Vulnerability Assessment for Technologists (VULN-101-TECH)



Vulnerability Assessment for Technologists (VULN-101-TECH)

This is a closed class. It requires a contract. On-site for 22 people.

Days: 5 Days Labs: Yes –Local Cyber Range

Type of Course: Security / Technical

Prerequisites: Introduction to Cybersecurity (CYBR-INT-TECH)

About this course: Maps to NICE Protect and Defend category and the specialty areas of Vulnerability Assessment and Management. Provides a practical technical approach for the inventory of threat and vulnerability information as an input to the risk assessment and risk management process. This course will build a technical foundation of information assurance principles and security architecture concepts in order to reduce the need for reactive controls.

Goals: You will learn the responsibilities for the identification, analysis, and mitigation of threats to internal IT systems or networks.  Vulnerability Assessment involves conducting assessments of threats and vulnerabilities, determining deviations from acceptable configurations, enterprise or local policy, assessing the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. You will use the Mitre ATT&CK Matrix as a tool for defining and vulnerabilities.

Topics: System and application security threats and vulnerabilities as they pertain to classes of attacks, operational threat environments, general attack stages and penetration testing principles, tools, and techniques. The fundamentals of programming language structures and logic will round out the knowledge necessary to complete this course.

Methods of instruction: There are 8 different possible exercises that can be used in a module. Some examples include: threats and controls, case studies, risk analysis practice, and reading review. Technical labs will require basic skills in operating systems and virtualization. As soon as students become too comfortable, the instructor will switch methods.

Students are expected to have basic experience in the areas of networking and DoD Cybersecurity as well as knowledge of related Cybersecurity policies and procedures.  Course support DISA responsibilities in DoD Cybersecurity Discipline Implementation Plan, DoD I 8551.01, the STIG’s and NIST SP800-53. The course covers topics in NICCS / NICE and ARTEP.