SANS What Works in Forensics and Incident Response Summit 2010
Tuesday, June 22, 2010
Sunday, June 20, 2010
Cyberterrorism Defense Analysis Center (CDAC)
CDI: Cyberterrorism First Responder (CFR)
CFR is designed to prepare first responders to effectively and efficiently act to counter any type of cyber-based terror attack against our nation’s internet, communications, and network-based infrastructure. This is an intense, hands-on course for skilled technical personnel who meet specific technical prerequisites, and could be responsible for responding to agency assistance calls for potential cyberterrorism activity.
This course is an advanced level, hands-on course where network and security knowlege and experience is required. Alternative experience may be considered in lieu of listed requirements, based upon seating availability and review by CDI admissions staff.
A minimum of two years experience as a system/network administrator or as a cybersecurity professional is required. An intermediate understanding of network concepts, along with general knowledge of computer operating systems, is required.
-or-
Completion of the CDI course, "Incident Handling and Response" (IHR); any experience with handling cyber-incidents; plus, a minimum of two years experience as a system or network administrator.
CFR is offered free-of-charge to technical personnel from public safety, law enforcement, state and local government, public utilities, colleges and universities, and health care providers. Depending on classroom space, consideration will also be given to other individuals working within agencies and organizations considered as a part of our nation's critical infrastructures. CFR is a highly-specialized, four-and-a-half day course designed primarily for first responder personnel from those eligible agencies.
Blended learning methods will be utilized, to include a balance of classroom lecture, hands-on laboratory exercises, and the use of cyberterrorism response tools, as cyberterror attacks against significant national network infrastructure targets will be simulated. Because of the high-level of training provided via this course, this class will be more limited in number and potential participants will be screened to ensure that they meet specified prerequisites.
CFR classes stress a proactive approach to providing computer, network, and infrastructure incident response handling. Solutions and methods taught are non-vendor-specific, which does not require participants to have specialized software when trying to implement class lessons at their own agencies. CDI stresses proper network and data engineering techniques and methodology over simple software packages, keeping agency financial requirements to a minimum.
CFR will define the steps of handling specific types of cyberterror incidents, including incident assessment, detection and analysis for security incidents, and the containing, eradicating, and recovering process from a system or network-based incident. Participants will learn how to:
Identify, define, and practice first-hand the many tools and resources required in the cyberterror incident response process that the first responder must bring to bear in order to accurately and successfully detect, analyze, and mitigate a cyberterror incident.
Describe the Cyberterrorism First Responder (CFR) process, to include emergency assessment, emergency containment, emergency eradication, emergency restoration, post-emergency response, and the hand-off.
Describe the follow-up, secondary incident response techniques, and the proper integration of these activities into the CFR process.
Define the proper techniques used to properly review, critique, and build upon the CFR process through a series of review meetings and lessons-learned methods.
Subscribe to:
Posts (Atom)
