HARTMANN software group

NIST Cybersecurity Framework (NCSF) Practitioner Training in Reading

Enroll in or hire us to teach our NIST Cybersecurity Framework (NCSF) Practitioner class in Reading, Pennsylvania by calling us @303.377.6176. Like all HSG classes, NIST Cybersecurity Framework (NCSF) Practitioner may be offered either onsite or via instructor led virtual training. Consider looking at our public training schedule to see if it is scheduled: Public Training Classes
Provided there are enough attendees, NIST Cybersecurity Framework (NCSF) Practitioner may be taught at one of our local training facilities.
We offer private customized training for groups of 3 or more attendees.
get pricing information

Course Description

  
The NIST Cybersecurity Framework (NCSF) Practitioner Training course is suited for individuals working with and overseeing the technology, including CIOs, CISOs, IT Directors and Managers, IT Security personnel, and IT staff.
 
  • Two-day deep dive into NIST CSF Foundation concepts.
  • Focus on designing and implementing (or improving) a cybersecurity program to minimize risks and protect critical assets based on the NIST CSF.
  • Provides an analysis of various technical and business controls, including the Center for Internet Security v8 Critical Security Controls, the ISO 27001: 2013 Information Security Management System Requirements, and the NIST Risk Management Framework.
  • Includes NIST Framework certification exam and continuing education credits, such as PDUs and CEUs. Candidates receive a certificate for a passing score and a skills-gap document after completing their exam.
Course Length: 2 Days
Course Tuition: $890 (US)

Prerequisites
Individuals should have already taken the NIST Cybersecurity Framework (NCSF) Foundation Training course or have significant experience with the NIST Cybersecurity Framework.

Course Outline

  
MODULE 1: COURSE INTRODUCTION
Provides the student with information relative to the course, conduct of the course in the virtual classroom, and course materials.
 
MODULE 2: APPLYING NIST CSF TIERS AND PROFILES
Review of the NIST CSF Major Components
Tiers and Tier selection
Current and Target Profiles and the Framework Core
 
MODULE 3: AN EXPLORATION OF INFORMATIVE REFERENCES
Defining the major Informative References
CIS Controls v8
ISO/IEC 27001:2013
NIST SP 800-53 Rev. 5
 
MODULE 4: RISK MANAGEMENT IN THE NIST CSF AND NIST RMF
Risk Management in the NIST Cybersecurity Framework
Analyzing the NIST Risk Management Framework
Introduction and History
Purpose, Design, and Characteristics
Seven Steps
Prepare
Categorize
Select
Implement
Assess
Authorize
Monitor
Integrating the Frameworks
 
MODULE 5: UNDERSTANDING AND DEFENDING AGAINST REAL WORLD ATTACKS
Major Cybersecurity Attacks and Breaches
MITRE ATT&CK Matrices
Defense in Depth and the NIST CSF
Security Operations Center (SOC) activities and Security Information and Event Management (SIEM) solutions in relation to the NIST CSF
 
MODULE 6: ASSESSING SECURITY IN THE SUBCATEGORIES
Creating an Assessment Plan
Assigning Roles and Responsibilities
Tiers, Threats, Risks, Likelihoods, and Impact
 
MODULE 7: CREATING A WRITTEN INFORMATION SECURITY PROGRAMS (WISP)
The Intersection of Business and Technical Controls
What is a Written Information Security Program (WISP)?
Creating a WISP Template
Aligning Current Profile with a WISP
 
MODULE 8: A PRACTITIONER’S DEEP DIVE INTO CREATING OR IMPROVING A CYBERSECURITY PROGRAM
Step 1: Prioritize and Scope
Identifying organizational priorities
Aiding and influencing strategic cybersecurity implementation decisions
Determining scope of the implementation
Planning for internal adaptation based on business line/process need
Understanding risk tolerance
Step 2: Orient
Identifying systems and applications which support organizational priorities
Working with compliance to determine regulatory and other obligations
Planning for risk responsibility
Step 3: Create a Current Profile
Cybersecurity Assessment options
How to measure real world in relation to the Framework
Qualitative and quantitative metrics
Current Profile and Implementation Tiers
Step 4: Conduct a Risk Assessment
Risk assessment options (3rd party vs internal)
Organizational vs. system level risk assessment
Risk assessment and external stakeholders
Step 5: Create a Target Profile
Target Profile and Steps 1-4
External stakeholder considerations
Adding Target Profiles outside the Subcategories
Step 6: Determine, Analyze, and Prioritize Gaps
Defining and determining Gaps
Gap analysis and required resources
Organizational factors in creating a prioritized action plan
Step 7: Implement the Action Plan
Implementation team design from Executives to Technical Practitioners
Assigning tasks when priorities conflict
Considering compliance and privacy obligations
Taking action
Reporting and reviewing
 
MODULE 9: CONTINUOUS CYBERSECURITY IMPROVEMENT
Creating a continuous improvement plan
Implementing ongoing assessments

Course Directory [training on all levels]

Technical Training Courses
Software engineer/architect, System Admin ... Welcome!
Business Training Courses
Project Managers, Business Analysts, Paralegals ... Welcome!
Upcoming Classes
Gain insight and ideas from students with different perspectives and experiences.

Interesting Reads Take a class with us and receive a book of your choosing for 50% off MSRP.