NIST Cybersecurity Framework

Cybersecurity

Overview

NIST is the de-facto standard for security, compliance, and privacy in the US. One must comply with NIST standards if/when doing business with the US federal government, managing critical infrastructure, or maintaining personally identifiable information (PII).

NIST provides the Cybersecurity Framework (CSF) and Risk Management Framework (RMF) to guide organizations in securing their infrastructure, systems, and data. In this course, participants will apply the NIST Cybersecurity and Risk Management Frameworks to better protect their infrastructure, detect possible cyber incidents, and appropriately respond and recover should they occur. We teach participants how to become well-versed in the NIST CSF and RMF, how to implement them, and ways to effectively manage CSF and RMF processes for optimal security, privacy, and compliance.

Why you should take this course.

For users with an intermediate knowledge of this topic, and are searching for a deeper understanding of its evolving complexities.

Here are the learning objectives we'll cover.

  • Assess techniques for implementing the NIST Cybersecurity and Risk Management Frameworks.
  • Adapt methods for identifying, managing and mitigating compliance risks for a sample or real-world organization.
  • Interpret case studies showing how sample organizations solved common security problems using the NIST CSF and RMF.
  • Apply procedures and tools to apply the NIST Cybersecurity Framework's Five Functions.
  • Evaluate publications, procedures and tools for applying the NIST Risk Management Framework's Six Steps for an organization.
  • Choose best practices for NIST CSF and RMF audits or assessments for organizations of all sizes, structures and sectors.

Here are the topics we'll cover.

  1. NIST Cybersecurity Overview

    • NIST Cybersecurity and Publications
    • NIST Relationships
    • NIST CSF & RMF Overview
    • NIST CSF Core, Tiers, and Profiles
    • The Vocabulary of Risk
    • NIST Frameworks & Standards Case Study
  2. NIST CSF Identify

    • NIST Core Review and Identify Function Overview
    • Inventory of Critical Assets
    • Business Impact Assessment
    • Security Policies and Procedures
  3. NIST CSF Protect Function

    • NIST Core Review and Protect Function Overview
    • Awareness & Training
    • Access Control
    • Protective Technology – Network
    • Protective Technology – Systems
    • Data Security and Encryption
    • Maintenance
    • Personnel and Physical Security
  4. NIST CSF Detect Function

    • System Auditing and Logging
    • Monitoring and Alerting
    • Assessments
  5. NIST CSF Respond Function

    • Response Planning
    • Incident response Plan Examples
    • Digital Forensics
    • Response Training and Testing
    • Mitigation and Improvements
  6. NIST CSF Recover Function

    • Continuity of Operations Plan
    • Backup and recovery
    • Virtualization and the Cloud
  7. NIST RMF Preparation

    • NIST RMF Overview and Preparation
    • A Risk-Based Approach to Security
    • The RMF Preparation Step
    • System Security Plan (SSP)
  8. NIST RMF Categorization

    • Categorizing Information Systems
    • Establishing Scope
    • The RMF Categorize Step
    • Categorization Risk Analysis
  9. NIST RMF Control Selection

    • Selecting Security Controls
    • NIST Control Documents
    • Setting and Tailoring control Baselines
    • Control Allocation and Monitoring
    • Documentation and Approval
  10. NIST RMF Control Implementation

    • Security Control Implementation
    • Common Controls
    • Documenting Controls
  11. NIST RMF Control Assessment

    • NIST RMF Assessment Step and Process
    • Assessment Plan
    • Conducting the Assessment
    • Analyzing Assessment Results
    • Assessment Documentation
    • Risk Remediation
  12. NIST RMF Authorization

    • System Authorization
    • Risk Response
  13. NIST RMF Risk Monitoring

    • Monitoring Controls Step
    • Change Management and Configuration Control
    • System Disposal (EOL)

Learning Style

On Demand

Level

Advanced

Includes

Assessment

Who this course is for

Information Security and Network professionals, Chief Data Officers, Chief Information Security Officers, and Senior IT Auditors wanting to gain a deep understanding of the Cybersecurity Management System Framework.

NASBA Certified CPE

32 credits

Field of Study

Auditing

Length of course

32h

Advanced Preparation

None
Start Learning Today
Stay ahead of the curve and future-proof your business with training programs designed for you.
Purchase a PlanContact Sales

ACI Learning is registered with NASBA

ACI Learning is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: https://www.nasbaregistry.org/