This course explains how adversarial review can be used to improve network security. It describes a hacker’s approach to discovery and exploitation of vulnerabilities and describes prevention techniques. Case studies from the System Administration, Networking, and Security (SANS) Institute have been used to illustrate the value of adversarial review.

Course provides participants with a basic understanding of their roles and responsibilities as a security officer. Through interactive class instruction and practical exercises, participants are provided training on all security disciplines (i.e., information security, physical security, personnel security, and operations security).

Participants will learn what a contingency plan is, the driving forces for developing a contingency plan, the types of contingency plans and their interrelationships, the five-step business continuity planning methodology, the structure and development of a business continuity plan, and the steps to take to ensure a strong security posture within an organization.

This entry-level course describes the certification and accreditation (C&A) process used within the Federal Government (DoD Information Technology Security C&A Process [DITSCAP]/National Information Assurance C&P Process/NIST SP 800-37/Director of Central Intelligence Directive [DCID] 6/3).

This course provides participants with a general overview of the requirements of the National Security Information Program. It offers instruction on the proper handling, marking, labeling, dissemination, shipping, processing, storing, and destruction, along with the roles and responsibilities of personnel who have access to classified information.

This entry-level course describes fundamental security concepts and defines IA terminology. It explores IA threats, vulnerabilities, and countermeasures, and it identifies how security requirements and tasks should be integrated within the system development life cycle in a “when-what-why” format.

This awareness-level course answers the question, What is cyber security? It is designed to promote security awareness among all users of IT systems. The course defines the term “cyber security” as well as the primary tenets of IA—confidentiality, integrity, availability, authentication, and nonrepudiation.

This course provides an intensive hands-on training of penetration-testing tools and techniques. The class is taught using a portable penetration testing network that includes 15 laptops: 10 for student use and 5 for target hosts. Topics include networking concepts, TCP/IP vulnerabilities, enumeration techniques and tools, and common hacking tools and exploits.

The course content covers eight major Information Systems Security topic areas: Information Technology (IT) Security Principles, Certification and Accreditation, Secure Engineering and System Design, Security Program Management, Vulnerability Assessment and Management, Incident Reporting and Response, Continuity of Operations, and Secure Communications and Encryption.

This course provides an in-depth analysis of encryption. Participants are provided an initial overview of the differences between public and private key encryption. This overview identifies and describes security features of the Secure Socket Layer (SSL) and Transport Layer Security (TLS) protocols. Features of the new Advanced Encryption Standard and why it is needed are also discussed.

This course addresses both the substantive law (what is prohibited) and the procedural law (what legal processes must be complied with in investigating and prosecuting cybercrime, cyber espionage, or information war). It addresses international law and domestic law along with the legal complexities involved in transborder investigations.

At the conclusion of this course, attendees will be able to describe the role of risk assessment in the risk management process and be able to determine a risk index.

At the completion of this course, attendees will have a common understanding of NetOps functions, roles, responsibilities, and benefits.

This is a follow-on course to the NetOps Overview. It is designed to expand on DoD NetOps concepts, capabilities, tools, and models/frameworks to facilitate effective situational awareness and collaborative command and control (C2) of the GIG.

This course of instruction examines the NetOps model against these three areas—policy, process, culture—and suggests strategic courses of action for influencing all three centers of gravity.

This course is composed of five modules detailing network security concepts. Students will gain computer networks, interconnect model and various protocols, system environments and interconnections, security agreements and measures, enterprise architecture for risk management and security policy enforcement, and defense in depth (DiD) implementation.

This course introduces and reinforces the policies and procedures associated with processing security clearance background investigation documentation, conducting the personnel security interview, adjudicating security background checks, and performing other personnel security processing requirements.

This course presents the basic concepts that support physical security of IT resources. It defines physical security and explains why it is required. Students will also learn security models and transition strategies, physical access control areas, and physical security strategies.