Certified Cyber Incident Response Manager (C-CIRM)

Organizations face ongoing threats to their information technology infrastructure on a daily basis. These security struggles need to be approached with modern techniques, a holistic view of security, and a diverse body of knowledge. With the proper tools and training, managers in the Information Security and Cyber Security fields will be much more capable of finding success within their roles.

The Certified Cyber Security Operations Manager certification course brings Cyber Security core competencies to advanced levels with new concepts and traditional best practices. Using 16 detailed learning objectives, students will be provided with the knowledge and context needed to successfully manage the security of their technical environments. Focusing on the Information Security concerns of today, students will cover topics such as Cloud Security, Threat Intelligence Collection, Vulnerability Management, Biometric Security Systems, and the NICE Cybersecurity Workforce Framework.

Register Today for the Next Training Session

The Certified Cyber Incident Response Manager course is a component of the career progression track that supports the required Categories, Specialty Areas and Work Roles as defined by the National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.  It provides a common language to speak about cyber roles and jobs and can be referenced to define professional requirements in cybersecurity.

INFORMATION SYSTEMS SECURITY MANAGER
(OV-MGT-002)

CYBER WORKFORCE DEVELOPER AND MANAGER
(OV-SPP-002)

EXECUTIVE CYBER LEADERSHIP
(OV-EXL-001)

CYBER INTEL PLANNER
(CL-OPO-001)

CYBER OPS PLANNER
(CL-OPO-002)

CYBER INSTRUCTOR
(OV-TEA-002)

Course Outline and Knowledge Points

The NICE Cybersecurity Workforce Framework

  • Overview of the NICE Framework
  • NICE Framework Key Terms
  • NICE Framework Categories
  • NICE Framework Specialty Areas and Work Roles
  • Knowledge, Skills, and Abilities (KSA’s)
  • Implementing the NICE Framework

Principles of Identity and Access Management

  • Password Complexity and Policy
  • Tokens, HOTP, and TOTP Controls
  • Biometric and Geolocation Methods
  • Kerberos, NTLM, LDAPS, and Active Directory
  • SSO, SAML, OAuth, and OpenID Connect
  • Access Control Models

Biometric Identification and Security Systems

  • Biometric Implementation
  • Fingerprint Recognition Systems
  • Facial Recognition Systems
  • Iris and Retinal Imaging Systems
  • Keystroke Dynamics
  • Voice Recognition Systems

Securing Systems and Data Using Cryptography

  • Providing Integrity with Hashing
  • Symmetric Encryption Characteristics
  • Asymmetric Encryption Characteristics
  • Email: Using Cryptographic Protocols
  • Public Key Infrastructure: Certificates
  • Cryptography Security Threats

Secure Network Architecture for Non-Architects

  • Security Architecture Frameworks
  • Reference Security Architecture
  • The Secure Development Life Cycle
  • Architectural Design Documentation
  • Architectural Domains: The Four Pillars
  • Zero Trust Networks

Identifying Network Baselines and Anomalies

  • Baseline Measuring Objectives
  • Network Sensor Deployment
  • Statistical Monitoring
  • Potential Signs of Compromise
  • Indicator of Compromise Verification
  • Event-Based Alert Monitoring Evaluation

Incident Response and Remediation Strategies

  • 7 Stages of the Attack Life Cycle
  • Effective Incident Remediation
  • Assigning a Remediation Owner
  • Remediation Posturing Actions
  • Eradication Plan Development
  • Plan Timing and Execution

Host and Network Data Collection Methods

  • Network Forensics vs. Digital Forensics
  • General Process for Performing Analysis
  • Standard Windows Directory Structure
  • Locating Endpoint Data
  • Live Collection Best Practices
  • Live Response: When Things Go Wrong

Investigations, Evidence, and Chain of Custody

  • Understanding Elements of Proof
  • Investigative Interview Strategies
  • Investigative Report Writing
  • Incident Scene Management
  • Evidence Dynamics and Chain of Custody
  • Legal Challenges in Digital Investigations

Risk Management Frameworks and Implementations

  • Risk Management: Key Definitions
  • The Key Attributes of Risk
  • Risk Management Program Development
  • Risk Management Frameworks
  • Asset Inventories and Resource Profiles
  • Qualitative and Quantitative Analysis

Vulnerability Assessment and Management

  • Identifying Vulnerabilities and Misconfigurations
  • Nmap (Network Mapper) and Zenmap
  • Security Content Automation Protocol (SCAP)
  • Vulnerability Program Essentials
  • Prioritizing and Rating Vulnerability Levels
  • Establishing an Efficient Workflow

Business Continuity and Disaster Recovery

  • BCP and DRP Key Definitions
  • The Benefits of a Business Impact Analysis
  • Business Impact Analysis Data Collection
  • Selecting a BIA Project Manager
  • Writing a BCP / DRP Testing Strategy
  • The 5 Progressions of BCP / DRP Testing

Threat Intelligence Collection and Analysis

  • Cyber Adversaries vs. Cyber Defenders
  • Components of the Threat Landscape
  • Understanding the Maneuver Warfare Mindset
  • The Threat Intelligence Cycle
  • Challenges to Cyber Crime Investigations
  • Threat Intelligence Sources

Cloud Computing Architecture and Security

  • Cloud Computing Service Models
  • Public, Private, and Hybrid Cloud
  • Cloud Data Security
  • Data Loss Prevention: Egress Monitoring
  • Cloud Platform Risks
  • Lack of Physical Access and Auditing Ability

Service Level Agreements and Legal Contracts

  • Seeking Best Options Over Fairness
  • General Contract Structures
  • SLA and Contract Review Process
  • General Contract Review Checklist
  • Provisions of an Enforceable Contract
  • Contract Negotiation Strategies

Creating Testing Scenarios and Playbooks

  • Response Playbook Components
  • Building a Response Playbook
  • Common Playbook Response Scenarios
  • Planning Table-Top Exercises
  • Planning Simulated Attacks
  • Sample Playbook: Unauthorized Access

Course Learning Objectives

Upon successful completion of the C)CIRM training program, participants will be able to:

  • CLO #01: Identify security technologies, risk management models, network and system defense methodologies, identity and access management practices, cryptographic protocols, and intrusion detection techniques.
  • CLO #02: Describe vulnerabilities and risks, threat intelligence collection techniques, digital evidence and investigations, network and host data collection methods, malware triage protocols, and incident response and remediation strategies.
  • CLO #03: Demonstrate network security techniques using labs and industry tools such as Wireshark network protocol analyzer, Linux Command Line Interface, Microsoft Administrative Command Prompt, and Microsoft PowerShell / PowerShell ISE (Integrated Scripting Environment).
  • CLO #04: Examine the principles and purpose of secure network architecture, architecture security frameworks, implementation of supporting security controls, zero trust network foundations and assertions, and identifying network baselines and anomalies.
  • CLO #05: Develop a business continuity strategy utilizing business impact analysis, disaster response and recovery planning, asset identification and valuation techniques, quantitative / qualitative analysis methods, and testing and evaluation goals which align to organizational objectives.
  • CLO #06: Evaluate cloud computing service models, architecture and security considerations, risks and threats posed to cloud services, regulatory and compliance requirements, cloud provider and customer responsibilities, and the structure of contracts and service level agreements.

Project Ares® Cyber Range Labs

Students enrolled in classroom or instructor-led online formats of this course will be using the Project Ares® Cyber Range for practical labs.  Project Ares® Cyber Range labs are available to self-study students for an additional fee.

Course Training Materials

Exam Prep Guide

Course Workbook & Labs

Lab Images (if Applicable)

Practice Assessment Quizzes

40-Hour CPE Credit Certificate

Knowledge Assessment Examination

Knowledge Assessment Exam

Upon completion of online courses, students will be prepared to sit for the knowledge assessment exam. The online examination will consist of True/False, Multiple Choice, and Fill in the Blank questions. The exam may be taken at any time within 6 months of completing the certification course.

Students will have two hours to complete a computer-based examination consisting of 100 questions. A score of 70% or higher is required to earn the certification. Upon successful completion of the exam, students will be sent a hardcopy of their certification and their CPE credit documentation via email (PDF format) within 72-hours of the exam date.

The examination is “closed book.” However, students will be allowed to use their notes on material presented during the course as well as their Course Workbooks.