Incident Response Triage: Data Analysis (IR216)
CISA is proud to offer the Data Analysis (IR216). We are excited to share this information with stakeholders across the federal enterprise and nationally.
This skills lab provides cybersecurity professionals with the practical knowledge and experience needed to conduct data analysis to identify Indicators of Attack (IOA) and Indicators of Compromise (IOC) and use those findings to further the investigation, contain an security incident, and establish a stronger security posture. The lab simulates a sophisticated cyber breach scenario where participants employ a variety of tools and techniques to gather evidence and assess the scope of the breach.
Through case studies, presentations by expert facilitators, demonstrations, and lab exercises, participants will explore the tools and techniques necessary to identify IoA and IoC, use IoC in an active investigation, identify the vulnerabilities and mitigation options associated with an attack, perform network traffic analysis, assess and prioritize threats, and identify options for containment.
Please note we have two options to participate.
Option 1:
Join the class and participate in the virtual lab activities. This option has limited seats and is best suited for students who are ready to practice their skills in the cyber range. It does require an additional technical lab access session to participate. If the lab option is already full, we encourage you to register for the observe option.
Option 2:
Join the class as an observer and actively participate in discussions and watch live demonstrations of the cyber range lab activities. This is an ideal solution for the entry-level student seeking to learn more about initial triage and data collection and to view the guided lab demonstrations. This option has more seats available for students.
This exercise is a step-by-step, facilitated experience that uses a keyboard approach to understand these topics in a realistic technical environment.
Approved registrants must attend a mandatory student technical check the day before the training to establish a connection to the course content and lab environment.
EVENT LOGISTICS
- Date: Tuesday, March 4, 2025 – Thursday, March 6, 2025
- Time: 9:00 AM EDT – 1:00 PM EDT
- Location: Online via WebEx
- CPE Credit: Participants can earn 4 CPE credits for attending this course.
- Attendee Requirements: This course requires active participation. Attendees can use government-issued computers or personal computers. A second monitor is recommended.
- Note: Audio is through WebEx; there is no external dial-in.
- Closed captioning (English only) will be available during this training event.
Due to participation requirements, please register no later than 48 hours before the course starts. Cyber Insights will not accept registrations made less than 48 hours before the course start.