This course is designed to address specific technical and professional skills needed to assess, document, remediate and report on cybersecurity vulnerability assessments within organizations through a series of lectures and hands-on activities. Activities include examining, analyzing, and prioritizing assets, risks and vulnerabilities to develop a vulnerability assessment report that could be delivered to organizational leadership. This course utilizes active discussions and activities to extend the participant’s understanding of vulnerability assessments.
Upon successful completion of this course, participants will be able to:
- discern the importance of vulnerability management
- define vulnerabilities, risk, threats, hazards and assets
- identify the organization’s attack surface
- explain a vulnerability management program
- identify the components of the vulnerability management process
- identify information that should be collected during an IT asset inventory
- list methods of conducting an IT asset inventory
- explain how to analyze a vulnerability scan
- define severity score
- define the Common Vulnerability Scoring System (CVSS)
- define the Common Vulnerability and Exposures (CVE) Reference
- create a vulnerability assessment report
Target Audience
State, local, tribal and territorial, public and private sectors, including IT and cybersecurity practitioners (e.g., analysts, technicians, engineers, managers) and computer-savvy risk managers and emergency managers who interact with IT/cybersecurity staff.
