The aim of this course is to prepare students to address the nature and scope of cyber security incident handling services, including intrusion/incident detection, damage control, service continuity, forensic analysis, service/data restoration, and incident reporting.
Please note that for week one and 10 we will aim to transition back to resident modules at NSO for 2022 where possible.Catalogue will be updated once confirmed
If you wish to join a course you may have your agency POC send a seat request.
Please click on the POC Finder
to obtain the contact information of your agency POC.
Summarize Incident Handling and Response Methodologies:
Given lectures and quizzes, students will be able to summarize typical Incident Handling and Response terminology and methodologies, in accordance with the model framework.
Describe how CSIRT and CERT are managed and staffed:
Based on lectures, online labs and quizzes, students will be able to describe how a Computer Security Incident Response Team (CSIRT) at the local command level and Community Emergency Response Teams (CERT) on a National Level are created, managed and staffed.
Create an Incident Response Policy:
Given lectures, online labs and quizzes, students will be able create an Incident Response Policy, based on the organization’s structure, that methodically handles such incidents as Denial of Service (DOS), unauthorized access, inappropriate usage of the network, insider threats, and even multiple components incidents.
Prepare a Disaster Recovery Plan:
Based on lectures, online labs and quizzes, students will be able to explain the principles of disaster recovery, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and attentiveness to the roles and relationships of various members of an organization, implementation of the plan, and recovering from a disaster.
Describe System Fundamentals:
Given lectures, online labs, and quizzes, students will be able to describe the fundamentals of system–level and data-level recovery tools and techniques, utilizing different recovery techniques, including back-up and recovery technologies and the use of virtualization.
This is a technical course that requires a modicum of technical education and/or experience background. The target audience is personnel whose work responsibilities require – or would benefit from - a mix of subject matter related to the detection and analysis of cyber attacks, as well as to recovery from such attacks. No rank requirement.
||English 3333 IAW STANAG 6001
||NCO: No restrictions
Officer: No restrictions
This ten-week course is a mix of lectures, classroom seminar-style discussions, question & answer (Q&A) assignments, videos, online discussions, labs, and quizzes. A final exam is required. The student's time will average 4 to 5 hours a week during the Distance Learning (DL) segment of the course. This will be spread across the following three tasks: 1) reading and answering approximately one Question & Answer (Q&A) assignment each week; 2) taking one short (10-20 questions) online, multiple-choice, quiz every week, and 3) working though one lab assignment each week.
This course involves one week resident training at NATO School followed by 8 weeks of distance learning followed by one more week at NATO school.