This course is designed to provide guidance for the implementation of an effective cybersecurity incident recovery program from a pre-incident and post-incident perspective. The training focuses on connecting IT with emergency management and is intended for government, critical infrastructure, and private sector personnel who have the responsibility for recovering after a cyber incident. Short term tactical and long-term strategic activities are discussed culminating in the development of an action plan.
FEMA / SID Number
Students must have a FEMA Student Identification Number (SID) to attend class.
To obtain a SID, register online at cdp.dhs.gov/femasid
Course Completion Requirements
A Pre-Test and Post-Test are given to measure participants’
understanding of the material. Participants are required to score a 70% or
better on the Post-Test and attend 80% of the course hours in order to receive
a course certificate of completion.
TopicsCyber terminology+Cyber incident life cycle+Threat levels+Emergency management+Recovery continuum+Government’s role in cybersecurity+Cyber and the incident command system+Federal resources for cyber+Key programmatic elements that improve recovery+Plan, organize, equip, train, exercise considerations+Short-term recovery actions+Long-term recovery actions+Cyber incident recovery action plan
- Government and private sector IT staff
- Local administrators and upper-level management personnel
- System administration
- Risk management personnel
- Local government administration
- Emergency management coordinators