Next week I’ll be out of the office on one of my occasional stints as a federal emergency responder. I haven’t had the opportunity to do much since we responded to Katrina, and, to be honest, am surprised the team still lets me hang on (it’s in Colorado, I’m in Arizona, and I don’t get to train much anymore). Who knows how much longer I’ll get to put a uniform on- the politics of domestic response are a freaking mess these days, with all the cash funding the war, and I won’t be surprised if some of the more expensive (and thus capable) parts of the system are dismantled. Hopefully we can hang on through the next election.
Anyway, enough of my left wing liberal complaints about domestic security and on to incident management.
Although I haven’t written much about it on the blog (just the occasional post), one area I talk a lot about is incident response and disaster management. Translating my experiences as a 9-1-1 and disaster responder into useful business principles. I’m frequently asked where people can get management level training on incident management. While SANS and others have some technology-oriented incident response courses, the best management level training out there is from FEMA.
Yes, that FEMA.
For no cost you can take some of their Incident Command Systems (ICS) courses online. I highly recommend ICS 100 and ICS 200 for anyone interested in the topic. No, not all of it will apply, but the fundamental principles are designed for ANY kind of incident of ANY scale. If nothing else, it will get you thinking.
And while I’m at it, here’s a definition of “Incident” that I like to use:
An incident is any situation that exceeds normal risk management processes.
Although I’ve sat through a lot of the training before, I never actually went through the program and test. I’m fairly impressed- these are some of the better online courses I’ve seen.
Reader interactions
5 Replies to “The Best Incident Response Training You Can Buy. For Free.”
The facilities group at our company brought this training in-house for ICS 100-300. I was the sole IT person in a room full of people responsible for responding to things like chemical spills, fires, explosions, natural disasters and such.
Being around people like that really puts our type of incident management in perspsective. (The looks I got when I said that an incident occurs when a person steals critical company data priceless.) In the end, I learned a lot about managing meatspace disasters, and they learned that there are real threats with just bits and bytes.
Also – anyone who is responsible for data center, BCP or DR planning should take the class.
In addition, FEMA offers the classes online at http://training.fema.gov/IS/
[…] goods can be found on FEMA’s website (Yes, that FEMA). Over on Securosis.com, Rich thinks it’s pretty good: Although I haven’t written much about it on the blog (just […]
I guess FEMA will need it:
“Hacker Breaks Into FEMA Phone System”
http://www.msnbc.msn.com/id/26319201/
– ferg
While FEMA now has the NIMS (National Incident Management System) program, I believe the practices originated in the wildfire-fighting orgs, and came to FEMA via USDA, I gather. My course notes show credits to the National Wildfire Coordinating Group, US Dept. of Agriculture, and USFA’s (US Fire Administration?) National Fire Programs Branch, collaboratively with the Emergency Management Institute.
I’‘ve been through the ICS 100 and 200 courses, delivered by folks from our Emergency Management/Fire Center staff. Gotta say, I’‘m pretty impressed with the concepts and practices. *Very* practical approach, and from what I’‘ve seen, any operational practices like Unified Command (One boss at any one time. Only.) and Span of Control (Only have 3-7 people reporting to you at a time, 5 optimally) that can withstand days of wildfire fighting will probably support most IT incidents quite handily. Heck, I can’‘t remember a time when I’‘ve had either a coworker or a customer in a life-threatening IT incident.
There’s good fodder there, and we’‘re looking to align our Security Incident Management processes into the organization’s larger NIMS-based continuity framework and terminology. It’‘ll be interesting.
Don’‘t forget the “free for SANS attendees” event this year in SANS Las Vegas called the “ICE Games II” (http://www.whitewolfsecurity.com/ice2.php). Real attackers, real defenders, doesn’‘t get any better than a real-world exercise… In fact last year I was impressed how much the defensive team learned about incident response.
PaulDotCom