NIST Cybersecurity Framework (NCSF) Boot Camp Training in Independence
We offer private customized training for groups of 3 or more attendees.
|
||
Course Description |
||
The three-day NIST Cybersecurity Bootcamp course is a combination of the NIST Cybersecurity Framework (NCSF) Foundation and Practitioner Training courses. The bootcamp provides a deep dive into the components of the NIST CSF and NIST Risk Management Framework (RMF) and how they align to risk management. The course will follow the principles of the NIST Cybersecurity Framework to design and implement (or improve) a cybersecurity program to protect critical assets. The bootcamp details defense in depth, creation of a Written Information Security Program, and implementing ongoing assessments for a continuous improvement plan. This course is suited for individuals working with and overseeing the cybersecurity of an organization, including CIOs, CISOs, IT Security workforce, and IT Directors/Managers/Personnel.
Course Length: 3 Days
Course Tuition: $1290 (US) |
Prerequisites |
|
Basic computing skills and security knowledge will be helpful. |
Course Outline |
MODULE 1: COURSE INTRODUCTION
Provides the student with information relative to the course, conduct of the course in the virtual classroom, and course materials.
MODULE 2: THE BASICS OF CYBERSECURITY
What is cybersecurity?
Types of attackers
Vulnerabilities
Exploits
Threats
Controls
Frameworks
Risk-Based Cybersecurity
MODULE 3: A HOLISTIC STUDY OF THE NIST CYBERSECURITY FRAMEWORK
History
EO 13636
Cybersecurity Enhancement Act of 2014
EO 13800
Uses and Benefits of the Framework
Attributes of the Framework
Framework Component Introduction
Framework Core
Framework Profiles
Framework Implementation Tiers
MODULE 4: CYBERSECURITY ACTIVITIES: THE FRAMEWORK CORE
Purpose of the Core
Core Functions, Categories, and Subcategories
Informative References
MODULE 5: RISK MANAGEMENT CONSIDERATIONS: FRAMEWORK IMPLEMENTATION TIERS
Purpose of the Tiers
The Four Tiers
Components of the Tiers
Compare and contrast the NIST Cybersecurity Framework with the NIST Risk Management Framework
MODULE 6: CURRENT AND DESIRED OUTCOMES: FRAMEWORK PROFILES
Purpose of the Profiles
The Two Profiles
Interrelationships between the Framework Components
MODULE 7: A PRIMER ON THE SEVEN STEP FRAMEWORK IMPLEMENTATION PROCESS
Prioritize and Scope
Orient
Create a Current Profile
Conduct a Risk Assessment
Create a Target Profile
Determine, Analyze, and Prioritize Gaps
Implement the Action Plan
THE PRACTITIONER COURSE IS ORGANIZED AS FOLLOWS:
MODULE 1: COURSE INTRODUCTION
Provides the student with information relative to the course, conduct of the course in the virtual classroom, and course materials.
MODULE 2: APPLYING NIST CSF TIERS AND PROFILES
Review of the NIST CSF Major Components
Tiers and Tier selection
Current and Target Profiles and the Framework Core
MODULE 3: AN EXPLORATION OF INFORMATIVE REFERENCES
Defining the major Informative References
CIS Controls v8
ISO/IEC 27001:2013
NIST SP 800-53 Rev. 5
MODULE 4: RISK MANAGEMENT IN THE NIST CSF AND NIST RMF
Risk Management in the NIST Cybersecurity Framework
Analyzing the NIST Risk Management Framework
Introduction and History
Purpose, Design, and Characteristics
Seven Steps
Prepare
Categorize
Select
Implement
Assess
Authorize
Monitor
Integrating the Frameworks
MODULE 5: UNDERSTANDING AND DEFENDING AGAINST REAL WORLD ATTACKS
Major Cybersecurity Attacks and Breaches
MITRE ATT&CK Matrices
Defense in Depth and the NIST CSF
Security Operations Center (SOC) activities and Security Information and Event Management (SIEM) solutions in relation to the NIST CSF
MODULE 6: ASSESSING SECURITY IN THE SUBCATEGORIES
Creating an Assessment Plan
Assigning Roles and Responsibilities
Tiers, Threats, Risks, Likelihoods, and Impact
MODULE 7: CREATING A WRITTEN INFORMATION SECURITY PROGRAMS (WISP)
The Intersection of Business and Technical Controls
What is a Written Information Security Program (WISP)?
Creating a WISP Template
Aligning Current Profile with a WISP
MODULE 8: A PRACTITIONER’S DEEP DIVE INTO CREATING OR IMPROVING A CYBERSECURITY PROGRAM
Step 1: Prioritize and Scope
Identifying organizational priorities
Aiding and influencing strategic cybersecurity implementation decisions
Determining scope of the implementation
Planning for internal adaptation based on business line/process need
Understanding risk tolerance
Step 2: Orient
Identifying systems and applications which support organizational priorities
Working with compliance to determine regulatory and other obligations
Planning for risk responsibility
Step 3: Create a Current Profile
Cybersecurity Assessment options
How to measure real world in relation to the Framework
Qualitative and quantitative metrics
Current Profile and Implementation Tiers
Step 4: Conduct a Risk Assessment
Risk assessment options (3rd party vs internal)
Organizational vs. system level risk assessment
Risk assessment and external stakeholders
Step 5: Create a Target Profile
Target Profile and Steps 1-4
External stakeholder considerations
Adding Target Profiles outside the Subcategories
Step 6: Determine, Analyze, and Prioritize Gaps
Defining and determining Gaps
Gap analysis and required resources
Organizational factors in creating a prioritized action plan
Step 7: Implement the Action Plan
Implementation team design from Executives to Technical Practitioners
Assigning tasks when priorities conflict
Considering compliance and privacy obligations
Taking action
Reporting and reviewing
MODULE 9: CONTINUOUS CYBERSECURITY IMPROVEMENT
Creating a continuous improvement plan
Implementing ongoing assessments
|
Course Directory [training on all levels]
- .NET Classes
- Agile/Scrum Classes
- Ajax Classes
- Android and iPhone Programming Classes
- Blaze Advisor Classes
- C Programming Classes
- C# Programming Classes
- C++ Programming Classes
- Cisco Classes
- Cloud Classes
- CompTIA Classes
- Crystal Reports Classes
- Design Patterns Classes
- DevOps Classes
- Foundations of Web Design & Web Authoring Classes
- Git, Jira, Wicket, Gradle, Tableau Classes
- IBM Classes
- Java Programming Classes
- JBoss Administration Classes
- JUnit, TDD, CPTC, Web Penetration Classes
- Linux Unix Classes
- Machine Learning Classes
- Microsoft Classes
- Microsoft Development Classes
- Microsoft SQL Server Classes
- Microsoft Team Foundation Server Classes
- Microsoft Windows Server Classes
- Oracle, MySQL, Cassandra, Hadoop Database Classes
- Perl Programming Classes
- Python Programming Classes
- Ruby Programming Classes
- Security Classes
- SharePoint Classes
- SOA Classes
- Tcl, Awk, Bash, Shell Classes
- UML Classes
- VMWare Classes
- Web Development Classes
- Web Services Classes
- Weblogic Administration Classes
- XML Classes
- Introduction to Spring 5 (2022)
16 December, 2024 - 18 December, 2024 - VMware vSphere 8.0 Boot Camp
9 December, 2024 - 13 December, 2024 - Linux Fundaments GL120
9 December, 2024 - 13 December, 2024 - RED HAT ENTERPRISE LINUX AUTOMATION WITH ANSIBLE
2 December, 2024 - 5 December, 2024 - VMware vSphere 8.0 with ESXi and vCenter
9 December, 2024 - 13 December, 2024 - See our complete public course listing