Course Catalog


DHS FEMA Courses

These courses are provided by the Department of Homeland Security and free to individuals and jurisdictions


Industry Courses

These courses are designed to assist industry with various aspects of their cybersecurity program


Classroom Courses

Essentials of Community Cybersecurity AWR136 – 4 hrs

The Essentials of Community Cybersecurity (ECCS) course provides individuals, community leaders, and first responders with information on how cyber attacks can impact, prevent, and/or stop operations and emergency responses in a community. The course also provides a cursory introduction to cybersecurity vulnerabilities, risks, threats, and countermeasures. It explains vulnerabilities of computer systems and networks and how these vulnerabilities can affect communities, organizations, and daily workplace operations. The course introduces actions communities can take in establishing a cybersecurity program. The course provides participants with an awareness of issues. It gives an overview of threats and vulnerabilities, without going into too many details, to highlight the potential impact a cyber attack could have. Participants discuss some of the fundamental activities needed to develop a cybersecurity program, without addressing the technical details of how to secure critical infrastructures. The course introduces the Community Cybersecurity Maturity Model (CCSMM) as a framework for understanding community cybersecurity and offers a brief introduction to low-cost or no-cost approaches to securing a community against cybersecurity threats and attacks. The course sets the stage for further efforts in which a community can build a cybersecurity program.


There are no prerequisites for the course. No prior background in cybersecurity or information technology is required.


The target audience is personnel involved with critical infrastructure, emergency operations, and incident response in public or private organizations, including state, county, and municipal officials; members of industry affiliations and chambers of commerce.

  • Why cybersecurity is important
  • Unstructured threats
  • Structured threats
  • Highly structured threats
  • The Community Cybersecurity Maturity Model (CCSMM)
  • Things a community can do to initiate a cybersecurity program
  • Where to go for help

Community Preparedness for Cyber Incidents AWR384 – 12 hrs

MGT 384, Community Preparedness for Cyber Incidents, is designed to provide organizations and communities with strategies and processes to increase cyber resilience. During this 12-hour course, participants will analyze cyber threats and initial and cascading impacts of cyber incidents, evaluate the process for developing a cyber preparedness program, examine the importance and challenges of cyber related information sharing and discover low to no-cost resources to help build cyber resilience.


  • AWR-136 Essentials of Community Cybersecurity


Community representatives interested in increasing cyber resilience including personnel from:

  • Emergency Management
  • Information Technology
  • Risk Management/Emergency Planning/Continuity Planning/Disaster Recovery
  • Public Works/Wastewater and Water
  • Schools/Universities
  • Communication Sector
  • Transportation
  • Energy
  • Defense/Industrial Base Sector
  • Elected and Appointed Officials
  • Financial Sector
  • Health Care
  • Emergency Services
  • Impacts and cascading effects of cyber incidents
  • Potential gaps in current cybersecurity posture
  • Developing a cyber preparedness program
  • Information sharing related to cyber incidents
  • Resource coordination for cyber incidents
  • Resources for increasing cyber resilience

Community Cybersecurity Exercise Planning MGT385 – 12 hrs

This course is designed to introduce cyber to exercise planners to help them recognize the nature and reach of cyber, so they can better help their communities prevent, detect, respond to, and recover from cyber incidents. Participants will recognize how cyber can be incorporated into exercises in a meaningful way. Participants will be introduced to cyber topics and how cyber can impact the business operations of an organization and community. Lecture and activities will explore objectives, players, cyber injects and challenges to incorporating cyber into exercises. Participants will be exposed to many possible injects and scenarios that can be used in an exercise. Participants will begin development of a community cybersecurity tabletop exercise. The Community Cybersecurity Maturity Model will be used to examine the contribution of exercises to a community’s overall cybersecurity posture. This course teaches planning personnel how to include cyber components in their regular planning process. Participants will be given the opportunity to plan cyber components for future community cybersecurity exercises.


AWR-136 Essentials of Community Cybersecurity should be completed before attending this course.

Participants should have an understanding of the Homeland Security Exercise and Evaluation Program (HSEEP) and have familiarity with community and organizational exercises. The concepts and ideas delivered in IS-120.a “An Introduction to Exercises” from the Federal Emergency Management Agency may prove to be beneficial in preparation for this course.


This course is designed for personnel with responsibility for planning and conducting exercises in their organization or the community, who need help, assistance, or training on how to address cyber issues in their exercises.

  • An Introduction to Cyber
  • Examining Characteristics of Cyber
  • Using the Community Cybersecurity Maturity Model (CCSMM) to Develop Exercise Objectives
  • Exercise Categories
  • Incorporating Cyber Into Exercises
  • Cyber Storylines and Scenarios
  • Planning Community Cybersecurity Exercises

Physical and Cybersecurity for Critical Infrastructure MGT452 – 8 hrs

The national and economic security of the United States depends on the reliable functioning of critical infrastructure. This course encourages collaboration efforts among individuals and organizations responsible for both physical and cybersecurity toward development of integrated risk management strategies that lead to enhanced capabilities necessary for the protection of our Nation’s critical infrastructure.

Participants will identify physical and cybersecurity concerns impacting overall infrastructure security posture, examine integrated physical and cybersecurity incidents and the evolving risks and impacts they pose to critical infrastructure, and explore resources that can be applied to improve security within an organization, business, or government entity.

This course meets Texas Commission on Law Enforcement (TCOLE) requirements for MGT452 Physical and Cyber Security for Critical Infrastructure course #78401.


There are no prerequisites for this course.


  • Agricultural Safety
  • Citizen/Community Volunteer
  • Emergency Management
  • Emergency Medical Services
  • Fire Service
  • Governmental Administrative
  • Healthcare
  • Hazardous Materials
  • Information Technology
  • Law Enforcement
  • Public Health
  • Public Safety Communications
  • Private Sector/Corporate Security and Safety Professionals
  • Public Works
  • Search and Rescue
  • Transporation Security
  • Physical and Cybersecurity Overview
  • Evolving Physical and Cybersecurity Risks to Critical Infrastructure
  • Key Concepts and Resources to Improve Security

Online Courses

Cybersecurity for Everyone (CYBER 101)

Information Security for Everyone AWR175 – 10.5 hrs

Information Security for Everyone is designed to teach the principles and practices that all computer users need to keep themselves safe, both at work and at home. By presenting best practices along with a small amount of theory, trainees are taught both what to do and why to do it. Topics covered include how to secure both clean and corrupted systems, protecting your personal data, securing simple computer networks, and safe Internet usage.

Two credit hours through ACE are provided only if all three courses within the Online for Everyone – Non-Technical (Cyber 101) track are completed.

There are no prerequisites for this course.

  • Safe internet usage
  • Securing a clean computer
  • Securing a corrupted computer
  • Protecting your computer and its contents
  • Securing computer networks
  • Secure communications and information security best practices
  • Maintaining Privacy Guidelines for maintaining privacy while surfing the internet

Cyber Ethics AWR174 – 13 hrs

Cyber Ethics is designed to teach students the proper techniques with which to approach the difficult ethical dilemmas that arise from using the modern Internet. In addition to providing students with the skills to assess future ethical dilemmas for themselves, Cyber Ethics also looks at some of the more pressing concerns related to Internet usage today.

Two credit hours through ACE are provided only if all three courses within the Online for Everyone – Non-Technical (Cyber 101) track are completed.

There are no prerequisites for this course.

  • Overview and terminology
  • Privacy
  • Intellectual property
  • Professional codes of ethics
  • Freedom of Speech on the internet
  • Issues related to ethical hacking

Cyber Law and White Collar Crime AWR168 – 10 hrs

This intermediate course is designed to teach students the fundamentals of computer crime issues from a legal perspective. The training will highlight the various computer crimes and appropriate response by first defenders and others that may encounter these types of issues. Participants learn legislations and organizational efforts to control or prevent such crimes. This course covers intellectual property law (copyright, trade secrets, unfair competition, and unfair business practices), personal jurisdiction, electronic commerce and software contracts, telecommunications, antitrust, privacy, the right to accuracy of information, the right to access information, and the First Amendment.

Two credit hours through ACE are provided only if all three courses within the Online for Everyone – Non-Technical (Cyber 101) track are completed.

Prerequisites: Completion of Information Security Basics (AWR173), Cyber Ethics (AWR174), and Information Security for Everyone <em>or knowledge and understanding of topics</em>

  • Miscellaneous Cybercrimes
  • Key terms and concepts in cyber law
  • Intellectual property cybercrimes
  • Trademarks and domain name theft
  • Internet fraud
  • Electronic evidence and E-discovery

Cybersecurity for IT Professionals (CYBER 201)

Information Security Basics AWR173 – 13 hrs

Information Security Basics is designed to teach entry and mid-level IT staff the technological fundamentals of information security. The goal of this course is to provide trainees some preliminary knowledge of computer security to help in identifying and stopping various cyber threats. In addition to providing an introduction to information assurance, trainees will also learn general concepts (terminologies), an overview of TCP/IP, introductory network security, introductory operating system security, and basic cryptography.

Two credit hours through ACE are provided only if all four courses within the Online for IT Professionals (Cyber 201) track are completed.

  • Overview and terminology
  • General concepts
  • TCP/IP networking
  • Network security
  • Operating systems and security
  • Cryptography

Network Assurance AWR138 – 10.5 hrs

Network Assurance covers secure network practices necessary to protect networked systems against attacks and exploits. Network security administration topics include firewalls, intrusion detection/prevention, common cryptographic ciphers, AAA (authentication, authorization, and accounting), server and client security, and secure policy generation.

Two credit hours through ACE are provided only if all four courses within the Online for IT Professionals (Cyber 201) track are completed.

It is recommended that you have completed Information Security Basics and Information Security for Everyone or have good working knowledge of topics… read more.

  • Layered defense
  • Surveillance and reconnaissance
  • Outsider threat protection

Secure Software AWR178 – 9 hrs

This course covers secure programming practices necessary to secure applications against attacks and exploits. Topics covered include fundamental concepts of secure software development, defensive programming techniques, secure design and testing, and secure development methodologies.

Two credit hours through ACE are provided only if all four courses within the Online for IT Professionals (Cyber 201) track are completed.

  • Secure software programming
  • Secure software design and testing
  • Secure software methodologies

Digital Forensics Basics AWR139 – 7 hrs

This course covers investigative methods and standards for the acquisition, extraction, preservation, analysis, and deposition of digital evidence from storage devices. This course offers a wide array of forensics situations that are applicable to the real world. Students will learn how to find traces of illegal or illicit activities left on disk with computer forensics tools and manual techniques, and how to recover data intentionally hidden or encrypted by perpetrators.

Two credit hours through ACE are provided only if all four courses within the Online for IT Professionals (Cyber 201) track are completed.

  • Evidentiary reporting
  • Computer technologies
  • Digital evidence collection

Cybersecurity for Business Professionals (CYBER 301)

Information Risk Management AWR177 – 13 hrs

This is an intermediate level course covering topics on information assets, identifying risks, and management processes highlighting best principles and practices. It will provide training on information risk-related tools and technologies (such as asset evaluation, business impact analysis, risk identification, risk quantification, risk response, security policies, and compliance) for better understanding of potential threats and vulnerabilities in business online, and learning to adopt levels of security measures and best practices.

Two credit hours through ACE are provided only if all three courses within the Online for Business Professionals (Cyber 301) track are completed.

There are no prerequisites for this course.

  • Introduction to Information Security Risk Management
  • Asset evaluation and Business Impact Analysis
  • Risk identification
  • Risk quantification
  • Risk response development and control
  • Security policy, compliance, and business continuity

Cyber Incident Analysis and Response AWR169 – 10 hrs

This course covers various incident analysis tools and techniques that support dynamic vulnerability analysis and elimination, intrusion detection, attack protection, and network/resources repair. The trainee will be presented with real-world examples and scenarios to help provide knowledge, understanding, and capacity for effective cyber incident analysis and response.

Two credit hours through ACE are provided only if all three courses within the Online for Business Professionals (Cyber 301) track are completed.

There are no prerequisites for this course.

  • Introduction to incident management
  • Incident preparation
  • Incident detection and analysis
  • Containment, eradication, and recovery
  • Proactive and post incident cyber services

Disaster Recovery for Information Systems AWR176 – 10 hrs

Disaster Recovery for Information Systems will train business managers to respond to varying threats that might impact their organization’s access to information. This course provides requisite background theory and recommended best practices needed by managers to keep their offices running during incidents of different types. Topics include an overview of business continuity planning; disaster recovery planning; guides for implementing and managing disaster recovery plans, a discussion of technical vulnerabilities faced by organizations, and an examination of legal issues that may confront an organization.

Two credit hours through ACE are provided only if all three courses within the Online for Business Professionals (Cyber 301) track are completed.

There are no prerequisites for this course.

  • Overview of business information continuity
  • Guides for implementing and managing business information continuity plan
  • Discussion of technical vulnerabilities faced by organizations
  • Examination of legal issues that may confront an organization

Industry Courses

Cybersecurity for Business Executives CYB201 – 4 hrs

The Cybersecurity for Business Executives classroom-based course provides awareness level training specifically to the owners, C-suite executives, and upper management of private sector businesses. The course will provide information on the cybersecurity threats, regulations, and impacts a business is exposed to in today’s interconnected operations. Discussions are focused on providing a better understanding of the risks involved and actions to help manage and mitigate those risks. The course will provide guidance outlining the protective measures needed to reduce the vulnerability to malicious attacks and threats.


The goal of the course is to better protect small and medium-sized enterprises, no matter the industry or type of business, against cyber attacks. The scope is to help executives understand the seriousness of cybersecurity, how easily they can be victimized, and how damaging the ramifications can be. The intent is to provide them with enough information so they can return asking the right questions and begin implementing a cybersecurity program.


There are no required prerequisites to attend this course; however, the no cost, DHS sponsored online courses AWR-169 Cyber Incident Analysis and Response, AWR-176 Business Information Continuity, and AWR-177 Information Risk Management are recommended.


The target audience for this course are the decision makers within a business, typically the owners, C-suite executives, and upper management to include those responsible for risk management. While the course will not be technical in nature, a business’s Director of Information Technology (IT) is encouraged to attend along with the other executives as a way to provide additional information and strategize actions to implement in their own systems.

  • Business implications of a cyber incident
  • Cyber threats
  • Data protection
  • Industrial control systems
  • Internet of Things
  • Cyber attack response and recovery
  • Legal regulations and implications
  • Supply chain considerations
  • Developing a cybersecurity program
  • Available resources