CND Training CND-SP SPECIALTY outlines:     C11.2.1.1.  CND-SP Analyst (CND-A) C11.2.1.2.  CND-SP Infrastructure Support (CND-IS) C11.2.1.3.  CND-SP Incident Responder (CND-IR) C11.2.1.4.  CND-SP Auditor (CND-AU) C11.2.1.5.  CND-SP Manager (CND-SPM) C.11.2.1.1 CND-A Functions CND-A.1. Mastery of IAT Level I and IAT Level II CE and skills with applicable certification. A.2.How to analyze network alerts skills A.3. How to validate network alerts A.4. How to analyze log files from a variety of sources ( host logs, network traffic logs, firewall logs, and ISD logs) or SIM A.5. Learn how to identify anomalous activity and analyze network traffic and how they threaten network resources. A.6. Build external data sources database or dashboard  for daily monitoring (e.g. CND vendor sites, Computer Emergency Response Teams, SANS, Security Focus) to maintain CND threat conditions & impact A.7.  Learn to write signatures for CND network tools in response to new or observed threats. A.8. Learn how to do event correlation from a variety of sources  to gain situational awareness and determine the effectiveness of an observed attack. A.9. Notify CND managers, CND incident responders, and other CND-SP team members of suspected CND incidents and articulate the event’s history, status, and potential impact for further action. C.11.2.1.2 CND-IS Functions CND-IS.1. Mastery of the appropriate IAT Level I and IAT Level II CE and skills with applicable certification. IS.2. Learn how to create, edit, and manage changes to network access control lists on firewalls and IPS. IS.3. Learn Anti-Virus or Audit/Remediation administration  including installation, configuration, maintenance, and backup/restore. IS.4. Learn how to implement C&A requirements for specialized CND systems and document and maintain records for them. IS.5. Learn how to manage and administer the updating of  rules and signatures for specialized CND applications. (IDS/IPS, anti-virus, and content blacklists) IS.6. Learn how to Identify potential CND  implementation conflicts (e.g., tool/signature testing and optimization). IS.7. Learn how to build and administer CND test bed to evaluate new CND applications, rules/signatures, access controls, and configurations of CND-SP managed platforms. Table C11.T7.  CND-IR Functions CND-IR.1.   Mastery of the appropriate IAT Level I, IAT Level II, or IAT Level III CE, NE, or enclave knowledge and skills with applicable certification. IR.2.    You will understand how to collect and analyze intrusion artifacts (e.g., source code, malware, and trojans) to mitigate potential CND incidents. IR.3. You will learn how perform initial, forensically sound collection of images to discern mitigation/ remediation. IR.4.Learn how to coordinate with and provide expert technical support to resolve CND incidents. IR.5.You will learn how to track and document CND incidents from initial detection through final resolution. IR.6. You will learn the step by step process of  CND incident triage to determine scope, urgency, and potential impact;  identify the specific vulnerability and make recommendations which enable expeditious remediation. IR.7. You will learn how to correlate incident data and perform CND trend analysis and reporting. IR.8. You will coordinate with intelligence analysts to correlate threat assessment data. IR.9. You will learn how to serve as technical experts to law enforcement for incident details & expert testimony IR.10. You will perform real-time CND Incident Handling (e.g., forensic collections, intrusion correlation/tracking, threat analysis, and direct system remediation) tasks to support deployable Incident Response Teams (IRT). IR.11. You will learn how to maintain deployable CND toolkit (e.g., specialized CND software/hardware) to support IRT missions. IR.12. You will learn who to write and publish CND guidance and reports on incident findings to appropriate constituencies. Table C11.T9.  CND-AU Functions CND-AC.1. Mastery of the appropriate IAT Level I, IAT Level II, or IAT Level III CE, NE, or enclave knowledge and skills with applicable certification. AC.2. You will learn applicable CND policies, regulations, and compliance documents specifically related to CND auditing. AC.3. You will learn how to do step by step CND vulnerability assessments. AC.4. You will learn how to do step by step CND risk assessments. AC.5. You will learn how to  conduct authorized penetration testing of network assets. AC.6. You will learn how to analyze site CND policies and configurations and evaluate compliance with regulations and enclave directives. AC.7. You will learn how to prepare audit reports that identify technical and procedural findings and provide recommended remediation strategies/solutions. AC.8. You will learn how to maintain deployable CND audit toolkit (e.g., specialized CND software/hardware) to support CND audit missions. Table C11.T11.  CND-SPM Functions CND-SPM.1.  Mastery of the appropriate IAM Level I or IAM Level II CE and/or NE knowledge and skills with applicable certification. SPM.2. You will learn how to implement and enforce CND policies and procedures reflecting applicable laws, policies, procedures, and regulations (e.g., Reference (g)). SPM.3. You will learn how to  publish CND guidance (e.g., IAVAs and TCNOs) for the enclave constituency. SPM.4. You will learn how to provide incident reports, summaries, and other situational awareness  information to higher headquarters. SPM.5. You will learn how to manage an incident (e.g., coordinate documentation, work efforts, resource utilization within the organization) from inception to final remediation and after action reporting. SPM.6. You will learn how to manage threat or target analysis of CND information and production of threat or target information within the network. CND-SPM.7. You will learn how  to manage the monitoring of external CND data sources to maintain enclave situational awareness. SPM.8. You will learn how to interface with external organizations (e.g., public affairs, law enforcement, Command or Component Inspector General) to ensure appropriate and accurate dissemination of incident and other CND information. SPM.9.  You will learn  how to Lead risk analysis and management activities for the network. SPM.10. You will learn how to track compliance audit findings, incident after-action reports, and recommendations to ensure appropriate mitigation actions are taken. Class Fee $14,999 Days: 15 days, Hands-on Location: Click here to view the class schedule Q/ISP® Qualified Information Security Professional Exam Q/SA® Qualified Security Analyst Pen Tester Q/PTL® Qualified Penetration Tester License Q/EH® Qualified Ethical Hacker/Defender   Q/EP® Qualified/ Edge Protector Q/FE® Qualified Forensic Expert Q/CND-specific class Q/IAP® Qualified Information Assurance Professional Q/AAP® Qualified Access, Authentication, PKI Pro Q/NSP® Qualified Network Security Policy Admin & SOA Security Architect Q/C&A® Qualified Security Certification & Accreditation Q/SSE® Qualified Software Security Expert & Exam   Since 1999, Security University is the leading provider of Hands-On Computer Security Education, Information Assurance Training and Certification for IT and IT Security Professional in the world. Security University classes are CNSS approved security curriculums. What is a Q/ISP "Qualified" Information Security Professional? A Q/ISP is a person who has passed Security University’s Q/ISP online certification exam. The Q/ISP certification does not require classes. The Q/ISP certification is awaiting ANSI's 17042 and NOCA compliance approval. A Qualified Q/ISP (Qualified Information Security Professional) has validated their tactical security skills with SU Education Certifications from attending Q/ISP classes. By passing Q/EH Qualified Ethical Hacker, Q/SA Qualified Security Analyst Penetration Tester with Q/PTL Qualified Penetration Tester License workshop, Q/EP Qualified EDGE Protector & Q/FE Qualified Forensic Expert classes with hands-on labs and online exams or (prior to 2008) passed Security University’s EC-Council Authorized CEH or ECSA exams. In 1999 SU classes were first with hands-on tactical security labs with live target escalation to ensure you gain the necessary knowledge and tactical security skills to be "qualified" for your job and stay ahead of the hackers! The Q/ISP Certification classes are CNSS approved. All Q/ISP classes are instructor led by highly qualified Q/ISP security subject matter experts (SSME's) packed with hours of hands-on tactical labs with leading edge security tools and technologies setting the stage for your “Qualified” Information Security Professional credential. Once you have mastered SU's Q/ISP classes & exams and passed the Q/ISP certification exam you will be certified, “qualified” and have validated your tactical security skills.           What is a Q/IAP "Qualified" Information Assurance Professional? A Q/IAP is person who has passed the SU Q/IAP certification exam. A “Qualified” Q/IAP is person who has passed the SU Q/AAP Qualified Access, Authentication and PKI, QNSP Qualified Network Security Policy and SOA class, and the Q/CA Qualified C&A class and passed the SU exams with a 75 or better validated their hands-on security skills by passing labs & exams Or you can Master the Q/IAP Exam without taking any Q/IAP classes by passing the Q/IAP 75 multiple choice exam with an 80 or better.  SU classes were first with tactical security (escalating) hands-on labs to ensure you gain the necessary information assurance knowledge to certify and accredit your systems and be "qualified" for your job. The Q/ISP Certification classes are CNSS approved. The QIAP classes are for IT and IT security professionals, Sys Admins, Security Auditors, Network Auditors, CISO's, all personnel and who are looking to build tactical security skills, improve their career and increase their income. All classes are instructor led by highly qualified SU security subject matter experts (SSME's) packed with hours of hands-on labs, leading edge tools and technologies setting the stage for your Qualified Information Assurance Professional Qualification Exam. After you have mastered these classes and exams you can sit for the QIAP exam.