Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Python
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
NIST Cybersecurity Framework (NCSF) Boot Camp
Security Training Overview

The three-day NIST Cybersecurity Bootcamp course is a combination of the NIST Cybersecurity Framework (NCSF) Foundation and Practitioner Training courses. The bootcamp provides a deep dive into the components of the NIST CSF and NIST Risk Management Framework (RMF) and how they align to risk management. The course will follow the principles of the NIST Cybersecurity Framework to design and implement (or improve) a cybersecurity program to protect critical assets. The bootcamp details defense in depth, creation of a Written Information Security Program, and implementing ongoing assessments for a continuous improvement plan. This course is suited for individuals working with and overseeing the cybersecurity of an organization, including CIOs, CISOs, IT Security workforce, and IT Directors/Managers/Personnel.

Includes NIST Framework certification exam and continuing education credits, such as PDUs and CEUs. Candidates receive a certificate for a passing score and a skills-gap document after completing their exam.


Security Training Course Audience

The NCSF Bootcamp Training course is suited for individuals working with and overseeing the technology, including CIOs, CISOs, IT Directors and Managers, IT Security personnel, and IT staff

Security Training Course Objectives

After this course a student should be able to:
  • Deep dive into Foundation concepts.
  • Focus on designing and implementing (or improving) a cybersecurity program to minimize risks and protect critical assets based on the NIST CSF.
  • Provides an analysis of various technical and business controls, including the Center for Internet Security v8 Critical Security Controls, the ISO 27001: 2013 Information Security Management System Requirements, and the NIST Risk Management Framework.

Security Training Prerequisites

  • Basic computing skills and security knowledge will be helpful.

Security Training Course duration

3 days

Security Training Course outline

THE FOUNDATION COURSE IS ORGANIZED AS FOLLOWS:

MODULE 1: COURSE INTRODUCTION

Provides the student with information relative to the course, conduct of the course in the virtual classroom, and course materials.

MODULE 2: THE BASICS OF CYBERSECURITY
  • What is cybersecurity?
  • Types of attackers
  • Vulnerabilities
  • Exploits
  • Threats
  • Controls
  • Frameworks
  • Risk-Based Cybersecurity
MODULE 3: A HOLISTIC STUDY OF THE NIST CYBERSECURITY FRAMEWORK
  • History
    • EO 13636
    • Cybersecurity Enhancement Act of 2014
    • EO 13800
  • Uses and Benefits of the Framework
  • Attributes of the Framework
  • Framework Component Introduction
    • Framework Core
    • Framework Profiles
    • Framework Implementation Tiers
MODULE 4: CYBERSECURITY ACTIVITIES: THE FRAMEWORK CORE
  • Purpose of the Core
  • Core Functions, Categories, and Subcategories
  • Informative References
MODULE 5: RISK MANAGEMENT CONSIDERATIONS: FRAMEWORK IMPLEMENTATION TIERS
  • Purpose of the Tiers
  • The Four Tiers
  • Components of the Tiers
  • Compare and contrast the NIST Cybersecurity Framework with the NIST Risk Management Framework
MODULE 6: CURRENT AND DESIRED OUTCOMES: FRAMEWORK PROFILES
  • Purpose of the Profiles
  • The Two Profiles
  • Interrelationships between the Framework Components
MODULE 7: A PRIMER ON THE SEVEN STEP FRAMEWORK IMPLEMENTATION PROCESS
  • Prioritize and Scope
  • Orient
  • Create a Current Profile
  • Conduct a Risk Assessment
  • Create a Target Profile
  • Determine, Analyze, and Prioritize Gaps
  • Implement the Action Plan
THE PRACTITIONER COURSE IS ORGANIZED AS FOLLOWS:

MODULE 1: COURSE INTRODUCTION

Provides the student with information relative to the course, conduct of the course in the virtual classroom, and course materials.

MODULE 2: APPLYING NIST CSF TIERS AND PROFILES
  • Review of the NIST CSF Major Components
  • Tiers and Tier selection
  • Current and Target Profiles and the Framework Core
MODULE 3: AN EXPLORATION OF INFORMATIVE REFERENCES
  • Defining the major Informative References
  • CIS Controls v8
  • ISO/IEC 27001:2013
  • NIST SP 800-53 Rev. 5
MODULE 4: RISK MANAGEMENT IN THE NIST CSF AND NIST RMF
  • Risk Management in the NIST Cybersecurity Framework
  • Analyzing the NIST Risk Management Framework
  • Introduction and History
  • Purpose, Design, and Characteristics
  • Seven Steps
    • Prepare
    • Categorize
    • Select
    • Implement
    • Assess
    • Authorize
    • Monitor
  • Integrating the Frameworks
MODULE 5: UNDERSTANDING AND DEFENDING AGAINST REAL WORLD ATTACKS
  • Major Cybersecurity Attacks and Breaches
  • MITRE ATT&CK Matrices
  • Defense in Depth and the NIST CSF
  • Security Operations Center (SOC) activities and Security Information and Event Management (SIEM) solutions in relation to the NIST CSF
MODULE 6: ASSESSING SECURITY IN THE SUBCATEGORIES
  • Creating an Assessment Plan
  • Assigning Roles and Responsibilities
  • Tiers, Threats, Risks, Likelihoods, and Impact
MODULE 7: CREATING A WRITTEN INFORMATION SECURITY PROGRAMS (WISP)
  • The Intersection of Business and Technical Controls
  • What is a Written Information Security Program (WISP)?
  • Creating a WISP Template
  • Aligning Current Profile with a WISP
MODULE 8: A PRACTITIONER’S DEEP DIVE INTO CREATING OR IMPROVING A CYBERSECURITY PROGRAM
  • Step 1: Prioritize and Scope
    • Identifying organizational priorities
    • Aiding and influencing strategic cybersecurity implementation decisions
    • Determining scope of the implementation
    • Planning for internal adaptation based on business line/process need
    • Understanding risk tolerance
  • Step 2: Orient
    • Identifying systems and applications which support organizational priorities
    • Working with compliance to determine regulatory and other obligations
    • Planning for risk responsibility
  • Step 3: Create a Current Profile
    • Cybersecurity Assessment options
    • How to measure real world in relation to the Framework
    • Qualitative and quantitative metrics
    • Current Profile and Implementation Tiers
  • Step 4: Conduct a Risk Assessment
    • Risk assessment options (3rd party vs internal)
    • Organizational vs. system level risk assessment
    • Risk assessment and external stakeholders
  • Step 5: Create a Target Profile
    • Target Profile and Steps 1-4
    • External stakeholder considerations
    • Adding Target Profiles outside the Subcategories
  • Step 6: Determine, Analyze, and Prioritize Gaps
    • Defining and determining Gaps
    • Gap analysis and required resources
    • Organizational factors in creating a prioritized action plan
  • Step 7: Implement the Action Plan
    • Implementation team design from Executives to Technical Practitioners
    • Assigning tasks when priorities conflict
    • Considering compliance and privacy obligations
    • Taking action
    • Reporting and reviewing
MODULE 9: CONTINUOUS CYBERSECURITY IMPROVEMENT
  • Creating a continuous improvement plan
  • Implementing ongoing assessments
Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved