homepage
Open menu
New

MGT553: Cyber Incident Management

Register Now Course Demo
  • In Person (2 days)
  • Online
12 CPEs

If you are worried about leading or supporting a major cyber incident, then this is the course for you. MGT553: Cyber Incident Management focuses on the non-technical challenges facing leaders in times of extreme pressure. Whilst you may have a full team of technical staff standing-by to find, understand and remove the attackers, they need information, tasking, managing, supporting, and listening to so you can maximize their utilization and effectiveness. We focus on building a team to remediate the incident, on managing that team, on distilling the critical data for briefing, and how to run that briefing. We look at communication at all levels from the hands-on team to the executives and Board, investigative journalists, and even the attackers. This course contains nine (9) case studies for hands-on learning.

Course Authors:
Steve Armstrong-Godwin
Steve Armstrong-Godwin
Principal Instructor
What You Will LearnSyllabusPrerequisitesLaptop RequirementsAuthor StatementReviewsTraining & Pricing

What You Will Learn

Open in Case of Emergency

You can't predict or pick when your organization will face a major cyber incident, but you can choose how prepared you are you when you face it. While there are broad technical aspects to cyber incidents there is also a myriad of other activities that generally falls to executives, managers, legal, press, and human relations staff. These include communicating both internally and externally, considering the battle rhythm and a look at methodologies for tracking information gathered and released to the public.

This course empowers you to become an effective incident management team member or leader; ensuring you fully understand the different issues facing incident commanders in the immediate, short and medium term. As well as becoming comfortable with terminology, you will understand what preparatory work you can undertake at different stages to help you get ahead of the situation. MGT553 was developed to ensure efficient management of a diverse range of incidents with a focus on cyber; however, the methodology, concepts and guidance will apply to many regular major and critical incidents.

"Probably the most important part to an organization - how to get their operation functioning again and sorted out with the structure and governance to cover the areas." - Peter Leonhardt

BUSINESS TAKEAWAYS:

This course will help your organization:

  • Develop staff that know how to lead or contribute to a cyber incident management team
  • Manage your incidents more effectively and thus resolve them quicker
  • Understand the gaps in your security incident plans and response strategies
  • Create higher performing security teams

SKILLS LEARNED:

  • How to make sense of different incident response frameworks
  • Understanding the importance of scoping incidents correctly
  • The ability to define the incident management team's objectives
  • Recognition of the importance of managing a team under extreme pressure
  • Awareness of human responses to facing catastrophically impactful urgent changes
  • How to structure, manage, and deliver briefings to upper management and the board
  • Planning and controling communications when managing a serious incident
  • Communicating with attackers and the pros and cons thereof
  • Where and how to track the incident
  • Planning, coordinating, and executing counter compromise activities
  • Understanidng types and contents of incident resports both during and post closure
  • Steps on how to close the incident and return to business as usual

HANDS-ON TRAINING:

MGT553 uses case scenarios, group discussions, team-based exercises, and in-class games, to help students absorb both technical and management topics. We follow along as a fictious company deals with a network breach from start to finish.

Section 1: Reviewing the initial incident briefing, Capture initial information and generate intial tasks, Setting the objectives for the IM team, crisis communications: briefing the executives

Section 2: Dealing with the attackers, Drafting public statements, Crisis communications: briefing the wider team, Prioritizing the data and system remediation planning, Running an example tabletop exercise

"All the labs are fantastic and really grounded in reality. Really useful thought experiments and training." - Luigi Ritacca

SYLLABUS SUMMARY:

Section 1: Scoping, defining, and communicating about the incident.

Section 2: Damage control, reporting, closing the incident and training the wider team.

WHAT YOU WILL RECEIVE:

  • Electronic courseware containing the entire course content
  • Printed course books
  • Access to the Cyber Incident Management Tool Kit
  • MP3 audio files of the complete course lecture
  • Access to a new Discord server to chat about the course
  • Immediate actions for dealing with ransomware
  • Training plans, report templates, incident frameworks and other cheat sheets

WHAT COMES NEXT:

NOTE: Some course material for SEC504 and MGT553 may overlap. SANS recommends SEC504 for those interested in a more technical course of study, and MGT553 for those primarily interested in a leadership-oriented but less technical learning experience.

Syllabus (12 CPEs)

Download PDF
  • Overview

    In Section 1 we will focus on understanding the incident, gathering information from different groups and standardizing the language. To assist in this, we will remind ourselves of some of the common terms to optimize communications. From there we will define what the Incident Management (IM) group will seek to achieve, so we can state and focus on our objectives. This is important as retaining focus can be hard when it gets super busy.

    With the objectives defined we then turn to initial tasks and delegating those to the team; this is to give us some breathing space to plan the next steps. Our initial tasking output will be based on one of the core tools in the Cyber Incident Response Tool Kit (CIMTK) the "IM Starting Grid". This detailed list of Yes/No questions outputs a list of core IM tasks that aide rapid response. By identifying these tasks early, concurrent activity can be initiated for both support teams (Incident Response (IR), Information Technology (IT), Human Resources (HR), Legal etc.) and the IM team. As IM is totally dependent upon a good team, we will assess team composition and what different groups need to contribute to the mission. Finally, we dig into communication and how to interact with different stakeholders. Tracking activity, tasks, and communications is a big theme throughout this course.

    Exercises
    • Reviewing the initial incident briefing
    • The incident management starting grid
    • Setting the objectives for the IM team
    • Crisis communications: briefing the executives

    Topics

    Initial Information Gathering

    • Using common language
    • Understanding the attack
    • IR Frameworks, OODA loops and non-Zero-sum games
    • Scoping your initial tasks

    Defining your Objectives

    • What are typical objectives in IR/IM?
    • Mapping attacks to business impacts

    Building and Managing our Team

    • Managing people to create productive teams
    • Recognizing Stress
    • Battle rhythm and burnout

    Building our Communications Plan

    • Communications planning
    • Communicating with Execs, teams, and 3rd parties
      • Communicating with Executives
      • Communicating with Law Enforcement
      • Communicating with Customers
      • Communicating with Journalists
    • Tracking the message
  • Overview

    After reviewing Section 1, we conclude the communications topic by looking at communications with the attackers. While you may have no plans to pay any ransom, by entering into dialogue with attackers, you can gain time to fix issues the attackers have uncovered, discovered, or could leak. While controversial and possibly contrary to your own beliefs, it is important to understand options are available to the organization. We will cover how attacker dialogue may occur and what factors will influence the response options and process.

    We will look at what incident information should be tracked and options or ways to achieve that. We review both commonly available products as well as bespoke options (including those for on prem and cloud hosted solutions).

    Getting into the remediation of the network and data damage, we have a large section on categorizing the damage the attackers have inflicted and then mapping to the necessitated remediation work that will need to be prioritized and tracked to ensure that all possible vulnerabilities have been removed. A much-overlooked aspect, we discuss secrets that are included in stolen data and systems and consider how this might affect our future operations.

    In the reporting and documenting of the case, we review some of the outputs from the IM process. While a solid IR report is always useful, we will cover what aspects could be added to expand it to cover IM. This is important as the direction of the Incident Response is often mandated by Incident Management, so linking the two into one report makes for a more structured reading while outsourcing some aspects to others.

    In planning the closure of the incident, we discover what remediation and vulnerability closure tasks should be moved to non-incident mainstream projects and what reflection meetings should be held to ensure root causes are captured and lessons are identified and tracked.

    In developing the wider team, we examine some of the training you can give those outside of the regular IR and IM staff to improve their awareness of issues and to help smooth future incidents. To assist this, we explore tabletop exercises and how you make them. We then both build one as a lab and close out the section by running one.

    Exercises
    • Dealing with the attackers
    • Drafting a public statement
    • Crisis communications: briefing the team
    • Prioritizing the data and system remediation planning
    • Running an example tabletop exercise
    Topics

    Talking to or working with, the attackers

    • Understanding what results the attackers are trying to achieve
    • Choosing a communications medium
    • Attacker media and comms methods
    • Proxies, trusted 3rd parties and attacker reputation
    • Trying to control the narrative
    • Understanding what the attackers have
    • Options and impacts
    • The cost of doing nothing
    • Is paying the attackers really an option?

    Tracking the Incident, tasks, people and progress

    • Review of the functions we might want to include in our IM solution
    • Incident Trackers and what they can look like
    • Evidence management
    • Task and work tracking
    • Building the right solution for the organisation
    • Using Google Docs as an emergency IM Platform

    Remediation of network and data damage

    • Types of Remediation system & data
    • Tracking the remediation
    • CIMTK: CC Systems and users impacted
    • Categorizing exposed assets
    • Identifying who owns the data
    • Documenting and notifying impacted parties - Counter Compromise Activities

    Reporting and documenting the case

    • When do you start the report?
    • Types of reports
    • What goes in the report?
    • Graphics are great!
    • Getting input, support and consensus
    • Control and access to the reports

    Planning the closure of the Incident

    • Reviewing the task and key objectives
    • What is BAU for the impacted teams?
    • What's the team up to?
    • Running a FRCA
    • Handing things over to others
    • Breaking up the team

    Developing the wider team

    • Why train others?
    • Training the wider organization
    • Planning enterprise-wide training
    • Developing and running Cyber Incident Exercises

    Summary and closure

Prerequisites

This course covers the core areas of cyber incident management and assumes a basic understanding of technology, networks, and security. For those who are new to the field and have no background knowledge, the recommended starting point is the SEC301: Introduction to Cyber Security course. While SEC301 is not a prerequisite, it will provide the introductory knowledge to maximize the experience with MGT553.

Laptop Requirements

Important! Bring your own system configured according to these instructions.

A properly configured system is required to fully participate in this course. If you do not carefully read and follow these instructions, you will not be able to fully participate in hands-on exercises in your course. Therefore, please arrive with a system meeting all of the specified requirements.

Back up your system before class. Better yet, use a system without any sensitive/critical data. SANS is not responsible for your system or data.

MANDATORY MGT553 SYSTEM HARDWARE REQUIREMENTS

  • Wireless networking (802.11 standard) is required. There is no wired Internet access in the classroom.

MANDATORY MGT553 HOST CONFIGURATION AND SOFTWARE REQUIREMENTS

  • Your host operating system must be the latest version of Windows 10, Windows 11, or macOS 10.15.x or newer.
  • Fully update your host operating system prior to the class to ensure you have the right drivers and patches installed.
  • Linux hosts are not supported in the classroom due to their numerous variations. If you choose to use Linux as your host, you are solely responsible for configuring it to work with the course materials and/or VMs.

Your course materials include a "Setup Instructions" document that details important steps you must take before you travel to a live class event or start an online class. It may take 30 minutes or more to complete these instructions.

Your class uses an electronic workbook for its lab instructions. In this new environment, a second monitor and/or a tablet device can be useful for keeping class materials visible while you are working on your course's labs.

If you have additional questions about the laptop specifications, please contact laptop_prep@sans.org

Author Statement

"Of my 28 years in cyber security, I've spent over 11 of them in incident response and later incident management. During that time, I've seen a wide range of approaches to handling cyber incidents, some good and others less so. One common issue was that most people on the Incident team had never been part of a major incident and thus they lacked confidence, forward planning, and were easily stunned when the incident took a turn they had not predicted.

This course is designed to demystify incident management, to provide attendees with a framework to not only deal with the matters at hand, but also to plan for the subsequent phases, so they are technically ready and mentally prepared. Cyber incidents, such as ransomware, can be devastating, not only to the networks, but also the team charged with investigating, mitigating, reporting and remediating the damage. In addition to the core incident management aspects, we cover the mental health of the team, the operational tempo and how to spot people suffering under pressure. I believe that this course, enriched with the anecdotes of the SANS incident response instructors' own toe-curling incidents will prepare your team for anything attackers and bots throw at them. When you are prepared and ready, you can respond better, faster and get control of the situation quicker facilitating a rapid return to business as usual."

- Steve Armstrong

"Excellent. Very skilled, and fun to listen to." - Jan Olav Walldal, TV 2 Norway

"Excellent content with relevant real world examples. A wealth of knowledge from the instructor who is clearly passionate about the subject. Covered areas that I had not even considered (but were very important)." - Gary Smith

Ways to Learn

  • OnDemand

Cybersecurity learning – at YOUR pace! OnDemand provides unlimited access to your training wherever, whenever. All labs, exercises, and live support from SANS subject matter experts included.

  • Live Online

The full SANS experience live at home! Get the ultimate in virtual, interactive SANS courses with leading SANS instructors via live stream. Following class, plan to kick back and enjoy a keynote from the couch.

  • In Person (2 days)

Did someone say ALL-ACCESS? On-site immersion via in-classroom course sessions led by world-class SANS instructors fill your day, while bonus receptions and workshops fill your evenings.

Who Should Attend MGT553?

Security Managers

  • Newly appointed information security officers who will be leading incidents
  • Recently promoted security leaders who want to understand incident management better

Security Professionals

  • Technically skilled security staff who have recently been given incident commander responsibilities
  • Team leads with responsibility to support cyber incidents and who may need to remediate systems

Managers

  • Managers who want to understand how to manage technical people during an incident
  • Leaders who need an understanding of cyber incidents from a management perspective

Legal/HR/PR staff

  • Staff who are new to cyber incident management but may be called upon to provide critical support in tense situations and who want to understand better what may be expected from them

NICE Framework Work Roles:

  • Knowledge Manager: OM-KMG-001
  • Cyber Legal Advisor: OV-LGA-001
  • Privacy Officer / Privacy Compliance Manager: OV-LGA-002
  • Information Systems Security Manager: OV-MGT-001
  • Communications Security (COMSEC) Manager: OV-MGT-002
  • Cyber Policy and Strategy Planner: OV-SPP-002
  • Executive Cyber Leadership: OV-EXL-001

"Brilliant insight. Excellent content. An absolute must course for anyone dealing with incident management." - Gary Smith

See prerequisites

Need to justify a training request to your manager?

Use this justification letter template to share the key details of this training and certification opportunity with your boss.

Download the Letter

Related Programs

DoDD 8140
DoDD 8140 (0)
See how this and other SANS Courses and GIAC Certifications align with the Department of Defense Directive 8140.

Reviews

All was very relevant and well delivered. All extremely useful information.
Peter Leonhardt
Labs are great, really useful thought experiments and training.
Luigi Ritacca
Brilliant insight. Excellent content. An absolute must course for anyone dealing with incident management.
Gary Smith
    Africa/Abidjan
    Africa/Accra
    Africa/Addis Ababa
    Africa/Algiers
    Africa/Asmara
    Africa/Asmera
    Africa/Bamako
    Africa/Bangui
    Africa/Banjul
    Africa/Bissau
    Africa/Blantyre
    Africa/Brazzaville
    Africa/Bujumbura
    Africa/Cairo
    Africa/Casablanca
    Africa/Ceuta
    Africa/Conakry
    Africa/Dakar
    Africa/Dar es Salaam
    Africa/Djibouti
    Africa/Douala
    Africa/El Aaiun
    Africa/Freetown
    Africa/Gaborone
    Africa/Harare
    Africa/Johannesburg
    Africa/Juba
    Africa/Kampala
    Africa/Khartoum
    Africa/Kigali
    Africa/Kinshasa
    Africa/Lagos
    Africa/Libreville
    Africa/Lome
    Africa/Luanda
    Africa/Lubumbashi
    Africa/Lusaka
    Africa/Malabo
    Africa/Maputo
    Africa/Maseru
    Africa/Mbabane
    Africa/Mogadishu
    Africa/Monrovia
    Africa/Nairobi
    Africa/Ndjamena
    Africa/Niamey
    Africa/Nouakchott
    Africa/Ouagadougou
    Africa/Porto-Novo
    Africa/Sao Tome
    Africa/Timbuktu
    Africa/Tripoli
    Africa/Tunis
    Africa/Windhoek
    America/Adak
    America/Anchorage
    America/Anguilla
    America/Antigua
    America/Araguaina
    America/Argentina/Buenos Aires
    America/Argentina/Catamarca
    America/Argentina/ComodRivadavia
    America/Argentina/Cordoba
    America/Argentina/Jujuy
    America/Argentina/La Rioja
    America/Argentina/Mendoza
    America/Argentina/Rio Gallegos
    America/Argentina/Salta
    America/Argentina/San Juan
    America/Argentina/San Luis
    America/Argentina/Tucuman
    America/Argentina/Ushuaia
    America/Aruba
    America/Asuncion
    America/Atikokan
    America/Atka
    America/Bahia
    America/Bahia Banderas
    America/Barbados
    America/Belem
    America/Belize
    America/Blanc-Sablon
    America/Boa Vista
    America/Bogota
    America/Boise
    America/Buenos Aires
    America/Cambridge Bay
    America/Campo Grande
    America/Cancun
    America/Caracas
    America/Catamarca
    America/Cayenne
    America/Cayman
    America/Chicago
    America/Chihuahua
    America/Coral Harbour
    America/Cordoba
    America/Costa Rica
    America/Creston
    America/Cuiaba
    America/Curacao
    America/Danmarkshavn
    America/Dawson
    America/Dawson Creek
    America/Denver
    America/Detroit
    America/Dominica
    America/Edmonton
    America/Eirunepe
    America/El Salvador
    America/Ensenada
    America/Fort Nelson
    America/Fort Wayne
    America/Fortaleza
    America/Glace Bay
    America/Godthab
    America/Goose Bay
    America/Grand Turk
    America/Grenada
    America/Guadeloupe
    America/Guatemala
    America/Guayaquil
    America/Guyana
    America/Halifax
    America/Havana
    America/Hermosillo
    America/Indiana/Indianapolis
    America/Indiana/Knox
    America/Indiana/Marengo
    America/Indiana/Petersburg
    America/Indiana/Tell City
    America/Indiana/Vevay
    America/Indiana/Vincennes
    America/Indiana/Winamac
    America/Indianapolis
    America/Inuvik
    America/Iqaluit
    America/Jamaica
    America/Jujuy
    America/Juneau
    America/Kentucky/Louisville
    America/Kentucky/Monticello
    America/Knox IN
    America/Kralendijk
    America/La Paz
    America/Lima
    America/Los Angeles
    America/Louisville
    America/Lower Princes
    America/Maceio
    America/Managua
    America/Manaus
    America/Marigot
    America/Martinique
    America/Matamoros
    America/Mazatlan
    America/Mendoza
    America/Menominee
    America/Merida
    America/Metlakatla
    America/Mexico City
    America/Miquelon
    America/Moncton
    America/Monterrey
    America/Montevideo
    America/Montreal
    America/Montserrat
    America/Nassau
    America/New York
    America/Nipigon
    America/Nome
    America/Noronha
    America/North Dakota/Beulah
    America/North Dakota/Center
    America/North Dakota/New Salem
    America/Nuuk
    America/Ojinaga
    America/Panama
    America/Pangnirtung
    America/Paramaribo
    America/Phoenix
    America/Port-au-Prince
    America/Port of Spain
    America/Porto Acre
    America/Porto Velho
    America/Puerto Rico
    America/Punta Arenas
    America/Rainy River
    America/Rankin Inlet
    America/Recife
    America/Regina
    America/Resolute
    America/Rio Branco
    America/Rosario
    America/Santa Isabel
    America/Santarem
    America/Santiago
    America/Santo Domingo
    America/Sao Paulo
    America/Scoresbysund
    America/Shiprock
    America/Sitka
    America/St Barthelemy
    America/St Johns
    America/St Kitts
    America/St Lucia
    America/St Thomas
    America/St Vincent
    America/Swift Current
    America/Tegucigalpa
    America/Thule
    America/Thunder Bay
    America/Tijuana
    America/Toronto
    America/Tortola
    America/Vancouver
    America/Virgin
    America/Whitehorse
    America/Winnipeg
    America/Yakutat
    America/Yellowknife
    Antarctica/Casey
    Antarctica/Davis
    Antarctica/DumontDUrville
    Antarctica/Macquarie
    Antarctica/Mawson
    Antarctica/McMurdo
    Antarctica/Palmer
    Antarctica/Rothera
    Antarctica/South Pole
    Antarctica/Syowa
    Antarctica/Troll
    Antarctica/Vostok
    Arctic/Longyearbyen
    Asia/Aden
    Asia/Almaty
    Asia/Amman
    Asia/Anadyr
    Asia/Aqtau
    Asia/Aqtobe
    Asia/Ashgabat
    Asia/Ashkhabad
    Asia/Atyrau
    Asia/Baghdad
    Asia/Bahrain
    Asia/Baku
    Asia/Bangkok
    Asia/Barnaul
    Asia/Beirut
    Asia/Bishkek
    Asia/Brunei
    Asia/Calcutta
    Asia/Chita
    Asia/Choibalsan
    Asia/Chongqing
    Asia/Chungking
    Asia/Colombo
    Asia/Dacca
    Asia/Damascus
    Asia/Dhaka
    Asia/Dili
    Asia/Dubai
    Asia/Dushanbe
    Asia/Famagusta
    Asia/Gaza
    Asia/Harbin
    Asia/Hebron
    Asia/Ho Chi Minh
    Asia/Hong Kong
    Asia/Hovd
    Asia/Irkutsk
    Asia/Istanbul
    Asia/Jakarta
    Asia/Jayapura
    Asia/Jerusalem
    Asia/Kabul
    Asia/Kamchatka
    Asia/Karachi
    Asia/Kashgar
    Asia/Kathmandu
    Asia/Katmandu
    Asia/Khandyga
    Asia/Kolkata
    Asia/Krasnoyarsk
    Asia/Kuala Lumpur
    Asia/Kuching
    Asia/Kuwait
    Asia/Macao
    Asia/Macau
    Asia/Magadan
    Asia/Makassar
    Asia/Manila
    Asia/Muscat
    Asia/Nicosia
    Asia/Novokuznetsk
    Asia/Novosibirsk
    Asia/Omsk
    Asia/Oral
    Asia/Phnom Penh
    Asia/Pontianak
    Asia/Pyongyang
    Asia/Qatar
    Asia/Qostanay
    Asia/Qyzylorda
    Asia/Rangoon
    Asia/Riyadh
    Asia/Saigon
    Asia/Sakhalin
    Asia/Samarkand
    Asia/Seoul
    Asia/Shanghai
    Asia/Singapore
    Asia/Srednekolymsk
    Asia/Taipei
    Asia/Tashkent
    Asia/Tbilisi
    Asia/Tehran
    Asia/Tel Aviv
    Asia/Thimbu
    Asia/Thimphu
    Asia/Tokyo
    Asia/Tomsk
    Asia/Ujung Pandang
    Asia/Ulaanbaatar
    Asia/Ulan Bator
    Asia/Urumqi
    Asia/Ust-Nera
    Asia/Vientiane
    Asia/Vladivostok
    Asia/Yakutsk
    Asia/Yangon
    Asia/Yekaterinburg
    Asia/Yerevan
    Atlantic/Azores
    Atlantic/Bermuda
    Atlantic/Canary
    Atlantic/Cape Verde
    Atlantic/Faeroe
    Atlantic/Faroe
    Atlantic/Jan Mayen
    Atlantic/Madeira
    Atlantic/Reykjavik
    Atlantic/South Georgia
    Atlantic/St Helena
    Atlantic/Stanley
    Australia/ACT
    Australia/Adelaide
    Australia/Brisbane
    Australia/Broken Hill
    Australia/Canberra
    Australia/Currie
    Australia/Darwin
    Australia/Eucla
    Australia/Hobart
    Australia/LHI
    Australia/Lindeman
    Australia/Lord Howe
    Australia/Melbourne
    Australia/NSW
    Australia/North
    Australia/Perth
    Australia/Queensland
    Australia/South
    Australia/Sydney
    Australia/Tasmania
    Australia/Victoria
    Australia/West
    Australia/Yancowinna
    Brazil/Acre
    Brazil/DeNoronha
    Brazil/East
    Brazil/West
    CET
    CST6CDT
    Canada/Atlantic
    Canada/Central
    Canada/Eastern
    Canada/Mountain
    Canada/Newfoundland
    Canada/Pacific
    Canada/Saskatchewan
    Canada/Yukon
    Chile/Continental
    Chile/EasterIsland
    Cuba
    EET
    EST
    EST5EDT
    Egypt
    Eire
    Etc/GMT
    Etc/GMT+0
    Etc/GMT+1
    Etc/GMT+10
    Etc/GMT+11
    Etc/GMT+12
    Etc/GMT+2
    Etc/GMT+3
    Etc/GMT+4
    Etc/GMT+5
    Etc/GMT+6
    Etc/GMT+7
    Etc/GMT+8
    Etc/GMT+9
    Etc/GMT-0
    Etc/GMT-1
    Etc/GMT-10
    Etc/GMT-11
    Etc/GMT-12
    Etc/GMT-13
    Etc/GMT-14
    Etc/GMT-2
    Etc/GMT-3
    Etc/GMT-4
    Etc/GMT-5
    Etc/GMT-6
    Etc/GMT-7
    Etc/GMT-8
    Etc/GMT-9
    Etc/GMT0
    Etc/Greenwich
    Etc/UCT
    Etc/UTC
    Etc/Universal
    Etc/Zulu
    Europe/Amsterdam
    Europe/Andorra
    Europe/Astrakhan
    Europe/Athens
    Europe/Belfast
    Europe/Belgrade
    Europe/Berlin
    Europe/Bratislava
    Europe/Brussels
    Europe/Bucharest
    Europe/Budapest
    Europe/Busingen
    Europe/Chisinau
    Europe/Copenhagen
    Europe/Dublin
    Europe/Gibraltar
    Europe/Guernsey
    Europe/Helsinki
    Europe/Isle of Man
    Europe/Istanbul
    Europe/Jersey
    Europe/Kaliningrad
    Europe/Kiev
    Europe/Kirov
    Europe/Lisbon
    Europe/Ljubljana
    Europe/London
    Europe/Luxembourg
    Europe/Madrid
    Europe/Malta
    Europe/Mariehamn
    Europe/Minsk
    Europe/Monaco
    Europe/Moscow
    Europe/Nicosia
    Europe/Oslo
    Europe/Paris
    Europe/Podgorica
    Europe/Prague
    Europe/Riga
    Europe/Rome
    Europe/Samara
    Europe/San Marino
    Europe/Sarajevo
    Europe/Saratov
    Europe/Simferopol
    Europe/Skopje
    Europe/Sofia
    Europe/Stockholm
    Europe/Tallinn
    Europe/Tirane
    Europe/Tiraspol
    Europe/Ulyanovsk
    Europe/Uzhgorod
    Europe/Vaduz
    Europe/Vatican
    Europe/Vienna
    Europe/Vilnius
    Europe/Volgograd
    Europe/Warsaw
    Europe/Zagreb
    Europe/Zaporozhye
    Europe/Zurich
    GB
    GB-Eire
    GMT
    GMT+0
    GMT-0
    GMT0
    Greenwich
    HST
    Hongkong
    Iceland
    Indian/Antananarivo
    Indian/Chagos
    Indian/Christmas
    Indian/Cocos
    Indian/Comoro
    Indian/Kerguelen
    Indian/Mahe
    Indian/Maldives
    Indian/Mauritius
    Indian/Mayotte
    Indian/Reunion
    Iran
    Israel
    Jamaica
    Japan
    Kwajalein
    Libya
    MET
    MST
    MST7MDT
    Mexico/BajaNorte
    Mexico/BajaSur
    Mexico/General
    NZ
    NZ-CHAT
    Navajo
    PRC
    PST8PDT
    Pacific/Apia
    Pacific/Auckland
    Pacific/Bougainville
    Pacific/Chatham
    Pacific/Chuuk
    Pacific/Easter
    Pacific/Efate
    Pacific/Enderbury
    Pacific/Fakaofo
    Pacific/Fiji
    Pacific/Funafuti
    Pacific/Galapagos
    Pacific/Gambier
    Pacific/Guadalcanal
    Pacific/Guam
    Pacific/Honolulu
    Pacific/Johnston
    Pacific/Kiritimati
    Pacific/Kosrae
    Pacific/Kwajalein
    Pacific/Majuro
    Pacific/Marquesas
    Pacific/Midway
    Pacific/Nauru
    Pacific/Niue
    Pacific/Norfolk
    Pacific/Noumea
    Pacific/Pago Pago
    Pacific/Palau
    Pacific/Pitcairn
    Pacific/Pohnpei
    Pacific/Ponape
    Pacific/Port Moresby
    Pacific/Rarotonga
    Pacific/Saipan
    Pacific/Samoa
    Pacific/Tahiti
    Pacific/Tarawa
    Pacific/Tongatapu
    Pacific/Truk
    Pacific/Wake
    Pacific/Wallis
    Pacific/Yap
    Poland
    Portugal
    ROC
    ROK
    Singapore
    Turkey
    UCT
    US/Alaska
    US/Aleutian
    US/Arizona
    US/Central
    US/East-Indiana
    US/Eastern
    US/Hawaii
    US/Indiana-Starke
    US/Michigan
    US/Mountain
    US/Pacific
    US/Samoa
    UTC
    Universal
    W-SU
    WET
    Zulu
    Filters:
    Training Formats
          Location
          Dates

          Register for MGT553

          Loading...