AWR366 – 6.00 Hours


EC AWR366 53 Register

This schedule is subject to change without notice. If you have not received confirmation of the class prior to the class start, please contact the division at or [email protected] to get the latest schedule.

Course Description

Cyber-attacks occur more frequently and have become increasingly sophisticated. Cybersecurity events now have the potential to significantly disrupt the business operations of government and critical infrastructure services. Public and private sectors, in the United States, are at increasing and continual risk of surprise attacks from nation-state and non-state actors. (Burgess, 2018)

The National Response Framework describes how preparedness can be achieved by developing an incident annex for each hazard. Incident annexes describe coordinating structures used to deliver core capabilities and support response missions unique to a specific type of incident. Incident annexes describe specialized response teams, resources, roles, responsibilities, and other scenario-specific considerations. 

At the end of this course, participants should possess the fundamentals needed to design and develop a cyber annex for states, locals, tribes, and/or territories (SLTTs). It addresses what the annex is, how it is used, who should participate in the design, implementation, and execution. 

This course is offered by the National Cybersecurity Preparedness Consortium (NCPC) and was developed by the NCPC partner The University of Texas at San Antonio Center for Infrastructure Assurance and Security (UTSA/CIAS).  The course is funded through the DHS/FEMA Homeland Security National Training Program and is offered at no cost.


Must be a U.S. Citizen or Permanent Resident or receive approval from TEEX/DHS-FEMA prior to the start of the class. Please contact us for more information on the approval process.

Course Completion Requirements

Students must receive a minimum score of 70% on the Post-Test to receive their certificate.

Attendance Requirements

To meet attendance requirements, participants must review each training module and complete all required course assignments, activities, quizzes, and/or end of course exam.


Computer with an Internet connection and up-to-date web browser


  • Definition and Purpose of a Cyber Incident Annex
  • Cyber Incident Definitions
  • Cyber Incident Annex Scope
  • Roles and Responsibilities
  • Components of a Cyber Incident
  • Incident Identification Process
  • Components of a Cyber Incident Response Plan
  • Building a Cyber Incident Response Team
  • Information Sharing
  • Training and Exercises
  • Cyber Incident Guidebook

Suggested Audience

The target audience for this course should include personnel assigned to work in the jurisdiction’s emergency operations center, policy makers, elected and/or appointed officials, emergency responders, IT personnel with responsibilities for identifying and responding to cyber events for SLTT government, private industry, and critical infrastructure representatives.

Government Programs

Contact Information

Business & Cyber Solutions
Phone: (979) 431-4837
Email: [email protected]

Back to top