Price: $1,699.00

Length: 2 Days
Print Friendly, PDF & Email

Cybersecurity Test and Evaluation (T&E) Training

Cybersecurity testing and evaluation measures how effective a cybersecurity strategy is against a potential attack, followed by an analysis.

The cybersecurity threat against business continues to grow, yet many organizations are still failing to take the necessary security action including cybersecurity testing and evaluation.

Cybersecurity professionals now believe that regular testing and evaluation is key to an organization’s overall security posture, and that it’s an important practice that gives organizations visibility into real-world threats to their security.

The general consensus is that routine cybersecurity tests should be part of a routine security check, permitting organizations to discover security gaps before a hacker does by exploiting vulnerabilities and providing steps for remediation.

One of the biggest benefits of cybersecurity testing is laying the ground work for identifying and prioritizing risks. Performing regular penetration tests allows your organization to evaluate web application, internal, and external network security. It also helps you to understand what security controls are necessary to have the level of security your organization needs to protect its people and assets.

Prioritizing these risks gives organizations an advantage to anticipate risks and prevent potential malicious attacks from happening.

Testing can also go a long way in shielding hackers from infiltrating data systems. Many tests  are much like practicing for a real-life hack by a real-life hacker. Performing regular penetration tests allows you to be proactive in your real-world approach of evaluating your IT infrastructure security. The process uncovers holes in your security, giving you a chance to properly remediate any shortcomings before an actual attack occurs.

Testing and evaluation can also prevent expensive data breaches and even the loss of business operability.

Many different types of cybersecurity testing have appeared over the past few years as cybercrime continues to flourish in the digital era. One popular test is the red team assessment, a goal-oriented test of an organization’s defenses performed in real time.

Another test that is commonly deployed is the penetration test (or pen test) that is done to find out if there are issues with an organizations’ network or cybersecurity system.

The test is performed to identify both weaknesses or vulnerabilities, including the potential for unauthorized parties to gain access to the system’s features and data, as well as strengths, enabling a full risk assessment to be completed.

Cybersecurity testing and evaluation has also become a matter of due diligence. Mandated industry standards and regulations such as PCI, HIPAA, FISMA, and ISO 27001 require organizations to address compliance and security obligations. Conducting cybersecurity testing helps establish due diligence in the area of information security.

Failure to address security obligations can result in heavy fines.

Cybersecurity Test and Evaluation (T&E) Training Course by Tonex

Tonex as a leader in industry and academia with high quality conferences, seminars, workshops, and exclusively designed courses in cybersecurity area, is pleased to announce a complete training course on Cybersecurity Test and Evaluation (T&E) which helps you identify the cybersecurity requirements and ensures testability of cybersecurity requirements.

Cybersecurity Test and Evaluation (T&E) training teaches you to implement iterative testing and evaluating processes in order to guarantee the ability of an information system in an operational environment full of vulnerabilities.

Cybersecurity Test and Evaluation (T&E) Training

An information system is composed of hardware, software, user operators, maintainers and procedures that may exchange information in a network environment, or users. The main goal of testing and evaluation is to provide effective cybersecurity and cyber operations in order to defend networks, systems and information against cyber-attacks.

Cybersecurity Test and Evaluation (T&E) training by Tonex provides you a systematic approach in order to test the security of your organization network, system and information.

Learn about different phases of risk management framework which are a vital part of T&E, different phases of T&E by starting characterizing the cyber-attack surface, to vulnerability detection, and adversarial assessment.

Learn about different roles and responsibilities of Department of Defense (DoD) for cybersecurity applications, different methods of information security testing such as vulnerability scanning, password cracking, penetration testing or social engineering.

Our instructors at Tonex will help you to understand the NIST special publications for wireless and server security and how to implement these instructions in your DoD IT.

This course covers a variety of topics in cybersecurity test and evaluation such as: Introduction to cybersecurity, cybercrime, information security, concept of test and evaluation, developmental, operational and interoperability cyber testing, software testing considerations, computer security and incident handling, wireless and server testing, information security testing and assessment, risk management framework (RMF), test and evaluation, and DoD 5000-02 standard for cybersecurity testing.

The Cybersecurity Test and Evaluation (T&E) course by Tonex is an interactive course with a lot of class discussions and exercises aiming to provide you a useful resource for RMF implementation to your information technology system.

If you are an IT professional or federal agency personnel and need to risk management framework for your IT system or validate your RMF skills, you will benefit from the presentations, examples, case studies, discussions, and individual activities upon the completion of the Cybersecurity Test and Evaluation (T&E) training and will prepare yourself for your career.

Cybersecurity Test and Evaluation (T&E) training will introduce a set of labs, workshops and group activities of real world case studies in order to prepare you to tackle the entire related RMF challenges.


Cybersecurity Test and Evaluation (T&E) training is a 2-day course designed for:

  • Program and product managers
  • Requirements and DoD personnel
  • System Engineers
  • DoD IT personnel
  • IT professionals in the DoD organizations
  • Airforce and Military Personnel in charge of cybersecurity
  • DoD employees and contractors or service providers
  • All DoD personnel in charge of information assurance
  • Authorizing official representatives, chief information officers, senior information assurance officers, information system owners or certifying authorities
  • Employees of federal agencies and the intelligence community
  • Assessors, assessment team members, auditors, inspectors or program managers of information technology area
  • Any individual looking for information assurance implementation for a company based on recent DoD and NIST policies
  • Information system owners, information owners, business owners, and information system security managers

Learning Objectives

Upon completion of the Cybersecurity Test and Evaluation (T&E) training course, the attendees are able to:

  • Learn the cybersecurity issues related to vulnerabilities, importance of data protection and approaches for cyber management
  • Learn about the concept of Test and Evaluation (T&E) for cybersecurity systems
  • Explain T&E processes and be able to implement T&E for information systems
  • Differentiate the developmental, operational, and interoperability cyber testing approaches
  • Describe roles and responsibilities of T&E for cybersecurity
  • Explain testing considerations and challenges for DoD software or DoD IT
  • Learn about computer security, computer incidents and approaches to manage incidents
  • Describe standards for wireless security and approaches to secure DoD servers from cybercrimes based on NIST standard
  • Apply different information security testing and assessment approach for DoD IT and resolve the related issues
  • Apply Risk Management Framework (RMF) to DoD information system based on NIST and DoDI publications
  • Remove the challenges of T&E for DoD IT
  • Classify and relate the DoDI 5000.2 instructions to DoD IT

Course Outline

Cybersecurity Test and Evaluation (T&E) training course consists of the following lessons, which can be revised and tailored to the client’s need:

Introduction to Cybersecurity

  • Information
  • ICT and Cybersecurity
  • Cyber Crime
  • Cyber Espionage
  • Cyber Warfare
  • National and Cybersecurity
  • Cyber Power and National Security
  • Governmental, National and International Cybersecurity
  • Mandates of National Cybersecurity
  • Data Protection
  • Military Cyber Operation
  • Counter Cyber Crime
  • Intelligence/Counter Intelligence
  • Cybersecurity Crisis Management and CIP
  • Internet Governance and Cyber Diplomacy
  • Cyber-Enabled Terrorism
  • Information Security

Test and Evaluation

  • Introduction to Test and Evaluation (T&E)
  • Defense Systems Acquisition Process
  • T&E and SE Processes
  • Scientific Test and Analysis Techniques (STAT)
  • Evaluation Process
  • Distinction between Issues and Criteria
  • MOEs
  • Evaluation Planning
  • Evaluating Developmental and Operational Tests

Overview of Developmental, Operational and Interoperability Cyber Testing

  • Introduction to Developmental Test and Evaluation (DT&E)
  • DT&E and the System Acquisition Cycle
  • DT&E Responsibilities
  • Test Program Integration
  • DT&E Focus
  • System Design for Testing
  • DT&E of Limited Procurement Quantity Program
  • Introduction to Operation Test and Evaluation (OT&E)
  • Purpose and Scope of OT&E
  • Test Participants
  • OT&E and DT&E
  • Types of OT&E
  • Test Planning
  • Test Execution
  • Test Reporting
  • Interoperability Testing
  • Agile Development and T&E

Software and IT Testing Consideration

  • Role of Software Specification Overview
  • Software Development Process
  • Potential Power of Human-Based Testing
  • Black Box versus White Box Testing
  • Exhaustive Software Testing
  • Software Error Categorization
  • Software Measurement with T&E Application
  • Independent Verification and Validation (IV&V)
  • T&E Issues Associated with Spiral and Agile Development Approaches

Computer Security and Incident Handling

  • Events and Incidents
  • Incident Response Policy, Plans and Procedures
  • Incident Response Team Structure
  • Incident Handling
  • Detection and Analysis
  • Incident Analysis
  • Incident Prioritization
  • Incident Notification
  • Containment, Eradication and Recovery
  • Post Incident Activities
  • Coordination and Information Sharing
  • Information Sharing Techniques
  • Incident Response Life Cycle

Wireless and Server security

  • NIST SP 800-153
  • WLAN Security Configuration
  • WLAN Architecture
  • WLAN Security Monitoring
  • Attack Monitoring
  • Vulnerability Monitoring
  • Monitoring Tools
  • Continuous monitoring Recommendations
  • Periodic Assessment Recommendations
  • NIST SP 800-53 Security Controls and Publications
  • Server Vulnerabilities, Threats and Environments
  • Security Categorization of Information Systems
  • Server Security Planning
  • Security of Server Operating Systems
  • Securing the Server Software
  • Maintaining the Security of the Server

Information Security Testing and Assessment

  • Security Testing and Examination
  • Information Security Assessment Methodology
  • Technical Assessment Techniques
  • Document Review/ Log Review
  • System Configuration Review
  • Network Sniffing
  • File Integrity Checking
  • Target Identification and Analysis Techniques
  • Network Port and Service Identification
  • Vulnerability Scanning
  • Wireless Scanning
  • Active/Passive Wireless Scanning
  • Bluetooth Scanning
  • Password Cracking
  • Penetration Testing Phase and Logistics
  • Social Engineering
  • Security Assessment Policy Development
  • Assessment Logistics
  • Assessment Plan Development
  • Security Assessment Execution
  • Data Handling
  • Post Testing Activities

Cybersecurity Risk Management Framework

  • Cybersecurity Procedures Overview
  • DoDI 8500.01
  • RMF procedures Overview, DoDI 8510.01
  • RMF Phases
  • RMF Artifacts
  • RMF Phase 1: Categorizing the Information and Information Systems
  • RMF Phase 2: Selecting Security Control
  • RMF Phase 3: Implementing Security Control
  • RMF Phase 4: Assessing Security Control
  • RMF Phase 5: Authorizing the Information System
  • RMF Phase 6: Monitoring Security Controls

Cybersecurity Test and Evaluation

  • DoDI 5000.02
  • Cybersecurity T&E Phases
  • Understanding Cybersecurity Requirements
  • Characterizing the Cyber-Attack Surface
  • Cooperative Vulnerability Identification
  • Adversarial Cybersecurity DT&E
  • Cooperative Vulnerability and Penetration Assessment
  • Adversarial Assessment
  • Developmental Evaluation Framework
  • OT&E Cybersecurity Measures
  • PPP Analysis for T&E
  • Cyber Ranges

DoDI 5000.02

  • Defense Acquisition Executive (DAE)
  • MDA
  • Heads of DoD Components
  • Defense Acquisition Program Model and Phases
  • Phase1: Hardware Intensive Program
  • Defense Unique Software Intensive Program
  • Incrementally
  • Accelerated Acquisition Program
  • Process Decision Points and Phase Contents
  • Material Development Decision and Solution Analysis Phase
  • Production and Deployment (P&D) Phase
  • Operation and Support (O&S) Phase
  • Acquisition Program Categories and Compliance Requirements
  • Program Management
  • Program Management Responsibilities
  • International Acquisition and Exportability
  • Industrial Base Analysis and Considerations
  • Systems Engineering Plan
  • Development Planning
  • System Engineering Trade-off Analysis
  • Configuration Management
  • Modeling and Simulations
  • Manufacturing and Production
  • Software
  • Reliability and Maintainability (R&M)
  • Developmental Test and Evaluation (DT&E)
  • Operational and Live Fire Test and Evaluation (OT&E and LFT&E)
  • Life Cycle Sustainment
  • Human System Integration (HIS)
  • Affordability Analysis and Investment Considerations
  • Analysis of Alternatives (AOA)
  • Cost Estimation and Reports

Hands On, Workshops, and Group Activities

  • Labs
  • Workshops
  • Group Activities

Sample Workshops and Labs for Cybersecurity Test and Evaluation Training

  • Cooperative Vulnerability Identification Case Study
  • Developmental Test and Evaluation (DT&E) Case Study
  • Hands on Training for PPP Analysis of T&E
  • RMF Procedures Hands On based on NIST SP
  • Vulnerability Scanning for Wireless Systems
  • OT&E Case Study
  • Incident Response Experiment

Cybersecurity Test and Evaluation (T&E) Training

Request More Information

Please enter contact information followed by your questions, comments and/or request(s):
  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.

Request More Information

  • Please complete the following form and a Tonex Training Specialist will contact you as soon as is possible.

    * Indicates required fields

  • This field is for validation purposes and should be left unchanged.