Advanced Incident Handling |
This five-day course, designed for computer security incident response team (CSIRT) technical personnel with several months of incident handling experience, addresses techniques for detecting and responding to current and emerging computer security threats and attacks that are targeted at a variety of operating systems and architectures. Building on the methods and tools discussed in the Fundamentals of Incident Handling course, this course provides guidance that incident handlers can use in responding to system compromises at the privileged (root or administrator) level. Through interactive instruction, facilitated discussions, and group exercises, instructors help participants identify and analyze a set of events and then propose appropriate response strategies. |
Advanced Information Security for Technical Staff |
This four-day course is designed to increase the depth of knowledge and skills of technical staff charged with administering and securing information systems and networks. |
Assessing Information Security Risk Using the OCTAVE Approach |
In this three-day course, participants learn to perform information security risk assessments using the Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE) approach. The OCTAVE approach provides organizations a comprehensive methodology that focuses on information assets in their operational contexts. Risks are identified and analyzed based on where they originate—at the points where information is stored, transported, and processed. By focusing on operational risks to information, participants learn to view risk assessment in the context the organization's strategic objectives and risk tolerances. |
CMMI and Six Sigma: Strategies for Joint Implementation |
The purpose of this course is to explore and understand strategies, and underlying technical mechanisms, through which CMMI and Six Sigma may be jointly deployed in an organization. Students will explore numerous facets of joint deployment - from benefits, to specific aspects of solution design and sequencing, to considerations for infrastructure and training-via a blend of lecture, illustrations, and exercises. |
CMMI Level 2 for Practitioners |
This three-day course provides students with an understanding of the concepts necessary for achieving and maintaining CMMI Maturity Level 2, including the relationships among CMMI model components. The course is composed of class lectures and exercises presented in a style that creates dialog among students and instructors. |
CMMI Level 3 for Practitioners |
This three day course provides students with an understanding of the concepts necessary for achieving and maintaining CMMI Maturity Level 3, including the relationships among CMMI model components. |
CMMI Version 1.2 Instructor Training |
This course has been updated to support the Version 1.2 CMMI® Product Suite. This three-day course introduces those interested in becoming SEI-authorized Introduction to CMMI Version 1.2 course instructors to details of the CMMI models and the Introduction to CMMI Version 1.2 course. The candidate instructors must have an evident in-depth understanding of CMMI models as well as effective teaching and facilitation skills to satisfactorily complete this course. |
CMMI Version 1.2 Upgrade Training |
This online training provides students who have taken CMMI Version 1.1 training the opportunity to understand the changes and improvements made in CMMI Version 1.2. It will help you to successfully make the transition from CMMI Version 1.1 to the updated Version 1.2 of the CMMI model, method and training. It does not matter which version of the Introduction to CMMI course that you attended (staged, continuous, or staged and continuous). The materials are designed to provide a general insight into the changes but also include refresher materials on important CMMI concepts. |
CMMI-Based Process Improvement Overview |
This one-day course introduces executives, managers, potential sponsors, champions, and practitioners of process improvement to the fundamental concepts of Capability Maturity Modeling® and the value it can bring to organizations using a CMMI® model. It also describes an approach to model-based process improvement and provides some recommendations on how to initiate and sustain a process improvement initiative within an organization based upon the SEI's IDEAL model. These models and approaches are pragmatic applications of proven management and quality improvement concepts for product development, acquisition, and maintenance. They are de facto standards developed and owned by the product development community and are models for organizational improvement. |
Consulting Skills Workshop |
The Consulting Skills Workshop provides managers responsible for organizational change with a practical, six-phase model for working effectively with client groups - those who implement and are affected by the change. Particular attention is paid to managing expectations among change agents, managers, executives, and other members of the organization. This workshop teaches participants to act as internal consultants to their own organizations, working to involve clients in all phases of problem identification and solution. At the end of a consulting assignment, clients are able to sustain the changes in their organization. Participants learn techniques and methods to use every day, such as forming collaborative working relationships, negotiating roles and expectations with clients, collecting and using data effectively throughout the consultation process, and handling difficult situations that occur when circumstances change in the organization. Role plays, discussion of current situations faced by participants, and an extended case study provide opportunities to practice newly learned skills. |
Creating a Computer Security Incident Response Team |
This one-day course is designed for managers and project leaders who have been tasked with implementing a computer security incident response team (CSIRT). This course provides a high-level overview of the key issues and decisions that must be addressed in establishing a CSIRT. As part of the course, attendees will develop an action plan that can be used as a starting point in planning and implementing their CSIRT. |
Defining Software Processes |
This three-and-one-half-day course introduces participants to skills, methods, and techniques needed to define their processes, and gives them an opportunity to practice and gain experience using these skills, methods, and techniques. After attending, participants will be able to effectively work as a team to document their current processes, specify improvements, and define new processes. Issues related to implementation are also briefly addressed. |
Designing Products and Processes Using Six Sigma |
This five-day course takes a hands-on, measurement-oriented approach to product development, providing participants with a toolkit of analysis methods and leveraging industry best practices, such as the Design-for-Six-Sigma methodology of DMADV (Define, Measure, Analyze, Design, Verify) and CMMI High Maturity. This course builds upon basic statistical concepts from the Improving Process Performance Using Six Sigma course. More advanced and powerful analytical methods are introduced through short lectures and extensive hands-on practice sessions using problems traditionally faced by new product development teams. Participants learn a framework in the form of tools, methods, and practices for analyzing data to make more informed business decisions about project management (quality, schedule, and cost) and process and product performance. The ways in which these quality measurement practices relate to improvement models such as the Capability Maturity Model Integration (CMMI) are also discussed. |
Designing Products and Processes Using Six Sigma Instructor Training |
This two-day course is for those interested in becoming SEI-Certified Instructors of the Designing Products and Processes Using Six Sigma (DPPSS) course. The DPPSS course introduces a method and toolbox originating from the Design-for-Six-Sigma paradigm called Define-Measure-Analyze-Design-Verify (DMADV). The method can be used for designing products and processes based on performance. This instructor training course is composed of lectures and participant presentations of DPPSS course material. Candidate instructors must demonstrate an in-depth understanding of the DPPSS material and have effective instructional and facilitation skills. Other required qualifications are specified at http://www.sei.cmu.edu/certification/measurement/dppss/. |
Fundamentals of Incident Handling |
This five-day course is for computer security incident response team (CSIRT) technical personnel with little or no incident handling experience. It provides a basic introduction to the main incident handling tasks and critical thinking skills that will help an incident handler perform their job. This course is recommended to those new to incident handling work. |
Improving Process Performance Using Six Sigma |
This five-day course takes a hands-on, problem-solving approach to data analysis, providing participants with a toolkit of analysis methods and leveraging industry best practices such as Six Sigma and Goal-Driven Software Measurement. |
Improving Process Performance Using Six Sigma Instructor Training |
This two-day course is for those interested in becoming SEI-Certified Instructors of the Improving Process Performance Using Six Sigma (IPPSS) course. The IPPSS course introduces a method for driving improvement based on performance using a method and toolbox originating with the Six Sigma DMAIC paradigm. This instructor training course is composed of lectures and participant sharing of experience, analogies and "war stories" of topics taught within the IPPSS course material. Candidate instructors must demonstrate an in-depth understanding of the IPPSS material and have effective instructional and facilitation skills. Other required qualifications are specified at http://www.sei.cmu.edu/certification/measurement/ippss/. A number of pre-course exercises must be submitted to determine if applicants are prepared to take this course. |
Information Security for Technical Staff |
This five-day course is designed to provide participants with practical techniques for protecting the security of an organization's information assets and resources, beginning with concepts and proceeding on to technical implementations. The courses focus on understanding and applying the concept of survivability through the effective management of risk, threats, policy, system configuration, availability, and personnel. The course also addresses incident response and provides a technical foundation for working with TCP/IP security and cryptography. The final section of the course helps participants learn to design a secure network architecture managing host systems, securing network services and infrastructure, working with firewalls, and understanding intrusion detection and prevention. |
Insider Threat Workshop |
The CERT Program at Carnegie Mellon University's Software Engineering Institute has been researching insider threats since 2002. Our Insider Threat Study, conducted in partnership with the U.S. Secret Service, collected and analyzed over 150 actual insider threat cases that occurred between 1996 and 2002 and published a series of reports detailing findings and implications of the study. In addition to the initial 150 cases, we have gathered and analyzed approximately 100 additional insider threat cases, from 2002 through the present, to supplement the original Insider Threat Study. |
Intermediate Concepts of CMMI Version 1.2 |
This course has been updated to support Version 1.2 of the CMMI Product Suite. This five-day course introduces candidate SCAMPI Lead Appraisers, candidate CMMI instructors, systems and software engineers, engineering process group (e.g., EPG, SEPG) members, and others to detailed CMMI concepts, including the relationships among CMMI model components. CMMI models are tools that organizations can use to help improve their ability to develop and maintain quality products and services. |
Intermediate Concepts of People CMM |
This five-day course introduces attendees to detailed People CMM® concepts, including the relationships among People CMM model components. The People CMM is a framework that organizations can use to help improve their ability to ensure that their staff members have the competencies to achieve an organization's current and future business objectives. |
Introduction to CERT Resiliency Management Model |
This four-day course introduces a model-based process improvement approach to managing operational resiliency using the CERT Resiliency Management Model (CERT RMM) v1.0. The CERT RMM is a capability model that promotes the convergence of security, business continuity, and IT operations activities as a means to help organizations to actively direct, control, and manage operational resiliency and risk. It focuses on helping organizations to protect and sustain their critical business processes and services by ensuring the continued productivity of assets such as people, information, technology, and facilities in the face of disruptions and unplanned events. The CERT RMM provides users an objective means to measure their capability for managing operational resiliency and for targeting areas of improvement while allowing them to continue using domain-specific practices with which they have familiarity and expertise. |
Introduction to CMMI Version 1.2 |
This three-day course introduces systems and software engineering managers and practitioners, appraisal team members, and engineering process group (e.g., SEPG, EPG) members to CMMI fundamental concepts. CMMI models are tools that help organizations improve their ability to develop and maintain quality products and services. CMMI models are an integration of best practices from proven discipline-specific process improvement models, including the CMM for Software, EIA 731, and the Integrated Product Development CMM. |
Introduction to the People CMM |
This three-day course introduces those who are involved in improving workforce management practices or managing technical professionals to the People Capability Maturity Model (People CMM), Version 2.0, its fundamental concepts, and the value it can bring to organizations using it. The People CMM is a framework that organizations can use to attract, motivate, and retain talented technical staff. The practices in the model help an organization be an employer of choice and ensure that the staff has the competencies and capabilities to achieve an organization's current and future business objectives. |
Leading a Development Team |
This three-day course is designed to teach first-line managers or team leaders how to manage projects quantitatively in order to complete projects on schedule, within budget, and with all requirements met. The course covers the knowledge and skills leaders need to effectively lead and coach development teams. |
Managing Computer Security Incident Response Teams |
This three-day course provides current and future managers of computer security incident response teams (CSIRTs) with a pragmatic view of the issues that they will face in operating an effective team. The course provides insight into the work that CSIRT staff may be expected to handle. The course also provides prospective or current managers with an overview of the incident handling process and the types of tools and infrastructure needed to be effective. |
Managing Enterprise Information Security: A Practical Approach for Achieving Defense-in-Depth |
This three-day course begins with a brief review of the conceptual foundations of information security. Next, students will be introduced to the CERT Defense-in-Depth Framework: eight operationally focused and inter-dependent management components which will be synergistically applied to a fictitious organization's Information Technology (IT) enterprise. Through lectures, demonstrations, scenario-based exercises, small group activities and open discussions, students will learn high-level best practices for effectively integrating each of these eight components into all aspects of IT operations. Further, the course scenario is used extensively to reinforce these best practices with technical information security implementations. |
Managing Technological Change |
The Managing Technological Change course provides participants with skills and knowledge that will help them introduce new technology or continuous improvement initiatives smoothly and effectively. During this course, participants learn a structured approach for dealing with the organizational and human aspects of technology transition, including the key concepts of change management, communication, and managing resistance. This course consists of a set of carefully focused lectures, integrated with hands-on exercises that allow participants to apply the lecture content. |
Mastering Process Improvement |
This three-day course introduces participants to a series of effective practices for process improvement. These practices address the intertwined challenges faced by change agents in conducting a process improvement effort. This course is appropriate for members of a process group (e.g., PG, EPG, SEPG), for those leading and facilitating process improvement activities, and for those preparing to adopt a CMMI or CMM model to guide process improvement in their organization. |
OCTAVE Approach Instructor Training |
This two-day course teaches candidate OCTAVE instructors how to deliver the Assessing Information Security Risks Using the OCTAVE Approach course. Through lectures, discussions, and class exercises, attendees will learn foundational concepts of the OCTAVE approach and methods, become familiar with course materials and learning objectives, and learn how to tailor the OCTAVE approach to suit a particular customer or domain. |
Overview of Creating and Managing CSIRTs |
This one-day course provides a consolidated view of information that is contained in two other CERT courses: Creating a CSIRT and Managing CSIRTs. Its main purpose is to highlight best practices in planning, implementing, operating, and evaluating a computer security incident response team (CSIRT). The course will explore the relationship between CSIRTs, incident management, and security management and discuss how successful incident management requires an enterprise view and approach. It will present a process-based model for structuring incident management activities and also provide an introductory view of CSIRTs to anyone new in the field. Basic topics discuss the purpose and structure of CSIRTs and a high-level overview of the key issues and decisions that must be addressed in establishing and maintaining a CSIRT. Other topics include a discussion of CSIRT services as well as key policies, procedures, methods, tools, and infrastructure components that are needed to effectively operate a CSIRT. |
People CMM Instructor Training |
This three-day course introduces those interested in becoming SEI-authorized Introduction to People CMM Version 2.0 course instructors to details of the People CMM and the Introduction to People CMM Version 2.0 course. The candidate instructors must have an evident in-depth understanding of People CMM as well as effective teaching and facilitation skills to satisfactorily complete this course. |
Performance-Driven Improvement "Analyze" Workshop |
This one-day facilitated workshop provides hands-on coaching in the implementation of the tools and techniques from the "Analyze" phase of the Define-Measure-Analyze-Improve-Control (DMAIC) Six Sigma business improvement methodology - as taught in the SEI Improving Process Performance Using Six Sigma course. This workshop is intended to be a just-in-time workshop to accelerate the "Analyze" phase activity of major business improvement projects for either software process improvement or specific software product improvement. |
Performance-Driven Improvement "Control" Workshop |
This one-day facilitated workshop provides hands-on coaching in the implementation of the tools and techniques from the "Control" phase of the Define-Measure-Analyze-Improve-Control (DMAIC) Six Sigma business improvement methodology, as taught in the SEI Improving Process Performance Using Six Sigma course. This just-in-time workshop helps to accelerate the "Control" phase activity of major business improvement projects for either software process improvement or specific software product improvement. |
Performance-Driven Improvement "Define" Workshop |
This one-day facilitated workshop provides hands-on coaching in the implementation of the tools and techniques from the "Define" phase of the Define-Measure-Analyze-Improve-Control (DMAIC) Six Sigma business improvement methodology, as taught in the SEI Improving Process Performance Using Six Sigma course. This just-in-time workshop will help you jump-start major business improvement projects for either software process improvement or specific software product improvement. |
Performance-Driven Improvement "Improve" Workshop |
This one-day facilitated workshop provides hands-on coaching in the implementation of the tools and techniques from the "Improve" phase of the Define-Measure-Analyze-Improve-Control (DMAIC) Six Sigma business improvement methodology, as taught in the SEI Improving Process Performance Using Six Sigma course. This just-in-time workshop helps to accelerate the "Improve" phase activity of major business improvement projects for either software process improvement or specific software product improvement. This workshop specifically helps improvement teams identify solutions using creative, out-of-the-box thinking techniques, followed by structured techniques to evaluate and select a solution from a set of alternative solutions. The workshop culminates with a measurement plan to support evaluation of a pilot of the solution, providing measurable impact of the solution to be compared to predictions made using prediction equations from the "Analysis" phase. |
Performance-Driven Improvement "Measure" Workshop |
This one-day facilitated workshop provides hands-on coaching in the implementation of the tools and techniques from the "Measure" phase of the Define-Measure-Analyze-Improve-Control (DMAIC) Six Sigma business improvement methodology, as taught in the SEI Improving Process Performance Using Six Sigma course. This just-in-time workshop will help to accelerate the "Measure" phase activity of major business improvement projects for either software process improvement or specific software product improvement. |
Personal Software Process (PSP) Advanced |
This five-day course covers advanced topics of Personal Software Process (PSP), expands on Team Software Process (TSP) concepts and picks up where PSP Fundamentals left off. |
Personal Software Process (PSP) Fundamentals |
This five-day course teaches software engineers the principles, concepts, and benefits of the PSP, a process-based approach for developing software. Students who complete the course will be able to apply the PSP methods to their own personal work process and participate on a Team Software Process (TSP) team. Students learn how to measure and analyze their personal software process, use process data to improve their personal performance, and apply PSP methods to other structured tasks. The student can choose to follow this course with PSP Advanced, a five-day course that provides in-depth coverage of the advanced topics of PSP and picks up where PSP Fundamentals leaves off. Together the two courses cover a significant subset of the PSP Body of Knowledge and help to prepare students for the PSP Developer Certification exam. |
PSP Instructor Training |
This five-day course focuses on how to teach the Personal Software Process (PSP) and put it into practice, and introduces the concepts of the Team Software Process. Upon completing the course, students will be authorized to use SEI materials to teach the PSP to others in their organization. |
SCAMPI B and C Team Leader Training |
This four-and-a-half-day course is the primary qualifying activity for those interested in becoming authorized team leaders for the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) B and C methods. SCAMPI B and C are effective diagnostic tools that can be used to facilitate CMMI-based process improvement, as well as overall improvement strategies. These methods help organizational maturity by identifying process strengths and weaknesses as related to the best practices of one or more CMMI models. |
SCAMPI Lead Appraiser Training |
This five-day course prepares participants to become SCAMPI lead appraisers by introducing participants to the concepts and details of the SCAMPI method. After attending the course, participants will qualify as candidate SCAMPI lead appraisers. |
SCAMPI with People CMM Lead Appraiser Training |
This five-day course introduces those interested in becoming authorized SCAMPI A with People CMM lead appraisers to the Standard CMMI Appraisal Method for Process Improvement (SCAMPI) method V1.2. The SCAMPI A method is a diagnostic tool that supports, enables, and encourages an organization's commitment to process improvement. The method helps organizations gain insight into their process capability or organizational maturity by identifying process strengths and weaknesses as related to the best practices of The People CMM. SCAMPI A V1.2 is the method of choice for benchmarking and is therefore defined by the Appraisal Requirements for CMMI (ARC) V1.2 as a Class A appraisal method. |
Secure Coding in C and C++ |
Secure Coding in C and C++ provides practical advice on secure practices in C and C++ programming. Producing secure programs requires secure designs. However, even the best designs can lead to insecure programs if developers are unaware of the many security pitfalls inherent in C and C++ programming. This course provides a detailed explanation of common programming errors in C and C++ and describes how these errors can lead to code that is vulnerable to exploitation. |
SEI Courses in Process & Performance Improvement |
SEI Courses in Process & Performance Improvement |
Services Supplement for CMMI v1.2 |
This one-day course introduces service providers, appraisal team members, and process group members to CMMI fundamental concepts related to service delivery. The CMMI for Services (CMMI-SVC) model defines effective practices that ensure quality services are delivered to customers and end users. Some types of services that would benefit from using CMMI-SVC include maintenance, operations, logistics, IT, and many other services in other government and industry. |
Understanding CMMI High Maturity Practices |
This 4-day course is the definitive source of information about CMMI levels 4 and 5. If your organization is or plans to be a high-performance organization that consistently uses high maturity practices, this course is a must. This course explains what high maturity is and its characteristics. It provides detailed explanations of the concepts and practices at maturity levels 4-5 as well as examples of how statistical methods and tools can be applied to assist in the proper implementation of these practices. CMMI levels 4 and 5 and Six Sigma are a powerful combination that enables organizations to achieve engineering excellence. This course covers both Six Sigma concepts and tips for effectively performing, managing, and improving processes. Process-performance baselines, process-performance models, control charts and other techniques are explained and their use is demonstrated through examples and exercises. |
Virtual Training Environment (VTE) Core Information Security Course Suite |
The Virtual Training Environment (VTE) is produced by the Software Engineering Institute's CERT® Program. The VTE Core Information Security Course Suite is a collection of on-demand, web-based training courses for information security and information assurance professionals in the U.S. government and related entities. Subscribers to this program receive access to the suite of information security courses for one year and may renew access annually to take advantage of course updates and additions. |
E-mail: course-info@sei.cmu.edu
Phone: +1 412-268-7622
