Centriq Training Print Logo

Thursday

September 29 10:29 PM

NCSF-Pract

NCSF-Practitioner- NIST Cybersecurity Framework (NCSF) Practitioner Training Training Class:

  • Ways to Train:
  • Live Classroom
    Class is delivered at a Centriq location with a live instructor actually in the classroom.
  • Live Virtual Class
    Class is delivered live online via Centriq's Virtual Remote technology. Student may attend class from home or office or other location with internet access.
  • HD Class
    Class is delivered via award winning HD-ILT at Centriq's facility. Students view the live instructor utilizing a 60'' HD monitor.
  • Ways to Buy:
  • Retail
    Class can be purchased directly via check, credit card, or PO.
  • CV Centriq Vouchers
    Class is available for students using Centriq Vouchers.
  • CP Centriq Choice Pass Eligible
    Class is available to students utilizing Centriq Choice Pass program.
Start Date End Date Duration Days Start Time End Time Time Zone Location Ways to Train Ways to Buy Price
Request a Date
The NIST Cybersecurity Framework (NCSF) Practitioner Training course is designed for individuals within an organization who are directly involved in the planning, design, creation, implementation, and or improvement of a cybersecurity program that will follow the principles of the NIST Cybersecurity Framework. Although some aspects of the course are technical, this course also includes risk management, business controls, and other topics that would be of value to staff outside of the traditional technical audience.

This course is suited for individuals working with and overseeing the technology, including CIOs, IT Directors and Managers, IT Security personnel, and IT staff.
• Two-day deep dive into Foundation concepts.
• Focus on designing and implementing (or improving) a cybersecurity program to minimize risks and protect critical assets based on the NIST CSF.
• Provides a detailed analysis of various technical and business controls, including the Center for Internet Security 18 Critical Security Controls, the ISO 27001: 2013 Information Security Management System, and the ISO 27002: 2013 Code of Practice.


Prerequisites

Individuals should have already taken the NIST Cybersecurity Framework (NCSF) Foundation Training course or have significant experience with the NIST Cybersecurity Framework.


View the NCSF-Practitioner- NIST Cybersecurity Framework (NCSF) Practitioner Training Training Course Outline

MODULE 1: COURSE INTRODUCTION

MODULE 2: THE COMPONENTS OF THE NIST CYBERSECURITY FRAMEWORK

Review of the NIST CSF Major Components
Tiers and Tier selection
Current and Target Profiles and the Framework Core
Informative References
i. Center for Internet Security Controls v8
ii. ISO/IEC 27001:2013
iii. ISO/IEC 27002:2013
iv. NIST SP 800-53 Rev. 5
Supply Chain Risk Management in the Enterprise

MODULE 3: RISK MANAGEMENT IN THE NIST CSF AND NIST RMF

Risk Management in the NIST Cybersecurity Framework
Analyzing the NIST Risk Management Framework
i. Introduction and History
ii. Purpose and Use Cases
iii. Six Steps
1. Categorize System
2. Select Controls
3. Implement Controls
4. Assess Controls
5. Authorize System
6. Monitor Controls
Integrating the Frameworks

MODULE 4: REAL WORLD ATTACKS

Major Cybersecurity Attacks and Breaches
Cyber Kill Chain
MITRE ATT&CK Matrices

MODULE 5: DEFENSE IN DEPTH AND THE NIST CYBERSECURITY FRAMEWORK

Defense in Depth and the NIST CSF
Zero Trust
Aligning vendor Controls with Subcategories
Security Operations Center (SOC) activities and Security Information and Event Management solutions in relation to the Framework

MODULE 6: ASSESSING CYBERSECURITY IN THE SUBCATEGORIES

Creating an Assessment Plan
Assigning Roles and Responsibilities
Tiers, Threats, Risks, Likelihoods, and Impact

MODULE 7: CREATING A WRITTEN INFORMATION SECURITY PROGRAMS (WISP)

The Intersection of Business and Technical Controls
What is a Written Information Security Program (WISP)?
Creating a WISP Template
Aligning Current Profile with a WISP

MODULE 8: A PRACTITIONER’S DEEP DIVE INTO CREATING OR IMPROVING A CYBERSECURITY PROGRAM

Step 1: Prioritize and Scope
a) Identifying organizational priorities
b) Aiding and influencing strategic cybersecurity implementation decisions
c) Determining scope of the implementation
d) Planning for internal adaptation based on business line/process need
e) Understanding risk tolerance

Step 2: Orient
a) Identifying systems and applications which support organizational priorities
b) Working with compliance to determine regulatory and other obligations
c) Planning for risk responsibility

Step 3: Create a Current Profile
a) Cybersecurity Assessment options
b) How to measure real world in relation to the Framework
c) Qualitative and quantitative metrics
d) Current Profile and Implementation Tiers

Step 4: Conduct a Risk Assessment
a) Risk assessment options (3rd party vs internal)
b) Organizational vs. system level risk assessment
c) Risk assessment and external stakeholders

Step 5: Create a Target Profile
a) Target Profile and Steps 1-4
b) External stakeholder considerations
c) Adding Target Profiles outside the Subcategories

Step 6: Determine, Analyze, and Prioritize Gaps
a) Defining and determining Gaps
b) Gap analysis and required resources
c) Organizational factors in creating a prioritized action plan

Step 7: Implement Action Plan
a) Implementation team design from Executives to Technical Practitioners
b) Assigning tasks when priorities conflict
c) Considering compliance and privacy obligations
d) Taking action
e) Reporting and reviewing

MODULE 9: CONTINUOUS CYBERSECURITY IMPROVEMENT

Creating a continuous improvement plan
Implementing ongoing assessments
Enroll Now!