About this Course
The NIST Cybersecurity Framework (NCSF) course introduces the NIST Cybersecurity Framework (NIST CSF). The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. The NCSF Foundation training course outlines current cybersecurity challenges and explains how organizations who implement a NCSF program can mitigate these challenges.
This course discusses how an organization can use the Framework as a key part of its systematic process for identifying, assessing, and managing cybersecurity risk. The Framework is not designed to replace existing processes; an organization can use its current process and overlay it onto the Framework to determine gaps in its current cybersecurity risk approach and develop a roadmap to improvement. Utilizing the Framework as a cybersecurity risk management tool, an organization can determine activities that are most important to critical service delivery and prioritize expenditures to maximize the impact of the investment.
The class will include lectures, informative supplemental reference materials, quizzes, and tests. Outcomes and benefits from this class is a fundamental understanding of cybersecurity and the NIST CSF.
The optional certification exam is through ACQUIROS. Student must pass a 90 minute, 100 question closed book multiple choice, examination with a passing score of 70% in order to receive this certification.
Credits Earned
• 8 PDU Credits with the one day class
Audience Profile
The program is targeted at IT and Business professionals who need a basic understanding of the NIST Cybersecurity Framework and its role within an organization.
At Course Completion
Outcomes and benefits from this class is a fundamental understanding of cybersecurity and the NIST CSF.
Outline
Course Introduction
Provides the student with information relative to the course and the conduct of the course in the classroom, virtual classroom and online self-paced. The introduction also covers the nature and scope of the examination.
Doing Business in the Danger Zone
Discusses the current state of cybersecurity in the context of today’s threat landscape and what organizations must do in order to ask and answer the question, “Are we secure?”
Risk-based Approach
Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance.
With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs. Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.
The NIST Cybersecurity Framework Fundamentals
The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. These components are explained in the remainder of the course.
Core Functions, Categories & Subcategories
The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functions—Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory.
Implementation Tiers
Framework Implementation Tiers (“Tiers”) provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. Tiers describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework (e.g., risk and threat aware, repeatable, and adaptive). The Tiers characterize an organization’s practices over a range, from Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-informed. During the Tier selection process, an organization should consider its current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints.
Developing Framework Profiles
A Framework Profile (“Profile”) represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories. The Profile can be characterized as the alignment of standards, guidelines, and practices to the Framework Core in a particular implementation scenario. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a “Current” Profile (the “as is” state) with a “Target” Profile (the “to be” state). To develop a Profile, an organization can review all of the Categories and Subcategories and, based on business drivers and a risk assessment, determine which are most important; they can add Categories and Subcategories as needed to address the organization’s risks. The Current Profile can then be used to support prioritization and measurement of progress toward the Target Profile, while factoring in other business needs including cost-effectiveness and innovation. Profiles can be used to conduc
Cybersecurity Controls FactoryTM Model
This model, developed by Larry Wilson, CSIO at UMass,
President’s Office, provides an approach for an organization to operationalization of the 20 Critical
Security Controls within the NIST CSF within the context of the NIST CSF
Cybersecurity Improvement
The NIST CSF also provides a 7-step approach for the implementation and improvement of their cybersecurity posture utilizing the NIST CSF. The 7-steps include:
Step 1: Prioritize and Scope. The organization identifies its business/mission objectives and high-level
organizational priorities.
Step 2: Orient. The organization identifies related systems and assets, regulatory requirements, and
overall risk approach and then identifies threats to, and vulnerabilities of, those systems and
assets.
Step 3: Create a Current Profile. The organization develops a Current Profile by indicating which
Category and Subcategory outcomes from the Framework Core are currently being achieved.
Step 4: Conduct a Risk Assessment. The organization analyzes the operational environment in order to
discern the likelihood of a cybersecurity event and the impact that the event could have on the organization.
Step 5: Create a Target Profile. The organization creates a Target Profile that focuses on the assessment of the Framework Categories and Subcategories describing the organization’s desired cybersecurity outcomes.
Step 6: Determine, Analyze, and Prioritize Gaps. The organization compares the Current Profile and the Target Profile to determine gaps. Next it creates a prioritized action plan to address those gaps that draws upon mission drivers, a cost/benefit analysis, and understanding of risk to achieve the outcomes in the Target Profile.
Step 7: Implement Action Plan. The organization determines which actions to take in regards to the gaps, if any, identified in the previous step
Disclaimer:
THE itSMS COURSE IS PROVIDED “AS IS” WITH NO GUARANTEE OF COMPLETENESS, ACCURACY, TIMELINESS, OR NONINFRINGEMENT. itSMS AND THE UNIVERSITY OF MASSACHUSETTS DO NOT WARRANT THAT ACCESS TO OR USE OF THE CONTENT, THE COURSE, OR THE INFORMATION PROVIDED THEREIN OR SERVICES PROVIDED THEREWITH WILL BE UNINTERRUPTED OR ERROR FREE. itSMS AND THE UNIVERSITY OF MASSACHUSETTS EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF AVAILABILITY, PERFORMANCE, MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.
Prerequisites
There are no prerequisites for this course, although basic Security knowledge will be helpful.
Venue: LIVE Online
Address:
Description:
Live Online Training
Get the same training you expect in the classroom without leaving your office or home. These are NOT recorded classes. They are LIVE sessions with an expert instructor. We use the latest in video conferencing technologies and audio so you can confidently participate in any class just like being right there in person. We guarantee the effectiveness of our online training delivery approach that we will give you your money back if you are not totally satisfied. Ask us for a demo.
Online class requirements:
- Moderate to fast Internet
- A phone or computer headset is required in order to hear the instructor/moderator). You can use Computer Audio (VoIP) or you can dial in from a regular phone. For convenience, we recommend a hands-free headset or phone.
- Training software must be installed on your computer (trial versions are acceptable)
- RECOMMENDED: Dual Monitors or computers. For optimal online learning experience, we recommend participants have dual monitors or two computers. Your online classroom credentials allow you to join multiple times from multiple computers. Participants should use one monitor or computer to view the instructor’s shared screen and another monitor or computer to work with the software.
What happens when you enroll in an online class
When you register for an online class, you will receive a welcome email followed by login access to the Citrix GoToTraining virtual classroom. A workbook (printed copy or eBook) will be sent to you prior to the start of class.
Online Training Advantages
Convenience: You don’t have to travel and can attend from your home, office or anywhere with an internet connection. Our online classes are conducted using GoToTraining, a more robust version of the popular GoToMeeting screen sharing and conferencing platform. To accommodate multiple time zones, courses are typically scheduled from 10am – 5pm Eastern with a one-hour lunch break at 12:30 – 1:30 pm Eastern and a 10-minute break in the morning and afternoon. When conducting custom online course for your group, class times can be modified to accommodate your timezone.
Interactive Learning: Our online training is fully interactive. You can speak and chat with the instructor and classmates at any time. Various interactive techniques are used in every class. Our small class sizes (typically 4 – 8 students), allow our instructors to focus on individual performance and issues and to work closely with you to meet your unique needs. Classes are designed to be a hands-on learning experience, providing opportunities for you to try your new skills while the instructor is available for review, questions, and feedback. You have the option to give the instructor permission to view your computer to provide one-on-one assistance when needed.
