DHS Cybersecurity

The Essentials of Community Cybersecurity (ECCS) course provides individuals, community leaders, and first responders with information on how cyber attacks can impact, prevent, and/or stop operations and emergency responses in a community. The course also provides a cursory introduction to cybersecurity vulnerabilities, risks, threats, and countermeasures. It explains vulnerabilities of computer systems and networks and how these vulnerabilities can affect communities, organizations, and daily workplace operations. The course introduces actions communities can take in establishing a cybersecurity program. The course provides participants with an awareness of issues. It gives an overview of threats and vulnerabilities, without going into too many details, to highlight the potential impact a cyber attack could have. Participants discuss some of the fundamental activities needed to develop a cybersecurity program, without addressing the technical details of how to secure critical infrastructures. The course introduces the Community Cybersecurity Maturity Model (CCSMM) as a framework for understanding community cybersecurity and offers a brief introduction to low-cost or no-cost approaches to securing a community against cybersecurity threats and attacks. The course sets the stage for further efforts in which a community can build a cybersecurity program.
Course Objectives
At the conclusion of the course, participants will be able to:

Recognize why community cybersecurity is important.
Recognize the characteristics of a community cybersecurity program. Show less

Using the Community Cyber Security Maturity Model to Develop a Cyber Security Program will introduce students to the DHS-supported Community Cyber Security Maturity Model (CCSMM) which can be used as a guide for communities and states in developing their own CCSMM-consistent cybersecurity programs. Students will learn what is required to develop a coordinated, sustained, and viable community cyber security program and the resources available to assist in improving awareness, information sharing, policies, and plans.  This course is offered by the National Cybersecurity Preparedness Consortium (NCPC) and was developed by the NCPC partner The University of Texas at San Antonio Center for Infrastructure Assurance and Security (UTSA/CIAS).  The course is funded through the DHS/FEMA Homeland Security National Training Program and is offered at no cost.  Show less

Cyber-attacks occur more frequently and have become increasingly sophisticated. Cybersecurity events now have the potential to significantly disrupt the business operations of government and critical infrastructure services. Public and private sectors, in the United States, are at increasing and continual risk of surprise attacks from nation-state and non-state actors. (Burgess, 2018)The National Response Framework describes how preparedness can be achieved by developing an incident annex for each hazard. Incident annexes describe coordinating structures used to deliver core capabilities and support response missions unique to a specific type of incident. Incident annexes describe specialized response teams, resources, roles, responsibilities, and other scenario-specific considerations. At the end of this course, participants should possess the fundamentals needed to design and develop a cyber annex for states, locals, tribes, and/or territories (SLTTs). It addresses what the annex is, how it is used, who should participate in the design, implementation, and execution. This course was developed by the University of Texas at San Antonio Center for Infrastructure Assurance and Security through the DHS/FEMA Homeland Security National Training Program. Show less

This online course covers topics on social engineering attack techniques and tools, while also equipping learners with a better understanding of how attackers use people as the weakest link to compromise targeted organizations. Participants will learn about social engineering and become familiar with phishing attacks, develop security awareness and take preventive measures. This course was developed by the University of Memphis, Center for Information Assurance (CfIA) through the DHS/FEMA Homeland Security National Training Program.   Show less

This course introduces the preparatory skills needed to learn penetration testing and vulnerability assessment, and familiarizes Information Technology support personnel and managers with the tactics, techniques and procedures (TTPs) that are used by attackers and penetration testers. Participants will have an increased knowledge and understanding about the tools used in a cyber-attack and in turn be better able to prepare defenses. The course focuses on the basic skills and knowledge needed to conduct and plan vulnerability assessments and penetration tests as well as show how to legally and ethically conduct tests and assessments. Participants will be introduced to Open Source tools such as Metasploit and Nmap, as well as methodologies for researching vulnerabilities. This course is designed based on research and federal agency reports.This course was developed by the Norwich University Applied Research Institutes (NUARI) through the DHS/FEMA Homeland Security National Training Program.   Show less

This course provides participants with specific information regarding targeted cyber attacks, including advanced persistent threats. This information will place them in a better position to plan and prepare for, respond to, and recover from targeted cyber attacks. This course will fill the gap in threat-specific training for cybersecurity as a community-driven course that focuses on the phases of targeted cyber attacks and the attacker methods used during each phase. Participants will also receive valuable information on cyber attack prevention, mitigation and response. Show less

Cyber-attacks occur more frequently and have become increasingly sophisticated. Cybersecurity events now have the potential to significantly disrupt the business operations of government and critical infrastructure services. Public and private sectors, in the United States, are at increasing and continual risk of surprise attacks from nation-state and non-state actors. (Burgess, 2018)The growing Information Sharing and Analysis Organization (ISAO) ecosystem provides an opportunity to empower the nation to become more educated and effective in preventing, detecting, and responding to the increasingly sophisticated landscape of cyber threats. There are considerable challenges with the vast quantity of information, the complexities of analysis, and the uncertainties of sharing data with a large network of organizations.In the 2016 National Preparedness Report, 88% of states and territories indicated a high prioritization of cybersecurity, with only a 13% proficiency in that capability. Likewise, 86% of states and territories ranked intelligence and information sharing as a high priority, with a reported 57% proficiency in that capability. The establishment of an ISAO is a critical step to improve both of these capabilities.Executive Order 13691 encourages the formation of ISAOs, and states that “organizations engaged in the sharing of information related to cybersecurity risks and incidents play an invaluable role in the collective cybersecurity of the United States”. At the end of this course, participants should possess the fundamentals needed to design and develop an Information Sharing and Analysis Organization (ISAO) for states, locals, tribes, and/or territories (SLTTs). It addresses what the ISAO is, how it is used, who should participate in the design, implementation, building, and execution.This course was developed by the University of Texas at San Antonio Center for Infrastructure Assurance and Security through the DHS/FEMA Homeland Security National Training Program Show less

This is a non-technical course meant to develop awareness of cybersecurity risks so that elected officials, appointed officials, and other senior managers are better informed to properly protect the jurisdiction/organization during a cybersecurity incident. It is designed to help officials and senior management work more effectively with their Information Technology (IT) departments to mitigate cyber threats. The training is tailored to government, critical infrastructure, and private sector personnel who have the responsibility for directing and developing policy within their organization. Show less

Despite the fact that passwords have been used in digital systems for over half a century and many standards and best practices have been developed, many organizations simply neglect to adhere to these standards and expose weaknesses for attackers to exploit. This course provides basic digital identity concepts, biometric authentication and multi-factor authentication approaches that can increase security. The learner will explore various authentication standards and techniques that can prevent unauthorized access of digital resources and services. This course was developed by the University of Memphis through the DHS/FEMA Homeland Security National Training Program Show less

This course is designed to assist individuals better understand security and privacy issues associated with mobile devices and infrastructure; including benefits and challenges of designing, implementing, and maintaining Bring Your Own Device (BYOD) Programs. Using scenarios, thought challenges and exercises as a framework, students will learn about: The purpose of Enterprise Mobile Management platforms Elements that make mobile networks and operating systems differentMobile malware classifications and detection strategiesMobile architecture data leakage detection and prevention strategies.This course was developed by the University of Memphis through the DHS/FEMA Homeland Security National Training Program.   Show less

This 2 hour, web-based course will cover the basics of cyber awareness for Municipal, Police, Fire and EMS Information Technology personnel. Participants will have an increased knowledge of threats specific to their jurisdiction and an understanding of the processes and procedures needed to develop a cyber-awareness program. This course will focus on the steps involved in being aware of cyber threats and effectively communicating the processes and procedures to protect users against common cyber threats. The participants will apply this knowledge to developing processes and procedures to integrate cyber awareness into routine operations. Participants will gain an understanding and the knowledge needed to start developing and integrating cyber awareness programs in their specific jurisdictions. This course is intended to give managers and technical personnel working in Police, Fire, and EMS IT departments an introduction to becoming aware of cyber threats to their type of agencies. These types of agencies will be aware of threats specifically targeted at them and how to start a cyber-awareness program to combat the threat.
This course was developed by Norwich University Applied Research Institutes through the DHS/FEMA Homeland Security National Training Program. Show less

Computers, mobile devices, and the Internet of Things (IoT) are a part of our daily lives. By using all of this technology, which makes our lives easier, we have opened ourselves up to the risks of cyber attacks. This course will introduce you to the basics of protecting your computer and the data it stores as well as protecting yourself when you are online, on social media, and while using your mobile or smart devices. Show less

The purpose of this course is to provide an understanding of the history, definitions, and components that make up the Internet of Things. This course addresses the different applications of IoT as well as applicable laws and policies, technologies, emerging threats, best practices, security, and a variety of existing and developing technologies. Show less

Through discussion, pre-recorded attacks, and live example attacks, Demystifying Cyber Attacks will explain and demonstrate common cyber attacks for non-technical participants. Participants will also learn how common cyber attacks can be disrupted at various points of the cyber kill chain using mitigation and response strategies.  Show less

MGT 384, Community Preparedness for Cyber Incidents, is designed to provide organizations and communities with strategies and processes to increase cyber resilience. During this 12-hour course, participants will analyze cyber threats and initial and cascading impacts of cyber incidents, evaluate the process for developing a cyber preparedness program, examine the importance and challenges of cyber related information sharing and discover low to no-cost resources to help build cyber resilience. Show less

The national and economic security of the United States depends on the reliable functioning of critical infrastructure. This course encourages collaboration efforts among individuals and organizations responsible for both physical and cybersecurity toward development of integrated risk management strategies that lead to enhanced capabilities necessary for the protection of our Nation’s critical infrastructure.
Participants will identify physical and cybersecurity concerns impacting overall infrastructure security posture, examine integrated physical and cybersecurity incidents and the evolving risks and impacts they pose to critical infrastructure, and explore resources that can be applied to improve security within an organization, business, or government entity.
This course meets Texas Commission on Law Enforcement (TCOLE) requirements for MGT452 Physical and Cyber Security for Critical Infrastructure course #78401.
Note: For deliveries on, or after, January 3, 2022, participants enrolled in an in-person, classroom-based course delivery will need access to a laptop or mobile device/tablet during the class session to complete course testing and evaluations electronically. Note: Participants enrolled in a TEEX-Instructor Led Webinar must have access to a laptop or mobile device/tablet during the class session to participate in all course sessions as well as complete course testing and evaluations electronically. Show less

This scenario-based course will guide emergency response organizations and critical infrastructure IT personnel through multiple simulated events to learn how to coordinate efforts during a cyber incident. These real-time exercises are designed to assist jurisdictions with managing cyber response efforts between traditional emergency responders and IT professionals. The use of expert instructors from IT and emergency response fields will offer participants real-world knowledge to successfully integrate cybersecurity personnel into the Emergency Operations Center (EOC). Show less

This course is designed to provide guidance for the implementation of an effective cybersecurity incident recovery program from a pre-incident and post-incident perspective. The training focuses on connecting IT with emergency management and is intended for government, critical infrastructure, and private sector personnel who have the responsibility for recovering after a cyber incident. Short term tactical and long-term strategic activities are discussed culminating in the development of an action plan. Show less

The Cybersecurity Resiliency in Industrial Control Systems course is designed to enhance understanding of the critical nature of Industrial Control System environments and the associated risks, threats, and defenses within an organization, business, or government entity. This course will introduce the convergence of physical security with cybersecurity, supervisory control and data acquisition (SCADA), and Industrial Control Systems security, increase awareness of the Internet of Things and Industrial Control Systems, and examine the threat landscape within Industrial Control Systems. Cyber threat mitigation techniques will be examined as well as methods of identifying cyber attacks and vulnerabilities. Tools to respond to and recover from cyber attacks on Industrial Control Systems will be addressed. State, local, regional, tribal, and territorial government officials; owners and operators of businesses and non-profits; and community members and other individuals interested in developing a greater understanding of developing cybersecurity resiliency in ICS. Show less

This 2 hour, web-based course introduces the basics of the incident response processes specific to Information Technology personnel in Municipal, Police, Fire or EMS departments. This course focuses on the steps involved in being aware of common cyber incidents, as well as steps in developing an incident response plan. The participants will apply this knowledge by developing a response plan specific to their jurisdiction. The content of the course includes: common cyber incidents occurring in Police, Fire and EMS IT departments, developing a response plan for common cyber incidents, distinguishing tasks for police, fire and EMS IT departments, and processes for future improvements to response plans.This course was developed by the NUARI through the DHS/FEMA Homeland Security National Training Program. Show less

This 1.5 hour, web-based course introduces the basics of the cybersecurity information sharing processes. Participants will gain knowledge of cybersecurity information sharing and an understanding of how to join or establish an ISAO/ISAC. This course introduces elected officials at multiple levels (State, Local, Tribal, Territorial) as well as senior management and decision-makers (including for commercial entities) to the value proposition of sharing cybersecurity information. The content of the course includes: The importance of cyber-security information sharingInformation sharing organizations and what they doSteps for cyber-security information sharing analysisThis course was developed by the NUARI through the DHS/FEMA Homeland Security National Training Program.  Show less

As computers and mobile devices become a part of most people’s everyday lives, the challenges of protecting computers and mobile devices and the data on them increases. Part of protecting computers and mobile devices is understanding how to recognize when they are compromised, the steps to take to respond to compromised computers and devices, and how to recover once they have been rid of any infection. This course will introduce students to various types of cyber attacks and how to detect and respond to them in order to protect their data and information. Show less

The purpose of this course is to provide an understanding of the history, definitions, and components that make up the Internet of Things. This course addresses the different applications of IoT as well as applicable laws and policies, technologies, emerging threats, best practices, security, and a variety of existing and developing technologies. Show less

Today’s advanced persistent threats (APTs) are increasingly sophisticated, diverse, targeted, aggressive, and successful. There is an increasing deployment of and dependence on Internet of Things (IoT) for remote access devices to National Critical Infrastructure Sectors and Services (NCISS). Inadequate deployment and maintenance of security on these systems could provide opportunities for attackers to harm to the American citizenry through NCISS infrastructure and associated resource disruption. This online course provides an overview of similarities and differences between traditional systems attacks and APT attacks. At the end of this course, participants should possess a fundamental understanding of the most common attack path for various advanced persistent threats (APTs). The course covers (a) the cyber kill chain model (b) APT cases and attack techniques and tools; and (c) common APT defense strategies. This course was developed by the University of Memphis through the DHS/FEMA Homeland Security National Training Program.   Show less

This course covers various incident analysis tools and techniques that support dynamic vulnerability analysis and elimination, intrusion detection, attack protection, and network/resources repair. The trainee will be presented with real-world examples and scenarios to help provide knowledge, understanding, and capacity for effective cyber incident analysis and response.

Two credit hours through ACE are provided only if all three courses within the Online for Business Professionals (Cyber 301) track are completed. Show less

Disaster Recovery for Information Systems will train business managers to respond to varying threats that might impact their organization’s access to information. This course provides requisite background theory and recommended best practices needed by managers to keep their offices running during incidents of different types. Topics include an overview of business continuity planning; disaster recovery planning; guides for implementing and managing disaster recovery plans, a discussion of technical vulnerabilities faced by organizations, and an examination of legal issues that may confront an organization.
Two credit hours through ACE are provided only if all three courses within the Online for Business Professionals (Cyber 301) track are completed. Show less

This is an intermediate level course covering topics on information assets, identifying risks, and management processes highlighting best principles and practices. It will provide training on information risk-related tools and technologies (such as asset evaluation, business impact analysis, risk identification, risk quantification, risk response, security policies, and compliance) for better understanding of potential threats and vulnerabilities in business online, and learning to adopt levels of security measures and best practices.

Two credit hours through ACE are provided only if all three courses within the Online for Business Professionals (Cyber 301) track are completed. Show less

The Internet (the world’s largest network) allows us to accomplish tasks more conveniently and efficiently at home, work and on the road! However, there are security risks with networks, and users must be aware and remain vigilant about these risks and how to secure their home or small business network. This course will introduce students to the basics of networks for homes and small businesses and provide them with best practices to secure their networks in order to protect their personal information as well as other (friends, family, customers, vendors, etc.) information that may flow through their network. Show less

As computers and mobile devices become a part of most people’s everyday lives, the challenges of protecting computers and mobile devices and the data on them increases. Part of protecting computers and mobile devices is understanding how to recognize when they are compromised, the steps to take to respond to compromised computers and devices, and how to recover once they have been rid of any infection. This course will introduce students to various types of cyber attacks and how to detect and respond to them in order to protect their data and information. Show less

This intermediate course is designed to teach students the fundamentals of computer crime issues from a legal perspective. The training will highlight the various computer crimes and appropriate response by first defenders and others that may encounter these types of issues. Participants learn legislations and organizational efforts to control or prevent such crimes. This course covers intellectual property law (copyright, trade secrets, unfair competition, and unfair business practices), personal jurisdiction, electronic commerce and software contracts, telecommunications, antitrust, privacy, the right to accuracy of information, the right to access information, and the First Amendment.

Two credit hours through ACE are provided only if all three courses within the Online for Everyone – Non-Technical (Cyber 101) track are completed. Show less

Cyber Ethics is designed to teach students the proper techniques with which to approach the difficult ethical dilemmas that arise from using the modern Internet. In addition to providing students with the skills to assess future ethical dilemmas for themselves, Cyber Ethics also looks at some of the more pressing concerns related to Internet usage today.

Two credit hours through ACE are provided only if all three courses within the Online for Everyone – Non-Technical (Cyber 101) track are completed. Show less

Computers, mobile devices, and the Internet of Things (IoT) are a part of our daily lives. By using all of this technology, which makes our lives easier, we have opened ourselves up to the risks of cyber attacks. This course will introduce you to the basics of protecting your computer and the data it stores as well as protecting yourself when you are online, on social media, and while using your mobile or smart devices. Show less

Network Assurance covers secure network practices necessary to protect networked systems against attacks and exploits. Network security administration topics include firewalls, intrusion detection/prevention, common cryptographic ciphers, AAA (authentication, authorization, and accounting), server and client security, and secure policy generation.

Two credit hours through ACE are provided only if all four courses within the Online for IT Professionals (Cyber 201) track are completed. Show less

This course covers investigative methods and standards for the acquisition, extraction, preservation, analysis, and deposition of digital evidence from storage devices. This course offers a wide array of forensics situations that are applicable to the real world. Students will learn how to find traces of illegal or illicit activities left on disk with computer forensics tools and manual techniques, and how to recover data intentionally hidden or encrypted by perpetrators.

Two credit hours through ACE are provided only if all four courses within the Online for IT Professionals (Cyber 201) track are completed. Show less

Information Security Basics is designed to teach entry and mid-level IT staff the technological fundamentals of information security. The goal of this course is to provide trainees some preliminary knowledge of computer security to help in identifying and stopping various cyber threats. In addition to providing an introduction to information assurance, trainees will also learn general concepts (terminologies), an overview of TCP/IP, introductory network security, introductory operating system security, and basic cryptography. Show less

This course covers secure programming practices necessary to secure applications against attacks and exploits. Topics covered include fundamental concepts of secure software development, defensive programming techniques, secure design and testing, and secure development methodologies.

Two credit hours through ACE are provided only if all four courses within the Online for IT Professionals (Cyber 201) track are completed. Show less