The two-day NIST Cybersecurity Practitioner course is designed for individuals within an organization who are directly involved in the planning, design, creation, implementation, and or improvement of a cybersecurity program that will follow the principles of the NIST Cybersecurity Framework. Although some aspects of the course are technical this course also includes risk management, business controls, and guidance for a continuous cybersecurity improvement plan.
The two-day NIST Cybersecurity Practitioner course is designed for individuals within an organization who are directly involved in the planning, design, creation, implementation, and or improvement of a cybersecurity program that will follow the principles of the NIST Cybersecurity Framework. Although some aspects of the course are technical this course also includes risk management, business controls, and guidance for a continuous cybersecurity improvement plan.
Prerequisite(s):
Individuals should have already taken the NIST Cybersecurity Framework (NCSF) Foundation Training course or have significant experience with the NIST Cybersecurity Framework.
Audience:
Outline:
Chapter 1: Course Introduction
Chapter 2: The Components of the NIST Cybersecurity Framework
Review of the NIST CSF Major Components
Tiers and Tier selection
Current and Target Profiles and the Framework Core
Informative References
i. Center for Internet Security Controls v8
ii. ISO/IEC 27001:2013
iii. ISO/IEC 27002:2013
iv. NIST SP 800-53 Rev. 5
Supply Chain Risk Management in the Enterprise
Chapter 3: Risk Management in the NIST CSF and NIST RMF
Risk Management in the NIST Cybersecurity Framework
Analyzing the NIST Risk Management Framework
i. Introduction and History
ii. Purpose and Use Cases
iii. Six Steps
1. Categorize System
2. Select Controls
3. Implement Controls
4. Assess Controls
5. Authorize System
6. Monitor Controls
Integrating the Frameworks
Chapter 4: Real World Attacks
Major Cybersecurity Attacks and Breaches
Cyber Kill Chain
MITRE ATT&CK Matrices
Chapter 5: Defense in Depth and the NIST Cybersecurity Framework
Defense in Depth and the NIST CSF
Zero Trust
Aligning vendor Controls with Subcategories
Security Operations Center (SOC) activities and Security Information and Event Management solutions in relation to the Framework
Chapter 6: Assessing Security in the Subcategories
Creating an Assessment Plan
Assigning Roles and Responsibilities
Tiers, Threats, Risks, Likelihoods, and Impact
Chapter 7: Creating a Written Information Security Program
The Intersection of Business and Technical Controls
What is a Written Information Security Program (WISP)?
Creating a WISP Template
Aligning Current Profile with a WISP
Chapter 8: A Practitioner’s Deep Dive into Creating or Improving a Cybersecurity Program
Step 1: Prioritize and Scope
Identifying organizational priorities
Aiding and influencing strategic cybersecurity implementation decisions
Determining scope of the implementation
Planning for internal adaptation based on business line/process need
Understanding risk tolerance
Step 2: Orient
Identifying systems and applications which support organizational priorities
Working with compliance to determine regulatory and other obligations
Planning for risk responsibility
Step 3: Create a Current Profile
Assessing – self vs. 3rd party
How to measure real world in relation to the Framework
Qualitative and quantitative metrics
Analysis of the Current State in a sample assessment
Implementation Tiers in practice
Current Profile and Implementation Tiers
Step 4: Conduct a Risk Assessment
Risk assessment options (3rd party vs internal)
Organizational vs. system level risk assessment
Risk assessment and external stakeholders
Step 5: Create a Target Profile
Target Profile and Steps 1-4
Determining desired outcomes with Tiers
External stakeholder considerations
Adding Target Profiles outside the Subcategories
Step 6: Determine, Analyze, and Prioritize Gaps
Defining and determining Gaps
Gap analysis and required resources
Organizational factors in creating a prioritized action plan
Step 7: Implement Action Plan
Implementation team design from Executives to Technical Practitioners
Assigning tasks when priorities conflict
Considering compliance and privacy obligations
Taking action
Reporting and reviewing
Chapter 9: Continuous Cybersecurity Improvement
Creating a continuous improvement plan
Implementing ongoing assessments
Additional information
Length
2 days
Guaranteed to run
No
Contact Us (425) 460-2200
Thank you for using
Themify Popup
This is a sample pop up. A Themify theme or Builder Plugin (free) is recommended to design the pop up layouts.
NIST Cybersecurity Framework (NCSF) Practitioner
Dates are listed in Pacific Time Zone
$2,295.00
The two-day NIST Cybersecurity Practitioner course is designed for individuals within an organization who are directly involved in the planning, design, creation, implementation, and or improvement of a cybersecurity program that will follow the principles of the NIST Cybersecurity Framework. Although some aspects of the course are technical this course also includes risk management, business controls, and guidance for a continuous cybersecurity improvement plan.
Description
Overview:
The two-day NIST Cybersecurity Practitioner course is designed for individuals within an organization who are directly involved in the planning, design, creation, implementation, and or improvement of a cybersecurity program that will follow the principles of the NIST Cybersecurity Framework. Although some aspects of the course are technical this course also includes risk management, business controls, and guidance for a continuous cybersecurity improvement plan.
Prerequisite(s):
Individuals should have already taken the NIST Cybersecurity Framework (NCSF) Foundation Training course or have significant experience with the NIST Cybersecurity Framework.
Audience:
Outline:
Chapter 1: Course Introduction
Chapter 2: The Components of the NIST Cybersecurity Framework
Chapter 3: Risk Management in the NIST CSF and NIST RMF
Chapter 4: Real World Attacks
Chapter 5: Defense in Depth and the NIST Cybersecurity Framework
Chapter 6: Assessing Security in the Subcategories
Chapter 7: Creating a Written Information Security Program
Chapter 8: A Practitioner’s Deep Dive into Creating or Improving a Cybersecurity Program
Chapter 9: Continuous Cybersecurity Improvement
Additional information
2 days
No