Academics > Portfolio >

Course Catalogue


Cyber Incident Handling & Disaster Response Course

Conducted by COSEC


The aim of this course is to prepare students to address the nature and scope of cyber security incident handling services, including intrusion/incident detection, damage control, service continuity, forensic analysis, service/data restoration, and incident reporting.


Duration: 10 Weeks
Course Structure: Resident (1) - eLearning (8) - Resident (1)
Language: English 3333 IAW STANAG 6001
Classification: NATO Unclassified
Discipline: COP - Cyberspace Operations
Area: CD - Cyber Defence Operations
Depth of Knowledge: 3 - Advance
ePrime No.: ACT.468
ETOC Code: COP-CD-31395

Course Iterations

Code Course Dates Open Seats
M6-110-A-24 05 Feb 24 - 12 Apr 24 Contact POC
M6-110-B-24 02 Sep 24 - 08 Nov 24 Contact POC

If you wish to join a resident course you may have your agency POC send a seat request. Please click on the POC Finder to obtain the contact information of your agency POC.

ADL courses can be accessed without the need for enrolment but students are required to register through the JADL portal using a military/government email address otherwise they will not be accepted.

Learning Objectives

Summarize Incident Handling and Response Methodologies: Given lectures and quizzes, students will be able to summarize typical Incident Handling and Response terminology and methodologies, in accordance with the model framework.

Describe how CSIRT and CERT are managed and staffed: Based on lectures, online labs and quizzes, students will be able to describe how a Computer Security Incident Response Team (CSIRT) at the local command level and Community Emergency Response Teams (CERT) on a National Level are created, managed and staffed.

Create an Incident Response Policy: Given lectures, online labs and quizzes, students will be able create an Incident Response Policy, based on the organization’s structure, that methodically handles such incidents as Denial of Service (DOS), unauthorized access, inappropriate usage of the network, insider threats, and even multiple components incidents.

Prepare a Disaster Recovery Plan: Based on lectures, online labs and quizzes, students will be able to explain the principles of disaster recovery, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and attentiveness to the roles and relationships of various members of an organization, implementation of the plan, and recovering from a disaster.

Describe System Fundamentals: Given lectures, online labs, and quizzes, students will be able to describe the fundamentals of system–level and data-level recovery tools and techniques, utilizing different recovery techniques, including back-up and recovery technologies and the use of virtualization.

Course Participants

This is a technical course that requires a modicum of technical education and/or experience background. The target audience is personnel whose work responsibilities require – or would benefit from - a mix of subject matter related to the detection and analysis of cyber attacks, as well as to recovery from such attacks. No rank requirement.

Language Proficiency: English 3333 IAW STANAG 6001
Rank Requirements: NCO: No restrictions
Officer: No restrictions


This ten-week course is a mix of lectures, classroom seminar-style discussions, question & answer (Q&A) assignments, videos, online discussions, labs, and quizzes. A final exam is required. The student's time will average 4 to 5 hours a week during the Distance Learning (DL) segment of the course. This will be spread across the following three tasks: 1) reading and answering approximately one Question & Answer (Q&A) assignment each week; 2) taking one short (10-20 questions) online, multiple-choice, quiz every week, and 3) working though one lab assignment each week.

Further Information

This course involves one week resident training at NATO School followed by 8 weeks of distance learning followed by one more week at NATO school.