-
- Current Site
Security Training- Choose a different site Help
Security Certification
Internet Storm Center
College Cybersecurity Programs
Security Awareness Training
Blue Team Operations
Forensics & Incident Response
Offensive Operations
Industrial Control Systems
Cloud Security
Cybersecurity Leadership
Government Private Training
Bonus Session Registration
CRPA/C2M2 Training
Date: Monday, February 11
Time: 8:00am - 3:00pm
Location: Yacht & Beach Club Conference Center - Hampton Room
Presenters: Tim Roxey, Mark Fabro, and Mike Assante
Agenda at the bottom of this page
The Electricity Sector Information Sharing and Analysis Center (ES-ISAC) is happy to announce a free daytime training opportunity for ES-ISAC members (non-members will not be admitted). The ES-ISAC personnel, Lofty Perch, DOE, and NBISE will support the main day's training on: 1) DOE C2M2, 2) the MSEL injected CRPA Tabletop Exercise, and 3) NBISE material.
The free training will cover both the recently-developed Department of Energy (DOE) Electricity Sub-sector Cybersecurity Capability Maturity Model (ES-C2M2) work and the ES-ISACâs ongoing Cyber Risk Preparedness Assessment (CRPA) methodology. The intention of this training is to expose BPS personnel to both of these activitiesâone an assessment, and the other an exercise methodologyâand show how these activities are being coupled into an Assess-Exercise-Access style methodology. Participants will receive all of the exercise materials compliments of ES-ISAC.
As an excellent additional feature to the CRPA/C2M2 training, Mike Assante of the National Board of Information Security Examiners (https://www.nbise.org/) will be using this forum to host several discussions around workforce training issues.
Exposure to Closure is also on February 11
Plan to stay through the evening to enjoy "Exposure to Closure - The life and times of an exploited Vulnerability". This four-act dinner theater is the third installment in the highly popular four-part "Exposure to Closure" series, back by popular demand. This interactive "whodunit" begins with a germ of suspicion discovered by vulnerability researchers or intelligence analysts, and follows through forensic deconstruction, vulnerability mitigation, and on to the enumerators, who will determine if the mitigation path taken was effective.
The SANS North American ICS & SCADA Summit is February 12 - 13
The following two days will feature The North American ICS & SCADA Summit brings together the program managers, control systems engineers, IT security professionals and critical infrastructure protection specialists from asset owning and operating organizations along with control systems and security vendors who have innovative solutions for improving security. Along with government and research leaders, they are coming together to learn and discuss the newest and most challenging cyber security risks to control systems and the most effective defenses. The North American ICS & SCADA Summit is an action conference designed so that every attendee leaves with new tools and techniques they can put to work immediately when they return to their office.
Register to attend Exposure to Closure or the North American ICS & SCADA Summit at https://www.sans.org/registration/register.php?conferenceid=28439
CRPA/C2M2 Agenda:
8:00-8:15 Wake up and Welcome (Tim, Mike)
8:15-9:00 DoE spread the C2M2 Love (Special DoE facilitator)
9:00-9:15 Welcome to your Acme Network and review your homework materials (Mark)
(All registrants will have received the ACME Network and CRPA templates in advance)
9:15-9:30 Break
9:30-12:00 Normal CRPA Move 1 plus embedded Mike's material
12:00-12:45 Lunch on Own
12:45-1:45 Normal CRPA Move 2 plus embedded Mike's material
1:45-2:45 Normal CRPA Move 3 plus hot wash and last of Mike's material
2:45-3:00 final wrap
