improvement and maturity model approach to managing operational resilience

• have a working knowledge of the 26 CERT-RMM process areas

• understand how CERT-RMM is used to appraise an organization’s capability for managing operational resilience

• begin planning for a process improvement effort in your organization



O CERT Resilience Management Model Appraisal Boot CampTwo-Day Course • Risk Assessment & Insider Threat • 1.5 CEUs


If you are seeking to become an SEI-certified CERT-RMM Lead Appraiser, you must complete this course as part of your certification requirements. This boot camp provides an overview of the CERT-RMM Capability Appraisal Method (CAM) and gives you the knowledge you need to apply your SCAMPI® experience in a CERT-RMM context. The CAM is a tailored version of the SCAMPI method that addresses the unique challenges of appraising capability using CERT-RMM in the operations phase of the lifecycle.

At the boot camp, you learn about important decisions for scoping an appraisal, characterizing practices, and deriving capability levels. You also learn about appraisal considerations for unique CERT-RMM model attributes (e.g., Targeted Improvement Roadmaps). In addition, you learn to properly interpret CERT-RMM process areas that were sourced from CMMI® models, such as Resilience Requirements Development and Organizational Training and Awareness.

After attending the course, you qualify as a candidate CERT-RMM Lead Appraiser.

Who should attend?• candidate CERT-RMM Lead Appraisers

You will learn to• apply the CAM process to perform a CERT-RMM capability appraisal

• identify the major differences in using the SCAMPI process for CERT-RMM appraisals rather than CMMI models

• identify the CERT-RMM fine-grained scoping options: practice-level, asset, and resilience domains

• define and scope a CERT-RMM appraisal

• establish Targeted Improvement Roadmaps to commence a CERT-RMM process improvement effort


® CMMI and SCAMPI are registered marks of CMMI Institute LLC.

Become a CERT-RMM AppraiserSee sei.cmu.edu/certification/opportunities/rmm-la/become-cert-rmm-la.cfm for information.


O CERT Resilience Management Model (CERT-RMM) Users Group Workshop SeriesFour Two-Day Workshops • Risk Assessment & Insider Threat • 2.0 CEUs


You can improve your organizational resilience by attending a year-long series of workshops at an SEI facility. At these workshops, you experience hands-on activities to help you understand, compare, and enhance your organizational resilience using the CERT-RMM as the guide. The focus of each workshop session in the year-long series is guided by the needs of the organizations that register.

Organizations that become a member of the users group receive

• registration for four two-day CERT-RMM workshops at a SEI facility (Participating organizations may send up to three attendees to each workshop.)

• participation in the Introduction to the CERT Resilience Management Model training course, which is delivered during the first workshop

• invitations to contribute to discussion forums and other interim collaboration opportunities, organized and conducted by CERT-RMM technical leaders, between the workshops

Who should attend?• those interested in a deep understanding of operational resilience and would like

to implement the CERT-RMM internally in their organization

• security and business continuity professionals

• process improvement professionals

• operational risk professionals

You will learn to• benchmark your organization’s resilience activities against the CERT-RMM

• begin to answer key resilience measurement and analysis questions about your organization and identify measures you can use to evaluate and improve your resilience

• improve the effectiveness and efficiency of operational risk/management activities

• participate in peer-to-peer comparisons

• reduce the complexity and improve the efficiency of compliance activities



P O S

Assessing Information Security Risk Using the OCTAVE ApproachThree-Day Course • Risk Assessment & Insider Threat • 2 CEUs

sei.cmu.edu/training/P10B.cfm • sei.cmu.edu/training/V22.cfm

In this course, you learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) Allegro method. OCTAVE Allegro focuses on information assets in their operational context to identify and analyze risks based on where they originate and where information is stored, transported, and processed. By focusing on operational risks to information assets, you learn to view risk assessment in the context of your organization’s strategic objectives and risk tolerances.

OCTAVE Allegro satisfies the requirement for an annual risk assessment outlined in paragraph 12.1.2 of Standard PCI-DSS v2.0.

Who should attend?• those who want an in-depth understanding of the OCTAVE Allegro Risk

Assessment Methodology

• security professionals, business continuity planners, compliance personnel, risk managers, and others who require the knowledge and skills to understand operational risk and perform risk assessments

• those who need to perform formal risk assessments to satisfy PCI-DSS requirements

You will learn to• understand the various elements of operational risk

• understand the connections among information security, business continuity, IT operations, and operational risk management

• understand operational risk, threat, vulnerabilities, impact, services, and their related assets

• understand the purpose of the OCTAVE Allegro structured risk management approach

• how to prepare an organization for a risk assessment using OCTAVE Allegro

• how to get started and when to tailor the process to meet unique organizational needs



P O Measuring What Matters: Security Metrics WorkshopTwo-Day Course • Risk Assessment & Insider Threat • 1.3 CEUs

sei.cmu.edu/training/p117.cfm

It is critical to measure the right things to make informed management decisions, take the appropriate actions, and change behaviors. But how do you figure out what those right things are? In this course, you use real-world strategic objectives to develop specific business goals and the applicable questions, indicators, and actionable metrics that you can implement at your own organization to improve your ability to manage operational risks, particularly cybersecurity risks.

Organizations today often make cyber risk management decisions based on fear, uncertainty, and doubt (FUD); the latest attack; compliance mandates (e.g., HIPAA, FISMA, SOX, PCI); and security risk frameworks that have little to do with the way the rest of the organization measures risk and prioritizes operational risk management activities. Instead, an organization’s information risk management approach should align with its business objectives. A measurement approach tied to strategic business objectives ensures that planning, budgeting, and the allocation of operational resources focus on what matters most to the organization. In addition, using such an approach helps identify metrics that may not be worth the investment to collect.

Who should attend?Directors and managers of

• operational risk management

• information technology (IT)

• cybersecurity/information security

• IT and cybersecurity compliance

• IT and cybersecurity audit

• security professionals who support these directors and managers

You will learn to• refine a strategic or business objective that meets that SMARTER criteria—Specific,

Measureable, Achievable, Relevant, Time—bound, Evaluated, Reviewed—and can be used to initiate the Goal–Question–Indicator–Metric (GQIM) process

• identify a core set of business goals based on your business objective

• formulate one or more key questions and indicators for each goal (Answers to the questions help determine how well the goal is being achieved and the indicators further inform the answer to each question.)

• identify one or more metrics for each indicator that most directly informs the answer to one or more questions



S

Insider Threat Awareness TrainingOne-Hour Course • Risk Assessment & Insider Threat

sei.cmu.edu/training/V29.cfm

This course provides you with a basic understanding of insider threats within an organization and what you, as an employee, should be aware are your responsibilities to protect your organization’s critical assets. You learn how your work can be affected and how you can be targeted by insider threats.

This training is necessary for compliance with the anticipated guidelines set forth in the National Industrial Security Program Operating Manual (NISPOM) in accordance with Executive Order 13587.

Who should attend?• all employees (especially those with security clearances)

• senior executives

• insider threat program team members

• insider threat program managers

• contractors and subcontractors

• suppliers and business partners

You will learn to• define an insider and the threats they impose to critical assets

• recall common motivations of malicious insiders

• name different types of insider threats

• recognize how you can become an unintentional insider threat

• discuss impacts to your organization, the general public, and national security

• describe the consequences of being a malicious or unintentional insider

• understand how you can be targeted by a malicious individual as well as external adversaries

• identify reportable behaviors of malicious insiders

• identify steps you can take to protect yourself

• know what to do if you see or suspect an insider threat

• recognize resources available to you in your organization



S

Insider Threat Overview: Preventing, Detecting, and Responding to Insider ThreatsFive-Hour Online Course • Risk Assessment & Insider Threat • 0.5 CEUs


This course provides you with a thorough understanding of insider threat terminology, identifies different types of insider threats, teaches you how to recognize both technical and behavioral indicators, and outlines mitigation strategies.

This training course supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance including Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes set forth in the National Industrial Security Program Operating Manual (NISPOM).

Who should attend?• insider threat program team members


You will learn to• define an insider and the threats he or she can impose to critical assets

• recognize the difference between malicious and unintentional insider threats

• recognize the most common types of insider threats

• identify legislation enacted to help prevent insider threats

• describe the activity, behavioral and technical precursors, and characteristics of fraud and theft of intellectual property

• recognize and avoid unintentional insider threats

• recognize controls to potentially prevent insider attacks

• identify best practices for insider threat mitigation

• recognize the purpose of an insider threat program


Get a certificateThis course is a required component of the Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and Insider Threat Program Evaluator certificate programs. See cert.org/insiderthreat or pages 2–3 for details.


S

Building an Insider Threat ProgramSeven-Hour Online Course • Risk Assessment & Insider Threat • 1.0 CEUs


This course provides you with a thorough understanding of the organizational models for an insider threat program, the necessary components of an effective program, the key stakeholders who must be involved in the process, and basic education on the implementation and guidance of the program.

This training course supports organizations implementing and managing insider threat detection and prevention programs based on various government mandates or guidance including: Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes set forth in the National Industrial Security Program Operating Manual (NISPOM).



You will learn to• state key components of an insider threat program

• identify critical participants in establishing the program

• create an implementation plan and roll-out

• identify the type of staff and skills needed on an insider threat program operational team

• identify the types of policies and procedures needed for an insider threat program

• identify existing policies and procedures to be updated to support the insider threat program

• determine the infrastructure requirements needed to support insider threat program operations

• identify the governance and management support needed to sustain a formal insider threat program


Get a certificateThis course is a required component of the Insider Threat Program Manager, Insider Threat Vulnerability Assessor, and Insider Threat Program Evaluator certificate programs. See cert.org/insiderthreat or pages 2–3 for details.


P O Insider Threat Program Manager: Implementation and OperationThree-Day Course • Risk Assessment & Insider Threat • 2.2 CEUs


This course builds on the concepts in the prerequisite courses Insider Threat Overview: Preventing, Detecting, and Responding to Insider Threats and Building an Insider Threat Program. This course teaches you a process roadmap that you can follow to build a robust insider threat program. The roadmap includes various techniques and methods for developing, implementing, and operating program components.

This course supports organizations implementing and managing insider threat detection and prevention programs based on government mandates or guidance including Presidential Executive Order 13587, the National Insider Threat Policy and Minimum Standards, and proposed changes in the National Industrial Security Program Operating Manual (NISPOM).



You will learn to• identify critical assets and protection schemes

• identify methods to gain management support and sponsorship

• plan implementation of an insider threat program

• identify policy and process updates that accommodate insider threat components

• identify sources and priorities for data collection

• identify infrastructure changes and enhancements necessary for implementing and supporting an insider threat program

• outline operational considerations and requirements needed to implement the program

• build policies and processes to help hire the right staff and develop a culture of security

• improve your security awareness training


This course is recommended for anyone pursuing the certificates for the Insider Threat Vulnerability Assessor or Insider Threat Program Evaluator, but is not required.

Get a certificateThis course is a required component of the Insider Threat Program Manager certificate program. See cert.org/insiderthreat or page 2 for details.


P O Insider Threat Vulnerability Assessor TrainingThree-Day Course • Risk Assessment & Insider Threat • 1.8 CEUs


This course helps you develop the skills and competencies to perform an insider threat vulnerability assessment of an organization. These assessments help you identify issues affecting your organization’s insider threat risk, design and implement tactical countermeasures, and formulate a strategic action plan for long-term risk mitigation.

The vulnerabilities and processes assessed in the class are based on real cases. You learn how to plan and execute an assessment and develop the final evaluation report.

Who should attend? Those interested in performing insider threat vulnerability assessments

To perform assessments using CERT tools, candidate assessors must be sponsored by an approved SEI Partner organization. For more information on the process and associated fees, please refer to SEI Certification Opportunities: sei.cmu.edu/certification/opportunities/index.cfm.

You will learn to• plan and schedule an assessment

• distinguish between capabilities, levels, and indicators

• scope an assessment for particular critical assets or business processes

• develop a data collection plan

• interview assessed organization’s staff to corroborate performance of indicators

• enter evidence into the Joint Assessment Tool (JAT)

• substantiate evidence of indicators being met and score capabilities

• write sections of the assessment report

• defend results presented in the assessment report


License the ITVA toolOrganizations can license the CERT Insider Threat Vulnerability Assessment tool for internal use or to assess others for potential vulnerabilities. See sei.cmu.edu/certification/opportunities/itva/index.cfm for more information.

Get a certificateThis course is a required component of the Insider Threat Vulnerability Assessor certificate program. See cert.org/insiderthreat or page 3 for details.


P L

SGMM Navigator TrainingTwo-Day Online Course • Risk Assessment & Insider Threat • 1.8 CEUs


This course introduces the Smart Grid Maturity Model (SGMM) Navigation process to those interested in becoming an SEI-certified SGMM navigator. The SGMM navigation process provides utilities with essential planning support and positions the navigator to initiate new engagements and gain follow-on work with utility customers.

Using an interactive virtual classroom environment and a case study that simulates all aspects of the SGMM navigation process, you explore the SGMM’s 175 aspects of smart grid implementation. Developed by utilities for utilities, the SGMM is a comprehensive analysis and planning tool.

To complete the course, participants must pass a final examination, available at commercial testing centers.

Who should attend?• systems integrators

• consultants

• vendors

• those who want to assist utilities through SGMM planning and implementation

You will learn to• deliver an SGMM overview

• plan and conduct a survey workshop for a utility that results in high-integrity data

• validate and analyze SGMM Compass survey data to produce findings

• plan and conduct an aspirations workshop that establishes a profile of the utility’s smart grid aspirations

• understand roles, responsibilities, and how to become an SEI-Certified SGMM Navigator

• understand the utility industry and provide additional value to your customers


Become a certified SGMM NavigatorSee sei.cmu.edu/certification/opportunities/sgmm/index.cfm for information.

Become licensed to use NavigatorOrganizations can license SGMM Navigator for internal use or to evaluate the effectiveness of other programs. See sei.cmu.edu/certification/opportunities/sgmm/ for information.


CERT STEPfwd Platformhttps://stepfwd.cert.org/lms

CERT STEPfwd (Simulation, Training, and Exercise Platform) combines extensive research and innovative technology to offer a new solution to cybersecurity workforce research and development, helping you and your team achieve a continuous cycle of professional development.

Platform features• Get access to a rich library of cybersecurity and information assurance training.

• Become part of a virtual classroom that enables you to attend lectures, watch demonstrations, and conduct hands-on labs.

• View and manage members of your organization’s workforce as they progress toward training objectives.

Learn anywhere, anytimeCERT STEPfwd makes components from traditional classroom training, including lectures, slide presentations, hands-on labs, team exercises, and quizzes, available from the convenience of a web browser. It provides you with a robust, cost-effective training and education option, focused on ensuring that personnel are able to resist, recognize, and recover from attacks on networked systems.

Learning componentsThe four learning components of CERT STEPfwd are

1. On-demand lectures. Recorded lectures on information security topics are captured from original classroom instruction and converted to an online format that includes audio transcripts. Materials are available in PDF format, and narrated demonstrations are used to explain specific techniques and technologies. Enhancements include an HTML5 video player and mobile device delivery capabilities.

2. Hands-on labs. You can get access to hundreds of hands-on training labs in an isolated virtual environment. These labs are designed to build student skill sets and can range from simple tool and technique familiarization to more complex course capstone events. Each lab includes a manual that provides context for the subject, a network map of machines students will interact with, and a series of step-by-step instructions with screenshots. These labs are not simulations; students provision real servers in preconfigured networks and access them in a web browser without modifying their own computers. Multiple connection options to the STEPfwd hands-on virtual labs are available including HTML5, ActiveX, Java, and using a native RDP Client.


3. Team cyber exercises. Designed to address the challenges of realism and scalability of scenario-based cybersecurity exercises and simulations, STEPfwd provides a platform for team experience building by enabling delivery of customized, full-scale cybersecurity exercises that simulate real-world scenarios and environments. Multiple instantiations of the same exercise can be deployed simultaneously to accommodate a large number of participants. The platform provides easy access to thousands of virtual machine templates; automated deployment, removal, and reset of entire virtual topologies; automated and bulk execution of commands on virtual hosts; integration of thousands of virtual and physical devices to support large-scale events; and incorporation of large multi-use “Internet” topologies.

4. Progress and completion reporting. Quizzes are used to test mastery of the content through a variety of question types. A robust learning management system helps organizations manage enrollments and track student progress.

Get an accountAccounts are priced on a per person basis; each account provides access to the platform and content for a 12-month period. Contact us to request an account.

Software Engineering Institute4500 Fifth Avenue, Pittsburgh, PA 15213-2612Phone: 412.268.5800 | 888.201.4479Web: www.sei.cmu.edu | www.cert.orgEmail: [email protected]


Next Steps: Register for a Coursecert.org/training/

How to registerYou can register for many SEI courses online. Some courses require an application process. Please visit the SEI training website to submit your course registration and payment. Once your registration is processed, you receive an email confirming course delivery details (e.g., start time, hotel, and accommodations). Use the URL provided on each page of this catalog to access details about individual courses and to register.

Register earlyThe number of students per course is limited, and many courses fill to capacity. Submit your registration early to ensure your space in your preferred course.

What’s includedYour course fee includes

• comprehensive course materials

• a certificate of completion

• continental breakfasts, refreshment breaks, and lunches (classroom training only)

Pricing guidelinesAll courses list prices for different types of students: government, academic, industry, and international.

• Government pricing applies to all U.S. government employees (federal, state, local). This pricing does NOT apply to government contractors.

• Academic pricing applies to all employees and students of a U.S. academic/educational organization (university, college, institute).

• Industry pricing applies to all employees located within the United States. This pricing applies to government contractors, general industry, non-government employees, and those not part of an academic institution.

• International pricing applies to anyone whose office is located outside the United States. If a course is offered outside of the U.S., international rates still apply, regardless of the proximity of the course to the attendee’s office.

Forms of payment accepted• Credit card (Visa, MasterCard, or American Express)

• Check

• Company or government purchase order

• Wire transfer

Cancellation and refundsThe SEI issues refunds (less a $75 administrative fee) if you submit a written cancellation that is received at least three weeks before the course begins. Refunds are not given for courses missed due to acts of nature.


Substitutions and transfersYou may send a substitute attendee to an SEI course (provided that the substitute meets the prerequisites) by emailing a request prior to the start of the course.

By sending a written request, you may transfer registration fees from one SEI course offering to another that occurs within 12 months. There is no charge for the first transfer if your request is received at least three weeks before the course begins. Transfer requests received later than three weeks before the course begins and all subsequent transfers incur a $50 administrative fee.

Public training policiesThe SEI accepts qualified registrants for training on a first-come, first-served basis. Dates and prices are subject to change. The SEI reserves the right to cancel a course offering due to low enrollment.

Travel planningThe SEI training website provides lodging recommendations for courses held at SEI offices in Pittsburgh, Pennsylvania and Arlington, Virginia. For training events at other locations, the SEI attaches travel and lodging information to the email that confirms your registration. You are responsible for arranging your own travel and lodging accommodations.

Continuing education unitsUpon successful completion of SEI courses, you are awarded Continuing Education Units (CEUs). The number of CEUs earned for a course are included on the certificate of course completion.

Statement of accessibilityCarnegie Mellon University makes every effort to provide accessible facilities and programs for individuals with disabilities. To arrange accommodations/services, please contact the SEI by email ([email protected]) or telephone (412-268-7622) at least three weeks prior to the course start date.

The Software Engineering Institute (SEI) is a federally funded research and development center (FFRDC) sponsored by the U.S. Department of Defense and operated by Carnegie Mellon University. The SEI mission is to advance software engineering and related disciplines to ensure systems with predictable and improved quality, cost, and schedule.

Family Educational Rights and Privacy Act of 1974 (FERPA) Course participant records created at the SEI in connection with SEI education and training courses are strictly confidential, and their protection is mandated under federal legislation known as the Family Educational Rights and Privacy Act of 1974 (FERPA)

CopyrightsCarnegie Mellon University SEI-authored documents are sponsored by the U.S. Department of Defense under Contract FA8721-05-C-0003.

Carnegie Mellon University retains copyrights in all material produced under this contract. The U.S. government retains a non-exclusive, royalty-free license to publish or reproduce these documents, or allow others to do so, for U.S. government purposes only pursuant to the copyright license under the contract clause at 252-227-7013.

For information and guidelines regarding permission to use specific copyrighted materials owned by Carnegie Mellon University (e.g., text and images), see Permissions at www.sei.cmu.edu/legal/permission/. If you do not find the copyright information you need, please consult your legal counsel for advice.

Trademarks and Service MarksCarnegie Mellon Software Engineering Institute (stylized), Carnegie Mellon Software Engineering Institute (and design), and the stylized hexagon are trademarks of Carnegie Mellon University.

® Architecture Tradeoff Analysis Method, ATAM, Capability Maturity Model, Carnegie Mellon, CERT, CERT Coordination Center, CMM, and FloCon are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.

SM CMM Integration, Personal Software Process, PSP, SEPG, Team Software Process, and TSP are service marks of Carnegie Mellon University.

® CMMI and SCAMPI are registered marks of CMMI Institute LLC.

For information and guidelines regarding the proper referential use of Carnegie Mellon University service marks and trademarks, see Trademarks and Service Marks at www.sei.cmu.edu/legal/marks/.

©2017 by Carnegie Mellon University

CERT CYBERSECURITY TRAINING & EDUCATION COURSE CATALOG 2017CVR4

©2017 Carnegie Mellon University | 4629 | 04.11.2017

About UsFor nearly 30 years, the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University has been a leader in cybersecurity. Originally focused on incident response, we have expanded into cybersecurity areas such as network situational awareness, malicious code analysis, secure coding, resilience management, insider threats, digital investigations and intelligence, workforce development, DevOps, forensics, software assurance, vulnerability discovery and analysis, and risk management. To learn more, visit our website at www.cert.org or send us an email at [email protected].

Contact UsSoftware Engineering Institute 4500 Fifth Avenue, Pittsburgh, PA 15213-2612

Phone: 412.268.5800 | 888.201.4479 Web: www.sei.cmu.edu | www.cert.org Email: [email protected]

cert cybersecurity training & education course catalog · pdf...

Documents