As the Department of Defense, federal, state and local governments and commercial entities work to leverage the NIST standards to harden cyber defenses, hackers are innovating and deploying new exploits at an ever increasing pace.
This one-day workshop combines the Hack Warz ethical hacking competition with the Risk Management Framework six-step Security Life Cycle to demonstrate how to think like a hacker when designing a systems hardening plan.
Participants will review the Risk Management Framework (RMF) six-step process (NIST 800-37) and use the RMF methodology to outline a defense-in-depth strategy. This includes correlating STIGs and IA controls to the new RMF controls. Participants will execute “white hat” attacks against typical IT systems in the hands-on, Hack Warz lab environment. Hack Warz is set up as a capture-the-flag event in which participants gain exposure to hacker tools and common exploits. After the lab, participants will debrief and use the RMF methodology to update their defense-in-depth strategies.
In the “not if you will be hacked, just when” world we live in, this iterative process of white hat ethical hacking establishes a best-practice and proactive approach to securing and verifying the security of IT assets.
- Explain best practices using NIST Standards and the Risk Management Framework
- Outline an approach for a defense in-depth strategy
- Correlate STIGs and IA Controls to NIST
- Demonstrate proficiency with auditing tools
- Apply computer network defense using Hack Warz approach
The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.
If you would like to provide feedback for this course, please e-mail the NICCS SO at NICCS@hq.dhs.gov.