M6 -110 CCD II COURSE OVERVIEW BACKGROUND
Transcription
M6 -110 CCD II COURSE OVERVIEW BACKGROUND
M6 -110 CCD II COURSE OVERVIEW Cyber Incident Handling & Disaster Recovery Course BACKGROUND The Cyber Security Incident Response & Recovery Course is the third of the four - course Cyber Security Certificate Programme offered by NATO School Oberammergau (NSO), in cooperation with Naval Postgraduate School (NPS), the United States Partnership and Education Training Center (US PTEC). The four cyber security courses (M6-108 Network Security, M6-109 Network Vulnerability Assessment and Risk Mitigation, M6-110 Cyber Incident Handling and Disaster Recovery, and M6-111 Network Traffic Analysis) can be taken individually or collectively, as desired. Though the courses can be taken in any order, Network Security is the ideal starting course, owing to the foundational principles that are established. The course fulfills the need for developing cyber security expertise and improving the defense of critical infrastructure within NATO/partner nations, as protection of Communications and Information Systems (CIS) became one of the major tasks for the Alliance, recognized in NATO’s Strategic Concept and 2014 Wales Summit Declaration. AIM The aim of this course is to define the nature and scope of cyber security incident handling services, including intrusion/incident detection, damage control, service continuity, forensic analysis, incident reporting, service/data restoration, disaster recovery, continuity of operations. 07 October 2014 – Version 6.0. NATO Unclassified Page 1/5 M6 -110 CCD II COURSE OVERVIEW LEARNING OBJECTIVES LO1 – Given lectures and quizzes, students will summarize typical Incident Handling and Response terminology and methodologies, in accordance with the model framework. LO2 – Based on lectures, online labs and quizzes, students will describe how to create, manage, staff and run a Computer Security Incident Response Team (CSIRT) at the local command level and Community Emergency Response Teams (CERT) on a National Level. LO3 – Given lectures, online labs and quizzes, students will be able create an Incident Response Policy, based on the organization’s structure, that methodically handles such incidents as Denial of Service (DOS), unauthorized access, inappropriate usage of the network, insider threats, and even multiple components incidents. LO4 – Based on lectures, online labs and quizzes, students will explain the principles of disaster recovery, including preparation of a disaster recovery plan, assessment of risks in the enterprise, development of policies, and procedures, and attentiveness to the roles and relationships of various members of an organization, implementation of the plan, and recovering from a disaster. LO5 – Given lectures, online labs, and quizzes, students should describe the fundamentals of system–level and data-level recovery tools and techniques, utilizing different recovery techniques, including back-up and recovery technologies and the use of virtualization. CONTACT Ms. Liliana Serban, ROU-CIV Course Director/Naval Postgraduate School (NPS) Liaison Officer Cooperative Security Department NATO SCHOOL Oberammergau 82487 Oberammergau – Germany, Am Rainenbichl 54 E-mail: [email protected] Tel. +49-8822-9481-2600 www.natoschool.nato.int 07 October 2014 – Version 6.0. NATO Unclassified Page 2/5 M6 -110 CCD II COURSE OVERVIEW COURSE PARTICIPANTS/TARGET AUDIENCE This is a technical course that requires a modicum of technical education and/or experience background. This is a technical course that requires a modicum of technical education and/or experience background. This course will significantly benefit incident handlers, risk assessment administrators, penetration testers, cyber forensic investigators, venerability assessment auditors, system administrators, system engineers, firewall administrators, network managers, IT managers, IT professionals and anyone who is interested in incident handling and response. No rank requirement. LANGUAGE PROFICIENCY English IAW STANAG 6001 3333 CLASSIFICATION NATO Unclassified METHODOLOGY This ten-week course is a mix of lectures, classroom seminar-style discussions, question & answer (Q&A) assignments, videos, online discussions, labs, and quizzes. A final exam is required. The student's time will average 4 to 5 hours a week during the Distance Learning (DL) segment of the course. This will be spread across the following three tasks: 1) reading and CONTACT Ms. Liliana Serban, ROU-CIV Course Director/Naval Postgraduate School (NPS) Liaison Officer Cooperative Security Department NATO SCHOOL Oberammergau 82487 Oberammergau – Germany, Am Rainenbichl 54 E-mail: [email protected] Tel. +49-8822-9481-2600 www.natoschool.nato.int 07 October 2014 – Version 6.0. NATO Unclassified Page 3/5 M6 -110 CCD II COURSE OVERVIEW answering approximately one Question & Answer (Q&A) assignment each week; 2) taking one short (10-20 questions) online, multiple-choice, quiz every week, and 3) working though one lab assignment each week. ADDITIONAL INFORMATION: 1) PREREQUISITE The students will be expected to know some basic information on operating systems, programming, networking, and information assurance, preferable to be graduates of the Network Security Course. If not graduates of this course, applicants would need the consent of the NPS instructor to participate in the Cyber Incident Handling & Disaster Recovery Course. 2) COURSEWARE Majority of the resources used in the teaching of the course will be supplied via: 1) Textbooks available via SafariBooksOnline accounts; 2) Instructor materials posted to the course Sakai site, and 3) EC-Council materials required for their certification (included in the course fee) 3) STUDENT ASSESSMENT Students will be assessed based upon a combination of labs, quizzes, and two additional exams. The weight of these will be as follows: Submitted Labs: 30%; Quizzes: 30 %; EC-Council Disaster Recovery Professional (DRP) exam: 15%; and EC-Council Cyber Incident Handler (CIH) exam: 25% CONTACT Ms. Liliana Serban, ROU-CIV Course Director/Naval Postgraduate School (NPS) Liaison Officer Cooperative Security Department NATO SCHOOL Oberammergau 82487 Oberammergau – Germany, Am Rainenbichl 54 E-mail: [email protected] Tel. +49-8822-9481-2600 www.natoschool.nato.int 07 October 2014 – Version 6.0. NATO Unclassified Page 4/5 M6 -110 CCD II COURSE OVERVIEW 4) CERTIFICATION Successfully completion of this course is ¼ of the total (four courses) required to obtain the Cyber Security Certificate. Number of Iterations per Year: 2 Maximum number of students per Iteration: 30 Minimum number of students per Iteration: 25 CONTACT Ms. Liliana Serban, ROU-CIV Course Director/Naval Postgraduate School (NPS) Liaison Officer Cooperative Security Department NATO SCHOOL Oberammergau 82487 Oberammergau – Germany, Am Rainenbichl 54 E-mail: [email protected] Tel. +49-8822-9481-2600 www.natoschool.nato.int 07 October 2014 – Version 6.0. NATO Unclassified Page 5/5