M6 -110 CCD II COURSE OVERVIEW BACKGROUND

Transcription

M6 -110 CCD II COURSE OVERVIEW BACKGROUND
M6 -110
CCD II COURSE OVERVIEW
Cyber Incident Handling & Disaster Recovery Course
BACKGROUND
The Cyber Security Incident Response & Recovery Course is the third of the four - course
Cyber Security Certificate Programme offered by NATO School Oberammergau (NSO), in
cooperation with Naval Postgraduate School (NPS), the United States Partnership and
Education Training Center (US PTEC).
The four cyber security courses (M6-108 Network Security, M6-109 Network Vulnerability
Assessment and Risk Mitigation, M6-110 Cyber Incident Handling and Disaster Recovery,
and M6-111 Network Traffic Analysis) can be taken individually or collectively, as desired.
Though the courses can be taken in any order, Network Security is the ideal starting course,
owing to the foundational principles that are established.
The course fulfills the need for developing cyber security expertise and improving the
defense
of
critical
infrastructure
within
NATO/partner
nations,
as
protection of
Communications and Information Systems (CIS) became one of the major tasks for the
Alliance, recognized in NATO’s Strategic Concept and 2014 Wales Summit Declaration.
AIM
The aim of this course is to define the nature and scope of cyber security incident handling
services, including intrusion/incident detection, damage control, service continuity, forensic
analysis, incident reporting, service/data restoration, disaster recovery, continuity of
operations.
07 October 2014 – Version 6.0.
NATO Unclassified
Page 1/5
M6 -110
CCD II COURSE OVERVIEW
LEARNING OBJECTIVES
LO1 – Given lectures and quizzes, students will summarize typical Incident Handling and
Response terminology and methodologies, in accordance with the model framework.
LO2 – Based on lectures, online labs and quizzes, students will describe how to create,
manage, staff and run a Computer Security Incident Response Team (CSIRT) at the local
command level and Community Emergency Response Teams (CERT) on a National
Level.
LO3 – Given lectures, online labs and quizzes, students will be able create an Incident
Response Policy, based on the organization’s structure, that methodically handles such
incidents as Denial of Service (DOS), unauthorized access, inappropriate usage of the
network, insider threats, and even multiple components incidents.
LO4 – Based on lectures, online labs and quizzes, students will explain the principles of
disaster recovery, including preparation of a disaster recovery plan, assessment of risks
in the enterprise, development of policies, and procedures, and attentiveness to the
roles and relationships of various members of an organization, implementation of the
plan, and recovering from a disaster.
LO5 – Given lectures, online labs, and quizzes, students should describe the
fundamentals of system–level and data-level recovery tools and techniques,
utilizing different recovery techniques, including back-up and recovery technologies and
the use of virtualization.
CONTACT
Ms. Liliana Serban, ROU-CIV
Course Director/Naval Postgraduate School (NPS) Liaison Officer
Cooperative Security Department
NATO SCHOOL Oberammergau
82487 Oberammergau – Germany, Am Rainenbichl 54
E-mail: [email protected]
Tel. +49-8822-9481-2600
www.natoschool.nato.int
07 October 2014 – Version 6.0.
NATO Unclassified
Page 2/5
M6 -110
CCD II COURSE OVERVIEW
COURSE PARTICIPANTS/TARGET AUDIENCE
This is a technical course that requires a modicum of technical education and/or experience
background. This is a technical course that requires a modicum of technical education
and/or experience background. This course will significantly benefit incident handlers, risk
assessment administrators, penetration testers, cyber forensic investigators, venerability
assessment auditors, system administrators, system engineers, firewall administrators,
network managers, IT managers, IT professionals and anyone who is interested in incident
handling and response.
No rank requirement.

LANGUAGE
PROFICIENCY
English IAW STANAG 6001 3333
CLASSIFICATION
NATO Unclassified
METHODOLOGY
This ten-week course is a mix of lectures, classroom seminar-style discussions, question &
answer (Q&A) assignments, videos, online discussions, labs, and quizzes. A final exam is
required.
The student's time will average 4 to 5 hours a week during the Distance Learning (DL)
segment of the course. This will be spread across the following three tasks: 1) reading and
CONTACT
Ms. Liliana Serban, ROU-CIV
Course Director/Naval Postgraduate School (NPS) Liaison Officer
Cooperative Security Department
NATO SCHOOL Oberammergau
82487 Oberammergau – Germany, Am Rainenbichl 54
E-mail: [email protected]
Tel. +49-8822-9481-2600
www.natoschool.nato.int
07 October 2014 – Version 6.0.
NATO Unclassified
Page 3/5
M6 -110
CCD II COURSE OVERVIEW
answering approximately one Question & Answer (Q&A) assignment each week; 2) taking
one short (10-20 questions) online, multiple-choice, quiz every week, and 3) working though
one lab assignment each week.
ADDITIONAL INFORMATION:
1)
PREREQUISITE
The students will be expected to know some basic information on operating systems,
programming, networking, and information assurance, preferable to be graduates of the
Network Security Course. If not graduates of this course, applicants would need the consent
of the NPS instructor to participate in the Cyber Incident Handling & Disaster Recovery
Course.
2)
COURSEWARE
Majority of the resources used in the teaching of the course will be supplied via: 1)
Textbooks available via SafariBooksOnline accounts; 2) Instructor materials posted to the
course Sakai site, and 3) EC-Council materials required for their certification (included in the
course fee)
3)
STUDENT ASSESSMENT
Students will be assessed based upon a combination of labs, quizzes, and two additional
exams.
The weight of these will be as follows: Submitted Labs: 30%; Quizzes: 30 %; EC-Council
Disaster Recovery Professional (DRP) exam: 15%; and EC-Council Cyber Incident Handler
(CIH) exam: 25%
CONTACT
Ms. Liliana Serban, ROU-CIV
Course Director/Naval Postgraduate School (NPS) Liaison Officer
Cooperative Security Department
NATO SCHOOL Oberammergau
82487 Oberammergau – Germany, Am Rainenbichl 54
E-mail: [email protected]
Tel. +49-8822-9481-2600
www.natoschool.nato.int
07 October 2014 – Version 6.0.
NATO Unclassified
Page 4/5
M6 -110
CCD II COURSE OVERVIEW
4)
CERTIFICATION
Successfully completion of this course is ¼ of the total (four courses) required to obtain the
Cyber Security Certificate.
Number of Iterations per Year:
2
Maximum number of students per Iteration:
30
Minimum number of students per Iteration:
25
CONTACT
Ms. Liliana Serban, ROU-CIV
Course Director/Naval Postgraduate School (NPS) Liaison Officer
Cooperative Security Department
NATO SCHOOL Oberammergau
82487 Oberammergau – Germany, Am Rainenbichl 54
E-mail: [email protected]
Tel. +49-8822-9481-2600
www.natoschool.nato.int
07 October 2014 – Version 6.0.
NATO Unclassified
Page 5/5