logo


your one source for IT & AV

Training Presentation Systems Services & Consulting Cloud Services Purchase Client Center Computer Museum
Arrow Course Schedule | Classroom Rentals | Student Information | Free Seminars | Client Feedback | Partners | Survey | Standby Discounts

NIST Cybersecurity Framework (NCSF) Boot Camp Training

SS Course: 2001602

Course Overview

TOP

The three-day NIST Cybersecurity Bootcamp course is a combination of the NIST Cybersecurity Framework (NCSF) Foundation and Practitioner Training courses. The bootcamp provides a deep dive into the components of the NIST CSF and NIST Risk Management Framework (RMF) and how they align to risk management. The course will follow the principles of the NIST Cybersecurity Framework to design and implement (or improve) a cybersecurity program to protect critical assets. The bootcamp details defense in depth, creation of a Written Information Security Program, and implementing ongoing assessments for a continuous improvement plan.

                                                                  

Scheduled Classes

TOP

What You'll Learn

TOP

The course will help students to understand:

  • Key IT service management concepts
  • How ITIL guiding principles can help and organization to adopt and adapt service management
  • The 4 dimensions of service management
  • The purpose and components of the service value system
  • The activities of the service value chain and how the interconnect
  • Know the purpose of key ITIL practices
  • Preparation to sit the ITIL4 foundation examination

Outline

TOP
Viewing outline for:

THE FOUNDATION COURSE IS ORGANIZED AS FOLLOWS:

Module 1: COURSE INTRODUCTION

Provides the student with information relative to the course and the conduct of the course in the classroom, virtual classroom, and course materials.

MODULE 2: THE BASICS OF CYBERSECURITY

What is cybersecurity?

Types of attackers

Vulnerabilities

Exploits

Threats

Controls

Frameworks

Risk-Based Cybersecurity

MODULE 3: A HOLISTIC STUDY OF THE NIST CYBERSECURITY FRAMEWORK

History

  • EO 13636
  • Cybersecurity Enhancement Act of 2014
  • EO 13800

Uses and Benefits of the Framework

Attributes of the Framework

Framework Component Introduction

  • Framework Core
  • Framework Profiles
  • Framework Implementation Tiers

MODULE 4: CYBERSECURITY ACTIVITIES: THE FRAMEWORK CORE

Purpose of the Core

Core Functions, Categories, and Subcategories

Informative References

MODULE 5: RISK MANAGEMENT CONSIDERATIONS: FRAMEWORK IMPLEMENTATION TIERS

Purpose of the Tiers

The Four Tiers

Components of the Tiers

Compare and contrast the NIST Cybersecurity Framework with the NIST Risk Management Framework

MODULE 6: CURRENT AND DESIRED OUTCOMES: FRAMEWORK PROFILES

Purpose of the Profiles

The Two Profiles

Interrelationships between the Framework Components

MODULE 7: A PRIMER ON THE SEVEN STEP FRAMEWORK IMPLEMENTATION PROCESS

Prioritize and Scope

Orient

Create a Current Profile

Conduct a Risk Assessment

Create a Target Profile

Determine, Analyze, and Prioritize Gaps

Implement Action Plan

 

THE PRACTITIONER COURSE IS ORGANIZED AS FOLLOWS:

MODULE 1: COURSE INTRODUCTION

Provides the student with information relative to the course and the conduct of the course in the classroom, virtual classroom, and course materials.

MODULE 2: APPLYING NIST CSF TIERS AND PROFILES

Review of the NIST CSF major components

Tiers and Tier Selection

Current and Target Profiles and the Framework Core

MODULE 3: AN EXPLORATION OF INFORMATIVE REFERENCES

Defining the major Informative References

CIS Controls v8

ISO/IEC 27001:2013

NIST SP 800-53 Rev. 5

MODULE 4: RISK MANAGEMENT IN THE NIST CSF AND NIST RMF

Risk Management in the NIST Cybersecurity Framework

Analyzing the NIST Risk Management Framework

  • Introduction and History
  • Purpose, Design, and Characteristics
  • Seven Steps

Prepare

Categorize System

Select Controls

Implement Controls

Assess Controls

Authorize System

Monitor System and Controls

Integrating the Frameworks

MODULE 5: UNDERSTANDING AND DEFENDING AGAINST REAL WORLD ATTACKS

Major Cybersecurity Attacks and Breaches

MITRE ATT&CK Matrices

Defense in Depth and the NIST CSF

Security Operations Center (SOC) activities and Security Information and Event Management (SIEM) solutions in relation to the NIST CSF

MODULE 6: ASSESSING CYBERSECURITY IN THE SUBCATEGORIES

Creating an Assessment Plan

Assigning Roles and Responsibilities

Tiers, Threats, Risks, Likelihoods, and Impact

MODULE 7: CREATING A WRITTEN INFORMATION SECURITY PROGRAMS (WISP)

The Intersection of Business and Technical Controls

What is a Written Information Security Program (WISP)?

Creating a WISP Template

Aligning Current Profile with a WISP

MODULE 8: A PRACTITIONER’S DEEP DIVE INTO CREATING OR IMPROVING A CYBERSECURITY PROGRAM

Step 1: Prioritize and Scope

  • Identifying organizational priorities
  • Aiding and influencing strategic cybersecurity implementation decisions
  • Determining scope of the implementation
  • Planning for internal adaptation based on business line/process need
  • Understanding risk tolerance

Step 2: Orient

  • Identifying systems and applications which support organizational priorities
  • Working with compliance to determine regulatory and other obligations
  • Planning for risk responsibility

Step 3: Create a Current Profile

  • Cybersecurity Assessment options
  • How to measure real world in relation to the Framework
  • Qualitative and quantitative metrics
  • Current Profile and Implementation Tiers

Step 4: Conduct a Risk Assessment

  • Risk assessment options (3rd party vs internal)
  • Organizational vs. system level risk assessment
  • Risk assessment and external stakeholders

Step 5: Create a Target Profile

  • Target Profile and Steps 1-4
  • External stakeholder considerations
  • Adding Target Profiles outside the Subcategories

Step 6: Determine, Analyze, and Prioritize Gaps

  • Defining and determining Gaps
  • Gap analysis and required resources
  • Organizational factors in creating a prioritized action plan

Step 7: Implement Action Plan

  • Implementation team design from Executives to Technical Practitioners
  • Assigning tasks when priorities conflict
  • Considering compliance and privacy obligations
  • Taking action
  • Reporting and reviewing

MODULE 9: CONTINUOUS CYBERSECURITY IMPROVEMENT

Creating a continuous improvement plan

Implementing ongoing assessments

Prerequisites

TOP

There are no prerequisites for this course. Basic computing skills and security knowledge will be helpful.

    Who Should Attend

    TOP

    This course is suited for individuals working with and overseeing the cybersecurity of an organization, including:

    • CISOs
    • IT Security Workforce
    • IT Directors
    • IT Managers
    • IT Personnel
    • IT Architects

    Next Step Courses

    TOP