NIST Cybersecurity Framework (NCSF) Practitioner
Audience Profile
The program is designed for IT and Business professionals who will play an active role in the design and management of an NCSF program.
At Course Completion
Outcomes and benefits from this class is a practical approach that students can use to build and maintain comprehensive cybersecurity and cyber-risk management programs.
Prerequisites
Individuals should have already taken the NIST Cybersecurity Framework (NCSF) Foundation Training course or have significant experience with the NIST Cybersecurity Framework.
Outline
MODULE 1: COURSE INTRODUCTION
Provides the student with information relative to the course and the conduct of the course in the classroom, virtual classroom, and course materials.
MODULE 2: APPLYING NIST CSF TIERS AND PROFILES
Review of the NIST CSF major components
Tiers and Tier Selection
Current and Target Profiles and the Framework Core
MODULE 3: AN EXPLORATION OF INFORMATIVE REFERENCES
Defining the major Informative References
CIS Controls v8
ISO/IEC 27001:2013
NIST SP 800-53 Rev. 5
MODULE 4: RISK MANAGEMENT IN THE NIST CSF AND NIST RMF
Risk Management in the NIST Cybersecurity Framework
Analyzing the NIST Risk Management Framework
a) Introduction and History
b) Purpose, Design, and Characteristics
c) Seven Steps
Prepare
Categorize System
Select Controls
Implement Controls
Assess Controls
Authorize System
Monitor System and Controls
Integrating the Frameworks
MODULE 5: UNDERSTANDING AND DEFENDING AGAINST REAL WORLD ATTACKS
Major Cybersecurity Attacks and Breaches
MITRE ATT&CK Matrices
Defense in Depth and the NIST CSF
Security Operations Center (SOC) activities and Security Information and Event Management (SIEM) solutions in relation to the NIST CSF
MODULE 6: ASSESSING CYBERSECURITY IN THE SUBCATEGORIES
Creating an Assessment Plan
Assigning Roles and Responsibilities
Tiers, Threats, Risks, Likelihoods, and Impact
MODULE 7: CREATING A WRITTEN INFORMATION SECURITY PROGRAMS (WISP)
The Intersection of Business and Technical Controls
What is a Written Information Security Program (WISP)?
Creating a WISP Template
Aligning Current Profile with a WISP
MODULE 8: A PRACTITIONER’S DEEP DIVE INTO CREATING OR IMPROVING A CYBERSECURITY PROGRAM
Step 1: Prioritize and Scope
a) Identifying organizational priorities
b) Aiding and influencing strategic cybersecurity implementation decisions
c) Determining scope of the implementation
d) Planning for internal adaptation based on business line/process need
e) Understanding risk tolerance
Step 2: Orient
a) Identifying systems and applications which support organizational priorities
b) Working with compliance to determine regulatory and other obligations
c) Planning for risk responsibility
Step 3: Create a Current Profile
a) Cybersecurity Assessment options
b) How to measure real world in relation to the Framework
c) Qualitative and quantitative metrics
d) Current Profile and Implementation Tiers
Step 4: Conduct a Risk Assessment
a) Risk assessment options (3rd party vs internal)
b) Organizational vs. system level risk assessment
c) Risk assessment and external stakeholders
Step 5: Create a Target Profile
a) Target Profile and Steps 1-4
b) External stakeholder considerations
c) Adding Target Profiles outside the Subcategories
Step 6: Determine, Analyze, and Prioritize Gaps
a) Defining and determining Gaps
b) Gap analysis and required resources
c) Organizational factors in creating a prioritized action plan
Step 7: Implement Action Plan
a) Implementation team design from Executives to Technical Practitioners
b) Assigning tasks when priorities conflict
c) Considering compliance and privacy obligations
d) Taking action
e) Reporting and reviewing
MODULE 9: CONTINUOUS CYBERSECURITY IMPROVEMENT
Creating a continuous improvement plan
Implementing ongoing assessments
Sorry! It looks like we haven’t updated our dates for the class you selected yet. There’s a quick way to find out. Contact us at 502.265.3057 or email info@training4it.com
Request a Date