cisa | cybersecurity and infrastructure security … · qualifies teams to conduct assessments...
TRANSCRIPT
![Page 1: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/1.jpg)
C I S A | C Y B E R S E C U R I T Y A N D I N F R A S T R U C T U R E S E C U R I T Y A G E N C Y
CISA CYBER MISSION ANDCYBER RESOURCES
GeorgeW.ReevesCybersecurityAdvisorRegionVI|SouthTexas&NewMexico
![Page 2: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/2.jpg)
2
![Page 3: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/3.jpg)
![Page 4: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/4.jpg)
4
The Nation’sRisk Advisors
![Page 5: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/5.jpg)
5
Significance of Critical Infrastructure
Americaremainsatriskfromavarietyofthreatsincluding:• ActsofTerrorism• CyberAttacks• ExtremeWeather• Pandemics• AccidentsorTechnicalFailures
CriticalInfrastructurereferstotheassets,systems,andnetworks,whetherphysicalorcyber,sovitaltotheNationthattheirincapacitationordestructionwouldhaveadebilitatingeffectonnationalsecurity,theeconomy,publichealthorsafety,andourwayoflife.
![Page 6: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/6.jpg)
6
Critical Infrastructure SectorsCISAassiststhepublicandprivatesectorssecureitsnetworksandfocusesonorganizationsinthefollowing16criticalinfrastructuresectors.
![Page 7: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/7.jpg)
7
Cybersecurity Advisors (CSAs)Toprovidedirectcoordination,outreach,andregionalsupportinordertoprotectcybercomponentsessentialtothesustainability,preparedness,andprotectionoftheNation’sCriticalInfrastructureandKeyResources(CIKR)andState,Local,Tribal,andTerritorial(SLTT)governments.
• Assess:Evaluatecriticalinfrastructurecyberrisk.• Promote:Encouragebestpracticesandriskmitigationstrategies.• Build:Initiate,developcapacity,andsupportcybercommunities-of-interestandworkinggroups.• Educate:Informandraiseawareness.• Listen:Collectstakeholderrequirements.• Coordinate:Bringtogetherincidentsupportandlessonslearned.
![Page 8: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/8.jpg)
8
Critical Infrastructure Sectors
Cybersecurity Resources
![Page 9: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/9.jpg)
9
Cybersecurity Resources and Assessments
RegionalResources:- CyberResilienceReview(CRR)- ExternalDependenciesManagement(EDM)- CyberInfrastructureSurvey(CIS)- Workshops(IncidentMgmt,Resilience)
NationalResources:- PhishingCampaignAssessment(PCA)- CyberTabletopExercises(CTTX)- VulnerabilityScanningService(CyHy)
- WebApplicationScanning(WAS)- ValidatedArchitectureDesignReview(VADR)- RedTeamAssessment(RTA)- Risk&VulnerabilityAssessment(RVA)/(RPT) TECHNICAL
(LOW-LEVEL)
![Page 10: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/10.jpg)
10
Cyber Resilience Review (CRR)Purpose:TheCRRisanassessmentintendedtoevaluateanorganization’soperationalresilienceandcybersecuritypracticesofitscriticalservicesDelivery:TheCRRcanbe
• Facilitated• Self-administered
• Helpspublicandprivatesectorpartnersunderstandandmeasurecybersecuritycapabilitiesastheyrelatetooperationalresilienceandcyberrisk
• BasedontheCERT®ResilienceManagementModel(CERT®RMM)
![Page 11: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/11.jpg)
11
External Dependency Management (EDM)Overview:In2016,DHSlaunchedtheExternalDependenciesManagement(EDM)Assessment,focusingspecificallyonensuringtheprotectionandsustainmentofservicesandassetsthataredependentontheactionsofthird-partyentities.Background:ExternalDependenciesManagementisadomaincoveredbytheCRR.However,EDMandassociatedissues(e.g.,supply-chainmanagement,vendormanagement)arenotaddressedatacomprehensivelevelwithintheCRR,resultinginthecreationofaseparateassessment.LinkagestoCRR:DespiteoperatingatamoregranularlevelthantheCRR,theEDMAssessmentborrowsheavilyfromtheCRR’smethodologicalarchitectureandscoringsystembutremainsaDHS-facilitatedassessment.
EDM process outlined in the External Dependencies Management Resource
Guide
![Page 12: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/12.jpg)
12
Cybersecurity Infrastructure Survey (CIS)Structured,interviewbasedassessment(2½to4hours)ofessentialcybersecuritypracticesin-placeforcriticalserviceswithinyourorganization
Identifiesinterdependencies,capabilities,andtheemergingeffectsrelatedtocurrentcybersecurityposture
Focusesonprotectivemeasures,threatscenarios,andaservicebasedviewofcybersecurityincontextofthesurveyedtopics
BroadlyalignstotheNationalInstituteofStandardsandTechnology(NIST)CybersecurityFramework(CSF)
![Page 13: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/13.jpg)
13
Workshops
CyberResilienceWorkshop• RaiseawarenesstogapsincybermanagementpracticesandtoprocessimprovementsforCIKRandSLTTcommunities.
• Introducesstakeholdersandpractitionerstocyberresilienceconceptsinkeyperformanceareasrelatedtocybersecurity,IToperations,andbusinesscontinuity.
• Reinforcecybersecuritybestpracticesandexamineresilienceconceptsandobjectives.
IncidentManagementWorkshop• Enhancecyberincidentresponseanddiscussfederalcoordinationforincidentnotification,containment,andrecovery.
• WillassistyouinengagingExecutivePersonnelinthecreationofpolicy(ies)necessaryforplandevelopment.
• Provideinsightandastartingpointforyoutocreateyourplan.
![Page 14: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/14.jpg)
14
Critical Infrastructure Sectors
National Cyber Resources
![Page 15: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/15.jpg)
15
Validated Architecture Design Review (VADR)
AnassessmentbasedonFederalandindustrystandards,guidelines,andbestpractices.AssessmentscanbeconductedonInformationTechnology(IT)orOperationalTechnology(OT)infrastructures(ICS-SCADA).
• ReducerisktotheNation’sCriticalInfrastructurecomponents• Analyzesystemsbasedonstandards,guidelines,andbestpractices
• Ensureeffectivedefense-in-depthstrategies• Providefindingsandpracticalmitigationsforimprovingoperationalmaturityandenhancingcybersecurityposture
![Page 16: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/16.jpg)
16
Vulnerability Scanning Service (CyHy)AssessInternetaccessiblesystemsforknownvulnerabilitiesandconfigurationerrors
Workwithorganizationtoproactivelymitigatethreatsandriskstosystems
Activitiesinclude:• NetworkMapping
Ø IdentifypublicIPaddressspaceØ IdentifyhoststhatareactiveonIPaddressspaceØ DeterminetheO/SandServicesrunningØ Re-runscanstodetermineanychangesØ Graphicallyrepresentaddressspaceonamap
• NetworkVulnerability&ConfigurationScanningØ Identifynetworkvulnerabilitiesandweakness
![Page 17: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/17.jpg)
17
Web Application Scanning (WAS)AnInternetbasedscanningservicetoassessthe“health”ofyourpubliclyaccessiblewebapplicationsbycheckingforknownvulnerabilitiesandweakconfigurations.
SCANNINGOBJECTIVES•Maintainenterpriseawarenessofyourpubliclyaccessibleweb-basedassets•Provideinsightintohowsystemsandinfrastructureappeartopotentialattackers•Driveproactivemitigationofvulnerabilitiestohelpreduceoverallrisk
SCANNINGPHASES•DiscoveryScanning:Identifyactive,internet-facingwebapplications•VulnerabilityScanning:Initiatenon-intrusivecheckstoidentifypotentialvulnerabilitiesandconfigurationweaknesses
![Page 18: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/18.jpg)
18
Phishing Campaign Assessment (PCA)Objectives:• Increasecybersecurityawarenesswithinstakeholderorganizations• Decreaseriskofsuccessfulmaliciousphishingattacks,limitexposure,reduceratesofexploitation
Benefits:Ø ReceiveactionablemetricsØ Highlightneedforimprovedsecurity
Training
Scope:Ø 6-weekengagementperiodØ Phishingemailscaptureclick-rateonly,nopayloadswillbeusedØ VaryingLevelsofComplexity-- Levels1- 6(EasytoDifficult)
![Page 19: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/19.jpg)
19
Red Team Assessment (RTA)
AcomprehensiveevaluationofanITenvironment.SimulationofAdvancedPersistentThreats(APT),canassiststakeholdersindeterminingtheirsecurityposturebytestingtheeffectivenessofresponsecapabilitiestoadeterminedadversarialpresence.RTAsarecraftedspecificallytotestthepeople,processes,andtechnologiesdefendinganetwork.
• Teststakeholder’snetworksusingrealworldAPTattackermethodologies
• Evaluatepeople,processes,andtechnologiesresponsiblefordefendingthestakeholder’snetwork
• Providestakeholderexecutivesactionableinsighttotheircybersecuritypostureandpracticaltrainingfortechnicalpersonnel
![Page 20: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/20.jpg)
20
Risk and Vulnerability Assessment (RVA)Apenetrationtest,ortheshortformpentest,isanattackonacomputersystemwiththeintentionoffindingsecurityweaknesses,potentiallygainingaccesstoit,itsfunctionalityanddata.• Involvesidentifyingthetargetsystemsandthegoal,thenreviewingtheinformationavailableandundertakingavailablemeanstoattainthegoal
• Apenetrationtesttargetmaybeawhitebox(whereallbackgroundandsysteminformationisprovided)orblackbox(whereonlybasicornoinformationisprovidedexceptthecompanyname)
• Apenetrationtestwilladviseifasystemisvulnerabletoattack,ifthedefensesweresufficientandwhichdefenses(ifany)weredefeatedinthepenetrationtest
![Page 21: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/21.jpg)
21
Remote Penetration Test (RPT)Utilizesadedicatedremoteteamtoassessandidentifyvulnerabilitiesandworkwithcustomerstoeliminateexploitablepathways.
Ø Focusesonexternallyaccessiblesystems
SCENARIOS:Ø ExternalPenetrationTest:Verifyingifthestakeholdernetworkisaccessiblefromthepublicdomainbyanunauthorizeduserbyassessingopenports,protocols,andservices.
Ø ExternalWebApplicationTest:Evaluatingwebapplicationsforpotentialexploitablevulnerabilities;thetestcanincludeautomatedscanning,manualtesting,oracombinationofbothmethods.
Ø PhishingAssessment:Testingthroughcarefullycraftedphishingemailscontainingavarietyofmaliciouspayloadstothetrustedpointofcontact.
![Page 22: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/22.jpg)
22
Critical Infrastructure Sectors
Information Sharing
![Page 23: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/23.jpg)
23
Automated Indicator Sharing (AIS)
• Automated Indicator Sharing (AIS): Rapid and wide sharing of machine-readable cyber threat indicators and defensive measures at machine-speed for network defense purposes
• AIS is about volume and velocity of sharing indicators, not human validation.
![Page 24: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/24.jpg)
24
Homeland Security Information Network (HSIN)The Homeland Security Information Network (HSIN) provides you with a central, online location for information sharing and collaboration.
A network designed by users, for users
A trusted, secure, virtual platform to work withhomeland security partners in real-time
A platform that supports daily operations, plannedevents and exercises, and incident response
Access HSIN 24x7 through your:
Use HSIN if you want to:q Utilize a trusted, secure network to get information about incidents, plan security for large-
scale events or conduct daily operationsq Share information with trusted colleagues and partners for mission supportq Use geospatial tools to map materials, resources and intelligence informationq Chat securely during emergencies or training exercisesq Send alerts and notifications to your qualified colleagues
For more information, contact the HSIN Outreach Team [email protected] or visit our website at www.dhs.gov/hsin.
![Page 25: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/25.jpg)
25
Critical Infrastructure Sectors
Additional Cyber Resources
![Page 26: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/26.jpg)
26
Enhanced Cybersecurity Services (ECS)AnintrusionpreventioncapabilitythathelpsU.S.-basedcompaniesprotecttheirnetworksagainstunauthorizedaccess,exploitation,anddataexfiltration.
DHSsharessensitiveandclassifiedcyberthreatinformationwithaccreditedCommercialServiceProviders,whousethatinformationtoblockcertaintypesofmalicioustrafficfromenteringtheircustomers’networks.
ECSismeanttoaugment,butnotreplace,yourexistingcybersecuritycapabilities.
Currentlyoffersthefollowingservices:• DNSSinkholing:whichblocksaccesstospecificmaliciousdomains• Email(SMTP)Filtering:whichblocksemailwithspecifiedmaliciouscriteria• Netflow Analysis:whichusespassivedetectiontoidentifythreats
Ifyou’reinterested,contactoneofouraccreditedCommercialServiceProviders:AT&T,CenturyLink,orVerizon.
![Page 27: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/27.jpg)
27
National Cyber Exercise & Planning Program NCEPPdesigns,develops,conducts,andevaluatescyberexercisesrangingfromsmall-scale,limitedscope,discussion-basedexercisestolarge-scale,internationally-scoped,operations-basedexercises.
NCEPPoffersthefollowingservicesatno-costonanas-neededandas-availablebasis:• CyberStormExercise(DHS’sflagshipnationallevelcyberexercise)• CyberGuardPrelude• End-to-EndCyberExercisePlanning• CyberExerciseConsulting• CyberPlanningSupport• Exercise-In-A-Box
![Page 28: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/28.jpg)
28
ICS Training OpportunitiesICS-CERT Virtual Learning Portal (VLP)• Virtual&InstructorLedTraining• NoCostCourses:• IntroductiontoControlSystems
Cybersecurity(101)- 8hrs• IntermediateCybersecurityfor
IndustrialControlSystems(201)- 8hrs• IntermediateCybersecurityfor
IndustrialControlSystems(202)- 8hrs• ICSCybersecurity(301)- 5days• ICSCybersecurity(401)- 5days
https://ics-cert-training.inl.gov/learn
![Page 29: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/29.jpg)
29
Cyber Assessment Qualification Initiative (CQI)
QualifiesteamstoconductassessmentsfollowingCISAstandardsandmethodologies.
CQIisafour-daycoursethatenablesorganizationalteamstolearnandapplyofferedCISAassessmentmethodologiesusingtheCERTSimulated,Training,andExercisePlatform.
CQIwillinitiallyfocusonCISA’sRiskandVulnerabilityAssessments(RVAs).
CQIOBJECTIVES• Qualifyteamstoconductassessmentsinaconsistentmanner.• ProvideCISAwithnon-attributabledatathatwillaideininformingthe
creationandimprovementofcybersecuritypoliciesthroughdata-drivendecision-making.
• StandardizeCISA-offeredassessmentsacrossitsstakeholdersforthird-partyandself-assessmentimplementation.
![Page 30: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/30.jpg)
30
Critical Infrastructure Sectors
Incident Reporting
![Page 31: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/31.jpg)
31
Incident Reporting / Malware Analysis24x7 contact number: 888-282-0870 | [email protected]
Where/How/WhentoReport:https://www.us-cert.gov/forms/report• Ifthereisasuspectedorconfirmedcyberattackorincidentthat:• Affectscoregovernmentorcriticalinfrastructurefunctions;• Resultsinthelossofdata,systemavailability;orcontrolofsystems;• Indicatesmalicioussoftwareispresentoncriticalsystems
AdvancedMalwareAnalysisCenter:• Provides24x7dynamicanalysesofmaliciouscode.Stakeholderssubmitsamplesviaanonlinewebsiteandreceiveatechnicaldocumentoutliningtheresultsoftheanalysis.Expertswilldetailrecommendationsformalwareremovalandrecoveryactivities.
• WebSubmission:https://malware.us-cert.gov
![Page 32: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/32.jpg)
32
Hunt & Incident Response Team (HIRT)
![Page 33: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/33.jpg)
33
GeorgeW.ReevesCybersecurityAdvisor,RegionVISouthTexas&NewMexicoRegionsEmail:[email protected]:(281)714-1259
![Page 34: CISA | CYBERSECURITY AND INFRASTRUCTURE SECURITY … · Qualifies teams to conduct assessments following CISA standards and methodologies. CQI is a four-day course that enables organizational](https://reader034.vdocuments.site/reader034/viewer/2022052022/60378ffc0b6e7851a22065c1/html5/thumbnails/34.jpg)