NIST Cybersecurity Framework (NCSF) Practitioner Training

NIST Cybersecurity Framework (NCSF) Practitioner Training

The NIST Cybersecurity Framework (NCSF) Practitioner Training course is suited for individuals working with and overseeing the technology, including CIOs, CISOs, IT Directors and Managers, IT Security personnel, and IT staff.

  • Two-day deep dive into NIST CSF Foundation concepts.
  • Focus on designing and implementing (or improving) a cybersecurity program to minimize risks and protect critical assets based on the NIST CSF.
  • Provides an analysis of various technical and business controls, including the Center for Internet Security v8 Critical Security Controls, the ISO 27001: 2013 Information Security Management System Requirements, and the NIST Risk Management Framework.
  • Includes NIST Framework certification exam and continuing education credits, such as PDUs and CEUs. Candidates receive a certificate for a passing score and a skills-gap document after completing their exam.

Benefits

The NIST Cybersecurity Framework (NCSF) Practitioner Training course is designed for individuals within an organization who are directly involved in the planning, design, creation, implementation, and or improvement of a cybersecurity program that will follow the principles of the NIST Cybersecurity Framework. Although some aspects of the course are technical, this course also includes risk management, business controls, and other topics that would be of value to staff outside of the traditional technical audience.

Outline

MODULE 1: COURSE INTRODUCTION

Provides the student with information relative to the course, conduct of the course in the virtual classroom, and course materials.

MODULE 2: APPLYING NIST CSF TIERS AND PROFILES

  1. Review of the NIST CSF Major Components
  2. Tiers and Tier selection
  3. Current and Target Profiles and the Framework Core

MODULE 3: AN EXPLORATION OF INFORMATIVE REFERENCES

  1. Defining the major Informative References
  2. CIS Controls v8
  3. ISO/IEC 27001:2013
  4. NIST SP 800-53 Rev. 5

MODULE 4: RISK MANAGEMENT IN THE NIST CSF AND NIST RMF

  1. Risk Management in the NIST Cybersecurity Framework
  2. Analyzing the NIST Risk Management Framework
  3. Introduction and History
  4. Purpose, Design, and Characteristics
  5. Seven Steps
  6. Prepare
  7. Categorize
  8. Select
  9. Implement
  10. Assess
  11. Authorize
  12. Monitor
  13. Integrating the Frameworks

MODULE 5: UNDERSTANDING AND DEFENDING AGAINST REAL WORLD ATTACKS

  1. Major Cybersecurity Attacks and Breaches
  2. MITRE ATT&CK Matrices
  3. Defense in Depth and the NIST CSF
  4. Security Operations Center (SOC) activities and Security Information and Event Management (SIEM) solutions in relation to the NIST CSF

MODULE 6: ASSESSING SECURITY IN THE SUBCATEGORIES

  1. Creating an Assessment Plan
  2. Assigning Roles and Responsibilities
  3. Tiers, Threats, Risks, Likelihoods, and Impact

MODULE 7: CREATING A WRITTEN INFORMATION SECURITY PROGRAMS (WISP)

  1. The Intersection of Business and Technical Controls
  2. What is a Written Information Security Program (WISP)?
  3. Creating a WISP Template
  4. Aligning Current Profile with a WISP

MODULE 8: A PRACTITIONER’S DEEP DIVE INTO CREATING OR IMPROVING A CYBERSECURITY PROGRAM

  1. Step 1: Prioritize and Scope
  2. Identifying organizational priorities
  3. Aiding and influencing strategic cybersecurity implementation decisions
  4. Determining scope of the implementation
  5. Planning for internal adaptation based on business line/process need
  6. Understanding risk tolerance
  7. Step 2: Orient
  8. Identifying systems and applications which support organizational priorities
  9. Working with compliance to determine regulatory and other obligations
  10. Planning for risk responsibility
  11. Step 3: Create a Current Profile
  12. Cybersecurity Assessment options
  13. How to measure real world in relation to the Framework
  14. Qualitative and quantitative metrics
  15. Current Profile and Implementation Tiers
  16. Step 4: Conduct a Risk Assessment
  17. Risk assessment options (3rd party vs internal)
  18. Organizational vs. system level risk assessment
  19. Risk assessment and external stakeholders
  20. Step 5: Create a Target Profile
  21. Target Profile and Steps 1-4
  22. External stakeholder considerations
  23. Adding Target Profiles outside the Subcategories
  24. Step 6: Determine, Analyze, and Prioritize Gaps
  25. Defining and determining Gaps
  26. Gap analysis and required resources
  27. Organizational factors in creating a prioritized action plan
  28. Step 7: Implement the Action Plan
  29. Implementation team design from Executives to Technical Practitioners
  30. Assigning tasks when priorities conflict
  31. Considering compliance and privacy obligations
  32. Taking action
  33. Reporting and reviewing

MODULE 9: CONTINUOUS CYBERSECURITY IMPROVEMENT

  1. Creating a continuous improvement plan
  2. Implementing ongoing assessments

Required Prerequisites

Individuals should have already taken the NIST Cybersecurity Framework (NCSF) Foundation Training course or have significant experience with the NIST Cybersecurity Framework.

Register Now
numbers
CWNCSF-PRACTITIONER
timer
Duration:
14
hours
payment
1247,00
(excluded VAT)
groups
Remote
notifications_active
Reg. deadline:
calendar_month
From 
to 

[

Contact us

]

info@esamatic.it
+39
349 64 30 690