-
Designed by operators for managers and leaders, this accelerated course is designed to help perform incident response management. This course instructs on managing first responders during incidents. This course is built on the latest NIST guidelines and best practices. Incident response is treated as a critical component of enterprise risk management, integrated across organizational operations. Participants will learn to align their incident handling with the NIST Cybersecurity Framework (CSF) 2.0; covering all six core Functions (Identify, Protect, Detect, Respond, Recover, and the newly added Govern function and follow the updated NIST SP 800-61 Rev. 3 incident management recommendations. Special emphasis is placed on robust log management (per NIST SP 800-92 Rev. 1) to enable early threat detection and forensic analysis, since continuous monitoring and analysis of logs is highly beneficial for identifying security incidents shortly after they have occurred Target audience: IT managers, CISOs, and cybersecurity team leaders in both public and private sector. This course will leave you with the confidence and a proven framework to manage cyber incidents from preparation through recovery. NICCS Training Catalogue Link -
This self-paced 16-hour course teaches participants how to perform initial incident response on Linux systems, covering both basic and advanced responder actions to minimize incident impact and cost. The curriculum is tailored for Linux system administrators (e.g. Ubuntu and Red Hat/CentOS environments) at an intermediate (Level 2) proficiency. Through scenario-based lessons and hands-on labs, students will learn to respond to unexpected outages, malicious activities (sabotage, insider threats, ransomware), and perform forensic evidence collection (disk imaging, memory capture) using only open-source tools. Emphasis is placed on secure out-of-band communication during incidents, effective team coordination, and sound tactical decision-making under pressure. By course end, attendees will be equipped to handle Linux security incidents using modern techniques and tools relevant to FY2026, without relying on any commercial software. Designed by operators for operators, this accelerated course is designed to help perform initial incident response activity on Linux systems. NICCS Training Link -
This self-paced 16-hour course teaches participants how to perform initial incident response on Windows systems, covering both basic and advanced responder actions to minimize incident impact and cost. The curriculum is tailored for Windows system administrators at an intermediate (Level 2) proficiency. Through scenario-based lessons and hands-on labs, students will learn to respond to unexpected outages, malicious activities (sabotage, insider threats, ransomware), and perform forensic evidence collection (disk imaging, memory capture) using only open-source tools. Emphasis is placed on secure out-of-band communication during incidents, effective team coordination, and sound tactical decision-making under pressure. By course end, attendees will be equipped to handle Windows security incidents using modern techniques and tools relevant to FY2026, without relying on any commercial software. Designed by operators for operators, this accelerated course is designed to help perform initial incident response activity on Windows systems. NICCS Course Link
