NIST Cybersecurity Framework
Overview
NIST is the de-facto standard for security, compliance, and privacy in the US. One must comply with NIST standards if/when doing business with the US federal government, managing critical infrastructure, or maintaining personally identifiable information (PII).
NIST provides the Cybersecurity Framework (CSF) and Risk Management Framework (RMF) to guide organizations in securing their infrastructure, systems, and data. In this course, participants will apply the NIST Cybersecurity and Risk Management Frameworks to better protect their infrastructure, detect possible cyber incidents, and appropriately respond and recover should they occur. We teach participants how to become well-versed in the NIST CSF and RMF, how to implement them, and ways to effectively manage CSF and RMF processes for optimal security, privacy, and compliance.
Why you should take this course.
For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.
Here are the learning objectives we'll cover.
- Assess techniques for implementing the NIST Cybersecurity and Risk Management Frameworks.
- Adapt methods for identifying, managing and mitigating compliance risks for a sample or real-world organization.
- Interpret case studies showing how sample organizations solved common security problems using the NIST CSF and RMF.
- Apply procedures and tools to apply the NIST Cybersecurity Framework's Five Functions.
- Evaluate publications, procedures and tools for applying the NIST Risk Management Framework's Six Steps for an organization.
- Choose best practices for NIST CSF and RMF audits or assessments for organizations of all sizes, structures and sectors.
Here are the topics we'll cover.
-
NIST Cybersecurity Overview
- NIST Cybersecurity and Publications
- NIST Relationships
- NIST CSF & RMF Overview
- NIST CSF Core, Tiers, and Profiles
- The Vocabulary of Risk
- NIST Frameworks & Standards Case Study
-
NIST CSF Identify
- NIST Core Review and Identify Function Overview
- Inventory of Critical Assets
- Business Impact Assessment
- Security Policies and Procedures
-
NIST CSF Protect Function
- NIST Core Review and Protect Function Overview
- Awareness & Training
- Access Control
- Protective Technology – Network
- Protective Technology – Systems
- Data Security and Encryption
- Maintenance
- Personnel and Physical Security
-
NIST CSF Detect Function
- System Auditing and Logging
- Monitoring and Alerting
- Assessments
-
NIST CSF Respond Function
- Response Planning
- Incident response Plan Examples
- Digital Forensics
- Response Training and Testing
- Mitigation and Improvements
-
NIST CSF Recover Function
- Continuity of Operations Plan
- Backup and recovery
- Virtualization and the Cloud
-
NIST RMF Preparation
- NIST RMF Overview and Preparation
- A Risk-Based Approach to Security
- The RMF Preparation Step
- System Security Plan (SSP)
-
NIST RMF Categorization
- Categorizing Information Systems
- Establishing Scope
- The RMF Categorize Step
- Categorization Risk Analysis
-
NIST RMF Control Selection
- Selecting Security Controls
- NIST Control Documents
- Setting and Tailoring control Baselines
- Control Allocation and Monitoring
- Documentation and Approval
-
NIST RMF Control Implementation
- Security Control Implementation
- Common Controls
- Documenting Controls
-
NIST RMF Control Assessment
- NIST RMF Assessment Step and Process
- Assessment Plan
- Conducting the Assessment
- Analyzing Assessment Results
- Assessment Documentation
- Risk Remediation
-
NIST RMF Authorization
- System Authorization
- Risk Response
-
NIST RMF Risk Monitoring
- Monitoring Controls Step
- Change Management and Configuration Control
- System Disposal (EOL)
Learning Style
Level
Includes
Practice Test
Skill Lab
Assessment