NIST Cybersecurity Framework (NCSF) Practitioner Training in Beaverton
Enroll in or hire us to teach our NIST Cybersecurity Framework (NCSF) Practitioner class in Beaverton, Oregon by calling us @303.377.6176. Like all HSG
classes, NIST Cybersecurity Framework (NCSF) Practitioner may be offered either onsite or via instructor led virtual training. Consider looking at our public training schedule to see if it
is scheduled: Public Training Classes
Provided there are enough attendees, NIST Cybersecurity Framework (NCSF) Practitioner may be taught at one of our local training facilities.
We offer private customized training for groups of 3 or more attendees.
|
||
Course Description |
||
The NIST Cybersecurity Framework (NCSF) Practitioner Training course is suited for individuals working with and overseeing the technology, including CIOs, CISOs, IT Directors and Managers, IT Security personnel, and IT staff.
Course Length: 2 Days
Course Tuition: $890 (US) |
Prerequisites |
|
Individuals should have already taken the NIST Cybersecurity Framework (NCSF) Foundation Training course or have significant experience with the NIST Cybersecurity Framework. |
Course Outline |
MODULE 1: COURSE INTRODUCTION
Provides the student with information relative to the course, conduct of the course in the virtual classroom, and course materials.
MODULE 2: APPLYING NIST CSF TIERS AND PROFILES
Review of the NIST CSF Major Components
Tiers and Tier selection
Current and Target Profiles and the Framework Core
MODULE 3: AN EXPLORATION OF INFORMATIVE REFERENCES
Defining the major Informative References
CIS Controls v8
ISO/IEC 27001:2013
NIST SP 800-53 Rev. 5
MODULE 4: RISK MANAGEMENT IN THE NIST CSF AND NIST RMF
Risk Management in the NIST Cybersecurity Framework
Analyzing the NIST Risk Management Framework
Introduction and History
Purpose, Design, and Characteristics
Seven Steps
Prepare
Categorize
Select
Implement
Assess
Authorize
Monitor
Integrating the Frameworks
MODULE 5: UNDERSTANDING AND DEFENDING AGAINST REAL WORLD ATTACKS
Major Cybersecurity Attacks and Breaches
MITRE ATT&CK Matrices
Defense in Depth and the NIST CSF
Security Operations Center (SOC) activities and Security Information and Event Management (SIEM) solutions in relation to the NIST CSF
MODULE 6: ASSESSING SECURITY IN THE SUBCATEGORIES
Creating an Assessment Plan
Assigning Roles and Responsibilities
Tiers, Threats, Risks, Likelihoods, and Impact
MODULE 7: CREATING A WRITTEN INFORMATION SECURITY PROGRAMS (WISP)
The Intersection of Business and Technical Controls
What is a Written Information Security Program (WISP)?
Creating a WISP Template
Aligning Current Profile with a WISP
MODULE 8: A PRACTITIONER’S DEEP DIVE INTO CREATING OR IMPROVING A CYBERSECURITY PROGRAM
Step 1: Prioritize and Scope
Identifying organizational priorities
Aiding and influencing strategic cybersecurity implementation decisions
Determining scope of the implementation
Planning for internal adaptation based on business line/process need
Understanding risk tolerance
Step 2: Orient
Identifying systems and applications which support organizational priorities
Working with compliance to determine regulatory and other obligations
Planning for risk responsibility
Step 3: Create a Current Profile
Cybersecurity Assessment options
How to measure real world in relation to the Framework
Qualitative and quantitative metrics
Current Profile and Implementation Tiers
Step 4: Conduct a Risk Assessment
Risk assessment options (3rd party vs internal)
Organizational vs. system level risk assessment
Risk assessment and external stakeholders
Step 5: Create a Target Profile
Target Profile and Steps 1-4
External stakeholder considerations
Adding Target Profiles outside the Subcategories
Step 6: Determine, Analyze, and Prioritize Gaps
Defining and determining Gaps
Gap analysis and required resources
Organizational factors in creating a prioritized action plan
Step 7: Implement the Action Plan
Implementation team design from Executives to Technical Practitioners
Assigning tasks when priorities conflict
Considering compliance and privacy obligations
Taking action
Reporting and reviewing
MODULE 9: CONTINUOUS CYBERSECURITY IMPROVEMENT
Creating a continuous improvement plan
Implementing ongoing assessments
|
Course Directory [training on all levels]
Technical Training Courses
Software engineer/architect, System Admin ... Welcome!
- .NET Classes
- Agile/Scrum Classes
- Ajax Classes
- Android and iPhone Programming Classes
- Blaze Advisor Classes
- C Programming Classes
- C# Programming Classes
- C++ Programming Classes
- Cisco Classes
- Cloud Classes
- CompTIA Classes
- Crystal Reports Classes
- Design Patterns Classes
- DevOps Classes
- Foundations of Web Design & Web Authoring Classes
- Git, Jira, Wicket, Gradle, Tableau Classes
- IBM Classes
- Java Programming Classes
- JBoss Administration Classes
- JUnit, TDD, CPTC, Web Penetration Classes
- Linux Unix Classes
- Machine Learning Classes
- Microsoft Classes
- Microsoft Development Classes
- Microsoft SQL Server Classes
- Microsoft Team Foundation Server Classes
- Microsoft Windows Server Classes
- Oracle, MySQL, Cassandra, Hadoop Database Classes
- Perl Programming Classes
- Python Programming Classes
- Ruby Programming Classes
- Security Classes
- SharePoint Classes
- SOA Classes
- Tcl, Awk, Bash, Shell Classes
- UML Classes
- VMWare Classes
- Web Development Classes
- Web Services Classes
- Weblogic Administration Classes
- XML Classes
Business Training Courses
Project Managers, Business Analysts, Paralegals ... Welcome!
Upcoming Classes
Gain insight and ideas from students with different perspectives and experiences.
- Ruby Programming
2 December, 2024 - 4 December, 2024 - VMware vSphere 8.0 Boot Camp
9 December, 2024 - 13 December, 2024 - Introduction to Spring 5 (2022)
16 December, 2024 - 18 December, 2024 - VMware vSphere 8.0 with ESXi and vCenter
9 December, 2024 - 13 December, 2024 - Ruby on Rails
5 December, 2024 - 6 December, 2024 - See our complete public course listing