Course Overview
The NIST Cybersecurity Framework (NCSF) Practitioner Training course is designed for individuals within an organization who are directly involved in the planning, design, creation, implementation, and or improvement of a cybersecurity program that will follow the principles of the NIST Cybersecurity Framework. Although some aspects of the course are technical, this course also includes risk management, business controls, and other topics that would be of value to staff outside of the traditional technical audience.
- Two-day deep dive into Foundation concepts.
- Focus on designing and implementing (or improving) a cybersecurity program to minimize risks and protect critical assets based on the NIST CSF.
- Provides a detailed analysis of various technical and business controls, including the Center for Internet Security 18 Critical Security Controls, the ISO 27001: 2013 Information Security Management System, and the ISO 27002: 2013 Code of Practice.
Who should attend
The program is designed for IT and Business professionals who will play an active role in the design and management of an NCSF program.
This course is suited for individuals working with and overseeing the technology, including CIOs, IT Directors and Managers, IT Security personnel, and IT staff.
Prerequisites
Individuals should have already taken the NIST Cybersecurity Framework (NCSF) Foundation Training course or have significant experience with the NIST Cybersecurity Framework.
Course Objectives
Outcomes and benefits from this class is a practical approach that students can use to build and maintain comprehensive cybersecurity and cyber-risk management programs.
Outline: NIST Cybersecurity Framework (NCSF) Practitioner (NCSF-P)
MODULE 1: COURSE INTRODUCTION
- Provides the student with information relative to the course and the conduct of the course in the classroom, virtual classroom, and course materials.
MODULE 2: APPLYING NIST CSF TIERS AND PROFILES
- Review of the NIST CSF major components
- Tiers and Tier Selection
- Current and Target Profiles and the Framework Core
MODULE 3: AN EXPLORATION OF INFORMATIVE REFERENCES
- Defining the major Informative References
- CIS Controls v8
- ISO/IEC 27001:2013
- NIST SP 800-53 Rev. 5
MODULE 4: RISK MANAGEMENT IN THE NIST CSF AND NIST RMF
- Risk Management in the NIST Cybersecurity Framework
- Analyzing the NIST Risk Management Framework
- a) Introduction and History
- b) Purpose, Design, and Characteristics
- c) Seven Steps
- Prepare
- Categorize System
- Select Controls
- Implement Controls
- Assess Controls
- Authorize System
- Monitor System and Controls
- Integrating the Frameworks
MODULE 5: UNDERSTANDING AND DEFENDING AGAINST REAL WORLD ATTACKS
- Major Cybersecurity Attacks and Breaches
- MITRE ATT&CK Matrices
- Defense in Depth and the NIST CSF
- Security Operations Center (SOC) activities and Security Information and Event Management (SIEM) solutions in relation to the NIST CSF
MODULE 6: ASSESSING CYBERSECURITY IN THE SUBCATEGORIES
- Creating an Assessment Plan
- Assigning Roles and Responsibilities
- Tiers, Threats, Risks, Likelihoods, and Impact
MODULE 7: CREATING A WRITTEN INFORMATION SECURITY PROGRAMS (WISP)
- The Intersection of Business and Technical Controls
- What is a Written Information Security Program (WISP)?
- Creating a WISP Template
- Aligning Current Profile with a WISP
MODULE 8: A PRACTITIONER’S DEEP DIVE INTO CREATING OR IMPROVING A CYBERSECURITY PROGRAM
- Step 1: Prioritize and Scope
- a) Identifying organizational priorities
- b) Aiding and influencing strategic cybersecurity implementation decisions
- c) Determining scope of the implementation
- d) Planning for internal adaptation based on business line/process need
- e) Understanding risk tolerance
- Step 2: Orient
- a) Identifying systems and applications which support organizational priorities
- b) Working with compliance to determine regulatory and other obligations
- c) Planning for risk responsibility
- Step 3: Create a Current Profile
- a) Cybersecurity Assessment options
- b) How to measure real world in relation to the Framework
- c) Qualitative and quantitative metrics
- d) Current Profile and Implementation Tiers
- Step 4: Conduct a Risk Assessment
- a) Risk assessment options (3rd party vs internal)
- b) Organizational vs. system level risk assessment
- c) Risk assessment and external stakeholders
- Step 5: Create a Target Profile
- a) Target Profile and Steps 1-4
- b) External stakeholder considerations
- c) Adding Target Profiles outside the Subcategories
- Step 6: Determine, Analyze, and Prioritize Gaps
- a) Defining and determining Gaps
- b) Gap analysis and required resources
- c) Organizational factors in creating a prioritized action plan
- Step 7: Implement Action Plan
- a) Implementation team design from Executives to Technical Practitioners
- b) Assigning tasks when priorities conflict
- c) Considering compliance and privacy obligations
- d) Taking action
- e) Reporting and reviewing
MODULE 9: CONTINUOUS CYBERSECURITY IMPROVEMENT
- Creating a continuous improvement plan
- Implementing ongoing assessments