Events

Please join CISA and the IT SCC in our 2024 Cybersecurity Awareness Month Series. This event is a partnership between CISA IT Sector Management and the IT Sector Coordinating Council to bring valuable information from Government and Private Sector experts to small and medium sized businesses operating in or adjacent to critical infrastructure. For 2024 we are focusing on Artificial Intelligence. The discussions throughout this series will discuss different aspects of AI, understanding how it could effect your environment, what the research community is developing and seeing, and what to expect moving forward when discussing AI safety. 

Who should attend:

While the focus of the content will be centered around small and medium businesses there are prominent discussions happening that will provide value to businesses of any size. Discussions around safety effect all sized businesses and many times all American citizens due to the interconnectivity of IT environments. This effort stems from the IT sector and will maintain that origin within the discussions but again, due to the interconnectivity of the sector, we encourage all 16 critical infrastructure sectors to attend and will receive value from attending. 

What to Expect: 

For our final week we want to provide resources for continuing education and support. This week will serve as an opportunity to highlight educational  efforts on-going throughout government and industry. How can you ensure your company remains at its top operational prowess in a field such as the IT Sector that changes rapidly? Continued learning and involvement. Involvement in the efforts discussed this week will provide opportunities to apply this continued education mindset and ensure you are staying up-to-date on any changes in the field. 

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to offer Incident Response Training event, Defend Against Ransomware Attacks Cyber Range Training (IR209). The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

Ransomware is the fastest growing malware threat targeting home, business, and government networks. Anyone with a computer connected to the internet is a target. Ransomware infection is one computer, one person, one click away from penetrating a network’s defense. If just one computer becomes infected with ransomware it could quickly spread all over the network, which is why ransomware protection is critical. Ransomware incidents have become increasingly prevalent and pose an enormous risk to you and your organization’s critical infrastructure. In this training, participants will be introduced to common applications and process that harden network defenses, as well as key terms to be aware of in the prevention of ransomware attacks.

Experience these benefits and more:

• Common attack methods: Define ransomware and identify best practices and preventive measures to mitigate the impact of ransomware attacks.  

• Practice in a realistic environment: Learn how to apply specific tools to configure and backup active directory policies, reset KRBTGT account passwords and create application allowlisting policies.  

• Identify and mitigate vulnerabilities in real time: Students will identify malicious domains and mitigate them by establishing a sinkhole and by blocking the malicious domain.   

• Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussions and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions.

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.  

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment. 

EVENT LOGISTICS  

• Date:  Thursday, October 31, 2024 

• Time: 12:00 PM EDT – 4:00 PM EDT  

• Location: Online via WebEx  

• CPE Credit: Participants can earn 4 CPE credits for attending this course.  

• Attendee Requirements: This course requires active participation. Attendees can use government-issued computers or personal computers. A second monitor is recommended.  

• Note: Audio is through WebEx; there is no external dial-in.  

• Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required.

Due to participation requirements, please register no later than 48 hours before the course starts. 

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Using the CISA Incident Response Playbook at your Organization (IR211) Cyber Range Training event. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability. 

Produced in accordance with Executive Order 14028, “Improving the Nation’s Cybersecurity,” CISA released the Federal Government Cybersecurity Incident and Vulnerability Response Playbooks that provide federal civilian agencies with a standard set of procedures to respond to vulnerabilities and incidents impacting Federal Civilian Executive Branch (FCEB) networks. This course introduces students to the Incident Response Playbook that describes the process FCEB agencies should follow for confirmed malicious cyber activity for which a major incident has been declared or not yet been reasonably ruled out. The course will include a tabletop discussion format that follows a simulated IR event/scenario and guides students through the CISA IR checklist and IR phases. While the playbooks are intended for federal agencies, CISA encourages public and private sector partners to review them to help inform their own incident response practices.

Experience these benefits and more:

• Key guidance for organizations: Introduce the CISA Incident Response (IR) Playbook with an overview of the IR phases, key resources, standardizing shared practices, and the Incident Response Checklist. Learn about roles, responsibilities, and the importance of communication during an incident response.  

• Lessons learned: This course also highlights lessons learned and common missteps when implementing an IR playbook.  

• Peer activity and discussion: A guided incident response tabletop scenario and discussion where students will be required to follow the IR process using the CISA IR checklist. The tabletop discussion will help students to better comprehend and apply critical thinking throughout the NIST/CISA IR process.

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment. 

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment. 

EVENT LOGISTICS  

• Dates:  Wednesday, November 6, 2024 or Thursday, November 7, 2024 

• Time: 9 a.m. to 1 p.m. EDT - Wednesday
  12:00 p.m. to 4:00 p.m. EDT - Thursday

• Location: Online via WebEx  

• CPE Credit: Participants can earn 4 CPE credits for attending this course.  

• Attendee Requirements: This course requires active participation. Attendees can use government-issued computers or personal computers. A second monitor is recommended.  

• Note: Audio is through WebEx; there is no external dial-in.  

• Closed captioning (English only) will be available during this training event. Previously recorded webinars are available on the CISA YouTube Channel for playback in other languages, if required.

Due to participation requirements, please register no later than 48 hours before the course starts. 

DOE Office of Cybersecurity, Energy Security, and Emergency Response (CESER) is hosting a joint Energy Sector BOM Collaboration webinar in partnership with DHS Cybersecurity and Infrastructure Security Agency (CISA), and IEEE Power Systems Communications and Cybersecurity Technical Committee (PSCCC).  

This webinar will include representatives from asset owners and operators (AOOs), vendors, and researchers in the energy sector all sharing their experiences and lessons learned from using or attempting to use BOMs for supply chain risk management. The webinar will consist of a series of presentations as well as two facilitated Q&A panels where vendors and AOOs will discuss the following topics: policies/regulations, value proposition, existing challenges, and where do we go from here.

The Cybersecurity and Infrastructure Security Agency (CISA) is proud to present the Introduction to Log Management (IR210) Cyber Range Training event. The 200-level training events are open to government employees and contractors across federal, state, local, tribal, and territorial government, educational partners, and critical infrastructure partners. Please use your organization email address when registering.

This course is ideal for those working in cybersecurity roles who are interested in learning technical incident response skills and requires active engagement from all participants. The course assumes a mixed audience (e.g., from disparate teams and organizations) of mixed capability.

Log files provide the data that are the bread and butter of incident response, enabling network analysts and incident responders to investigate and diagnose issues and suspicious activity from network perimeter to epicenter. Participants will be introduced to basic principles of log management and configuration. Federal compliance regulations of log configuration and management including OMB Memo M-21-31 will also be introduced. 

Experience these benefits and more: 

• Common attack methods: Understand the importance of the configuration, management, and analysis of logs for incident response and identify key processes of log management. 

• Practice in a realistic environment: Investigate and analyze log data for suspicious activity. Detect and correlate possible IOCs or malicious activity with threat intel. Exercises include configuring a DNS server, network device firewall, an operating system and more for propper logging.  

• Expert facilitation and peer discussion: Throughout the course, expert cybersecurity engineers will moderate discussions and conduct a recovery debrief for the exercises. Participants are also encouraged to help one another and offer relevant input to address peers' questions.

This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.

Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.