Q-CERT Training Workshops
As part of its mission, Q-CERT is offering a series of information security workshops developed by members of the CERT Program, who have almost two decades of expertise in the field. The following workshops are currently being offered. Click on the title of the workshop for more detailed information.
Information
Security for Technical Staff
This five-day course is
designed to provide participants with practical techniques for
protecting the security of an organization's information assets and
resources, beginning with concepts and proceeding on to technical
implementations. The course teaches participants how to design a
secure network architecture, manage host systems, secure network
services and infrastructure, and work with firewalls and intrusion
detection systems.
Advanced Information
Security for Technical Staff
This five-day course is
designed to increase the depth of knowledge and skills of technical
staff charged with administering and securing information systems and
networks. Developed around a scenario in which a production network
has failed an information security audit, students will implement
numerous technical security solutions to bring the network into
compliance.
Creating a Computer Security
Incident Response Team
This one-day course is designed for
managers and project leaders who have been tasked with implementing a
computer security incident response team (CSIRT). This course provides
a high level overview of the key issues and decisions that must be
addressed in establishing a CSIRT. As part of the course, attendees
will develop an action plan that can be used as a starting point in
planning and implementing their CSIRT.
Managing Computer Security
Incident Response Teams
This three-day course provides
current and future managers of computer security incident response
teams (CSIRTs) with a pragmatic view of the issues that they will face
in operating an effective team. The course provides insight into the
type and nature of the work that CSIRT staff may be expected to
handle, and provides an overview of the CSIRT environment,
organizational interactions, and the nature of incident management
activities.
Creating and Managing a
CSIRT
This two-day workshop is an accelerated workshop
covering the same material as the workshops Creating a Computer Security
Incident Response Team and Managing a Computer Security
Incident Response Team.
Fundamentals of
Incident Handling
This five-day course is for computer
security incident response team (CSIRT) technical personnel with
little or no incident handling experience. Course attendees will learn
how to gather the information required to handle an incident; realize
the importance of having and following pre-defined CSIRT policies and
procedures; understand the technical issues relating to commonly
reported attack types; perform analysis and response tasks for various
sample incidents; and identify potential problems to avoid while
taking part in CSIRT work.
Advanced Incident
Handling
This five-day course, designed for computer
security incident response team (CSIRT) technical personnel with
several months of incident handling experience, addresses techniques
employed in detecting and responding to computer security threats and
attacks, and commonly used and emerging attacks that are targeted
against a variety of operating systems and architectures. Building on
the methods and tools discussed in the Fundamentals of Incident
Handling course, this course provides guidance that incident handlers
can use in responding to system compromises.
OCTAVE® Training
Workshop
OCTAVE® is a self-directed risk
evaluation that provides organizations with control over security
risks; balances critical information assets, business needs, threats,
and vulnerabilities; and benchmarks organizations against known or
accepted best practices for security. This three-day workshop is
designed to help individuals and analysis teams lead and perform
OCTAVE evaluations.
Computer
Forensics for Technical Staff
This three-day course
comprises three components: lecture, student labs, and team
scenarios. It is designed for technical staff who administer and
secure information systems/networks. This course will provide
participants with a fundamental understanding of the computer
forensics process, and develop first responders' basic forensic best
practices.
Defense in Depth
The Defense-in-Depth
workshop is designed for students, ranging from system administrators
to CIOs, who have some technical understanding of information systems
and want to delve into how technical assurance issues affect their
entire organizations. The workshop material takes a big-picture view
while also reinforcing concepts presented with some details about
implementation. Therefore, this workshop can be a useful pursuit for
system administrators and IT security personnel who would like to step
up to the management level. It also can provide a refresher for IT
managers and executives who want to stay up to date on the latest
technological threats facing their enterprises. The workshop consists
of eight modules: Compliance Management, Risk Management, Identity
Management, Authorization Management, Accountability Management,
Availability Management, Configuration Management, and Incident
Management.
Introduction to VTE
The CERT Virtual
Training Environment (VTE) provides self-paced remote access to a
suite of information assurance and computer forensics training
material in virtual classroom and knowledge library formats. VTE
follows a 'read it, see it, do it' instructional model, offering
written training material, captured video of instructor-led lectures
and demonstrations, and virtual training labs that are provisioned
on-demand directly by students through virtual machine technology.
Q-CERT is making a customized version of VTE, VTE-Q, available to its partners. To promote the usage of VTE-Q, this hands-on half-day workshop covers the benefits that VTE technology provides, the usage of the VTE interface, and scenarios for using VTE within organizations. Attendees will be provided with laptops with which they can access VTE-Q during the workshop.