Information Security Courses
Developed by the SEI's CERT Program, Information Security training is focused on ensuring that software developers, internet security experts, network and system administrators, and others are able to resist, recognize, and recover from attacks on networked systems.
Overview of Creating and Managing CSIRTs
This one-day course provides a consolidated view of information that is contained in two other CERT courses: Creating a CSIRT and Managing CSIRTs. Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT). The course will explore the relationship between CSIRTs, incident management, and security management and discuss how successful incident management requires an enterprise view and approach. It will present a process-based model for structuring incident management activities and also provide an introductory view of CSIRTs to anyone new in the field. Basic topics discuss the purpose and structure of CSIRTs and a high-level overview of the key issues and decisions that must be addressed in establishing and maintaining a CSIRT. Other topics include a discussion of CSIRT services as well as key policies, procedures, methods, tools, and infrastructure components that are needed to effectively operate a CSIRT.
Creating a Computer Security Incident Response Team
This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can be used as a starting point in planning and implementing their CSIRT.
Malware Analysis Apprenticeship
This five-day hands on course provides participants with an opportunity to learn best practices for analyzing malicious code. In addition to classroom instruction and hands-on exercises, attendees will be given real-world malicious code samples to dissect. Participants will acquire a fundamental understanding of a variety of malware analysis tools and techniques which can directly support their organization's incident response efforts and increase performance in their functional role(s).
Managing Computer Security Incident Response Teams
This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with an overview of the incident handling process and the types of tools and infrastructure needed to be effective.
Fundamentals of Incident Handling
This five-day course is for computer security incident response team (CSIRT) technical personnel with little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their job. This course is recommended to those new to incident handling work.
Advanced Incident Handling
This five-day course, designed for computer security incident response team (CSIRT) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks that are targeted at a variety of operating systems and architectures. Building on the methods and tools discussed in the Fundamentals of Incident Handling course, this course provides guidance that incident handlers can use in responding to system compromises at the privileged (root or administrator) level. Through interactive instruction, facilitated discussions, and group exercises, instructors help participants identify and analyze a set of events and then propose appropriate response strategies.
Information Security for Technical Staff
This five-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations. The courses focus on understanding and applying the concept of survivability through the effective management of risk, threats, policy, system configuration, availability, and personnel. The course also addresses incident response and provides a technical foundation for working with TCP/IP security and cryptography. The final section of the course helps participants learn to design a secure network architecture managing host systems, securing network services and infrastructure, working with firewalls, and understanding intrusion detection and prevention.
Information Security for Technical Staff - eLearning
The course focuses on understanding and applying the concept of survivability through the effective management of risk, threats, policy, system configuration, availability, and personnel. The course also addresses incident response and provides a technical foundation for working with TCP/IP security and cryptography. The final section of the course helps participants learn to design a secure network architecture managing host systems, securing network services and infrastructure, working with firewalls, and understanding intrusion detection and prevention.
Applied Cybersecurity, Incident Response and Forensics
This five-day hands-on course is designed to increase the knowledge and skills of technical staff charged with administering and securing information systems and networks. Security topics such as vulnerability assessment, systems administration, network monitoring, incident response, and digital forensics will offer a comprehensive defense-in-depth experience. Each participant will have direct administrative access to a wide variety of networked systems (Windows, Linux and Cisco), which will be modified and instrumented throughout the course. Instruction will consist of individual labs and team-based exercises modeled from real-world threat scenarios.
Assessing Information Security Risk Using the OCTAVE Approach
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) approach. The OCTAVE approach provides organizations a comprehensive methodology that focuses on information assets in their operational contexts. Risks are identified and analyzed based on where they originate—at the points where information is stored, transported, and processed. By focusing on operational risks to information, participants learn to view risk assessment in the context the organization's strategic objectives and risk tolerances.
Assessing Information Security Risk Using the OCTAVE Approach - eLearning
The OCTAVE Allegro approach provides organizations a comprehensive methodology that focuses on information assets in their operational context. Risks are identified and analyzed based on where they originate, at the points where information is stored, transported, and processed. By focusing on operational risks to information assets, participants learn to view risk assessment in the context of the organization's strategic objectives and risk tolerances.
Insider Threat Workshop
The CERT Program at Carnegie Mellon University's Software Engineering Institute has been researching insider threats since 2002. Our Insider Threat Study, conducted in partnership with the U.S. Secret Service, collected and analyzed over 150 actual insider threat cases that occurred between 1996 and 2002 and published a series of reports detailing findings and implications of the study. In addition to the initial 150 cases, we have gathered and analyzed approximately 100 additional insider threat cases, from 2002 through the present, to supplement the original Insider Threat Study.
Introduction to the CERT Resilience Management Model
This three-day course introduces a model-based process improvement approach to managing operational resilience using the CERT® Resilience Management Model (CERT-RMM) v1.1. CERT-RMM is a maturity model that promotes the convergence of security, business continuity, and IT operations activities to help organizations actively direct, control, and manage operational resilience and risk. By improving operational resilience processes (such as vulnerability analysis, incident management, and service continuity), an organization can use the model to improve and sustain the resilience of mission-critical assets and services. Because organizations can't plan for every disruption, the maturity model feature of CERT-RMM can be used to measure and improve the consistency and predictability of performance under times of stress.
CERT Resilience Management Model (CERT-RMM) Users Group Workshop Series
Improve your organizational resiliency by attending a year-long series of workshops at the Software Engineering Institute (SEI). You will experience hands-on activities to understand, compare, and enhance your organizational resilience, using the CERT-RMM as the guide. The CERT-RMM helps to ensure that the organization's important assets - people, information, technology, and facilities - stay productive in supporting business processes and services.
CERT Resilience Management Model Appraisal Boot Camp
This two-day course provides an overview of the CERT-RMM Capability Appraisal Method, which addresses the application of the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) for the CERT® Resilience Management Model (CERT-RMM) v1.1. Individuals seeking to become SEI-certified CERT-RMM Lead Appraisers must complete this course as part of their certification requirements.
Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth
This three-day course begins with a brief review of the conceptual foundations of information security. Next, students will be introduced to the CERT Defense-in-Depth Framework: eight operationally focused and inter-dependent management components which will be synergistically applied to a fictitious organization's Information Technology (IT) enterprise. Through lectures, demonstrations, scenario-based exercises, small group activities and open discussions, students will learn high-level best practices for effectively integrating each of these eight components into all aspects of IT operations. Further, the course scenario is used extensively to reinforce these best practices with technical information security implementations.
Engineering Safety- and Security-Related Requirements for Software-Intensive Systems
This two day course covers the intersection of safety-, security-, and requirements engineering. Safety and security have a great deal in common with related concepts, analysis techniques, and goals, to protect valuable assets from unauthorized harm due to dangers (hazards and threats) which naturally suggest a risk-based approach to requirements analysis.
Secure Coding in C and C++
Secure Coding in C and C++ provides practical advice on secure practices in C and C++ programming. Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation.
Advanced Forensic Response and Analysis
The CERT Advanced Forensic Response and Analysis course is designed for computer forensic professionals who are looking to build on a solid knowledge base in incident response and forensic analysis. The goal of the course is to advance collection and processing skills of the students by outlining a structured process or flow to an incident response and intrusion investigation.
Software Assurance Methods in Support of Cyber Security
This workshop is focused on four critical software assurance areas: security requirements, software supply chain assurance, mission thread analysis, and measurement. The purpose of this course is to expose managers, engineers, and acquirers to concepts and resources available now for their use to address software security assurance across the acquisition and development life cycles.
Security Requirements Engineering Using the SQUARE Method
In this workshop we will present an overview of security requirements engineering and the SQUARE methodology. Then we will go through the SQUARE steps in detail. For each step, students will participate in a team case study.
