Incident Response Training: Identify, Mitigate, Recover (IMR) series: To support the capacity of our nation’s cyber enterprise to “Defend Today, Secure Tomorrow” CISA has developed no-cost cybersecurity incident response training for government employees and contractors across Federal, State, Local, Tribal, and Territorial government, and is open to educational and critical infrastructure partners.
- IMR 000 – Observe the Attack Description: Observe the Attack courses are network defense demonstrations led by expert cybersecurity engineers. Students are guided through the strategy and operations of real-time incident response. Proficiency: Open to all levels;
- IMR 100 – Informational Webinars: These webinars are developed and presented to educate participants on various subjects related to cyber security awareness and best practices. Proficiency: Open to all levels;
- IMR 200 – Cyber Range Training Description: Cyber Range Trainings are interactive virtual classes with hands-on step-action labs. Students participate in mini-lectures followed by lab activities to identify incidents and harden systems in the cyber range environment. These are ideal for beginner and intermediate incident responders who wish to learn technical hands-on incident response skills. Proficiency: Beginner to Intermediate cyber security skill / experience level
Continuous Diagnostics and Mitigation (CDM): We offer instructor-led CDM Agency Dashboard training for U.S. executive branch employees and contractors. These resources are intended for anyone whose agency uses CDM and who monitors, manages, and oversees controls on their information systems, such as ISSOs, CDM POCs, ISSMs, and others who report measurements and/or metrics.
Industrial Control Systems (ICS): Free training geared toward Critical Infrastructure owners/operators designed to reduce cybersecurity risks to critical infrastructure and encourage cooperation between CISA and the private sector. This 10-day training runs from 8:00am-5:00pm MST (10:00am-7:00pm EST).
These courses are a prerequisite to attending the in-class 301 and 401 training hosted by CISA at the Idaho National Laboratory.
- 301v provides training on understanding, protecting, and securing Industrial Control Systems (ICS) from cyber-attacks.
- 401v provides training on analyzing and evaluating an Industrial Control Systems (ICS) network to determine its defense status and what changes need to be made.