NIST Cybersecurity Framework (NCSF) Boot Camp Certification Training
The NIST Cybersecurity Framework (NCSF) course introduces the NIST Cybersecurity Framework (NIST CSF). The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. The NCSF Foundation training course outlines current cybersecurity challenges and explains how organizations who implement a NCSF program can mitigate these challenges.
This four-day certification boot camp provides a detailed plan for designing and building a cybersecurity program based on the NIST Cybersecurity Framework and its control families (20 Critical Controls, ISO 27002 etc.). The boot camp is based on the NCSF-CFM Foundation and Practitioner certification training programs. The one-day NCSF-CFM Foundation program teaches the fundamentals of the NIST Cybersecurity Framework and the UMass Lowell Controls Factory™ Model. The four-day NCSF-CFM Practitioner program teaches the advanced skills necessary to engineer, operate and manage the business risk of a NIST Cybersecurity Framework program. The program is designed for IT and Business professionals who will play an active role in the design and management of an NCSF program.
The optional certification exam is through APMG. Student must pass a 180 minute, 120 question closed book multiple choice, examination. You must achieve 70 or more correct answers in order to receive this certification.
• 32 PDU Credits
There are no prerequisites for this course, although basic Security knowledge will be helpful.
NIST Cybersecurity Foundaton Course Outline
Provides the student with information relative to the course and the conduct of the course in the classroom, virtual classroom and online self-paced. The introduction also covers the nature and scope of the examination.
DOING BUSINESS IN THE DANGER ZONE
Discusses the current state of cybersecurity in the context of today’s threat landscape and what organizations must do in order to ask and answer the question, ’Are we secure?’
Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the resulting impact. With this information, organizations can determine the acceptable level of risk for delivery of services and can express this as their risk tolerance.
With an understanding of risk tolerance, organizations can prioritize cybersecurity activities, enabling organizations to make informed decisions about cybersecurity expenditures. Implementation of risk management programs offers organizations the ability to quantify and communicate adjustments to their cybersecurity programs. Organizations may choose to handle risk in different ways, including mitigating the risk, transferring the risk, avoiding the risk, or accepting the risk, depending on the potential impact to the delivery of critical services.
THE NIST CYBERSECURITY FRAMEWORK FUNDAMENTALS
The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. These components are explained in the remainder of the course.
CORE FUNCTIONS, CATEGORIES & SUBCATEGORIES
The Framework Core is a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous Functionsâ€”Identify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organization’s management of cybersecurity risk then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory.
Framework Implementation Tiers (’Tiers’) provide context on how an organization views cybersecurity risk and the processes in place to manage that risk. Tiers describe the degree to which an organization’s cybersecurity risk management practices exhibit the characteristics defined in the Framework (e.g., risk and threat aware, repeatable, and adaptive). The Tiers characterize an organization’s practices over a range, from Partial (Tier 1) to Adaptive (Tier 4). These Tiers reflect a progression from informal, reactive responses to approaches that are agile and risk-informed. During the Tier selection process, an organization should consider its current risk management practices, threat environment, legal and regulatory requirements, business/mission objectives, and organizational constraints.
DEVELOPING FRAMEWORK PROFILES
A Framework Profile (’Profile’) represents the outcomes based on business needs that an organization has selected from the Framework Categories and Subcategories. The Profile can be characterized as the alignment of standards, guidelines, and practices to the Framework Core in a particular implementation scenario. Profiles can be used to identify opportunities for improving cybersecurity posture by comparing a ’Current’ Profile (the ’as is’ state) with a ’Target’ Profile (the ’to be’ state).
To develop a Profile, an organization can review all of the Categories and Subcategories and, based on business drivers and a risk assessment, determine which are most important; they can add Categories and Subcategories as needed to address the organizational risks. The Current Profile can then be used to support prioritization and measurement of progress toward the Target Profile, while factoring in other business needs including cost-effectiveness and innovation. Profiles can be used to conduc
CYBERSECURITY CONTROLS FACTORYTM MODEL
This model, developed by Larry Wilson, CSIO at UMass, President’s Office, provides an approach for an organization to operationalization of the 20 Critical Security Controls within the NIST CSF within the context of the NIST CSF
The NIST CSF also provides a 7-step approach for the implementation and improvement of their cybersecurity posture utilizing the NIST CSF. The 7-steps include:
- Step 1: Prioritize and Scope. The organization identifies its business/mission objectives and high-level organizational priorities.
- Step 2: Orient. The organization identifies related systems and assets, regulatory requirements, and overall risk approach and then identifies threats to, and vulnerabilities of, those systems and assets.
- Step 3: Create a Current Profile. The organization develops a Current Profile by indicating which Category and Subcategory outcomes from the Framework Core are currently being achieved.
- Step 4: Conduct a Risk Assessment. The organization analyzes the operational environment in order to discern the likelihood of a cybersecurity event and the impact that the event could have on the organization.
- Step 5: Create a Target Profile. The organization creates a Target Profile that focuses on the assessment of the Framework Categories and Subcategories describing the organization’s desired cybersecurity outcomes.
- Step 6: Determine, Analyze, and Prioritize Gaps. The organization compares the Current Profile and the Target Profile to determine gaps. Next it creates a prioritized action plan to address those gaps that draws upon mission drivers, a cost/benefit analysis, and understanding of risk to achieve the outcomes in the Target Profile.
- Step 7: Implement Action Plan. The organization determines which actions to take in regards to the gaps, if any, identified in the previous step
NIST Cybersecurity Practitioner Course Outline
CHAPTER 1: COURSE OVERVIEW
Reviews at a high level each chapter of the course
CHAPTER 2: FRAMING THE PROBLEM
Reviews the main business and technical issues that we will address through the course.
CHAPTER 3: THE CONTROLS FACTORY MODEL
Introduces the concept of a Controls factory model and the three areas of focus, the Engineering Center, the Technology Center, and the Business Center.
CHAPTER 4: THE THREATS AND VULNERABILITIES
Provides an overview of cyber -attacks (using the Cyber Attack Chain Model), discusses the top 15 attacks of 2015 and 2016, and the most common technical and business vulnerabilities.
CHAPTER 5: THE ASSETS AND IDENTITIES
Provides a detailed discussion of asset families, key architecture diagrams, an analysis of business and technical roles, and a discussion of governance and risk assessment.
CHAPTER 6: THE CONTROLS FRAMEWORK
Provides a detailed analysis of the controls framework based on the NIST Cybersecurity Framework. Includes the five core functions (Identify, Protect, Detect, Respond and Recover).
CHAPTER 7: THE TECHNOLOGY CONTROLS
Provides a detailed analysis of the technical controls based on the Center for Internet Security 20 Critical Security Controls©. Includes the controls objective, controls design, controls details, and a diagram for each control.
CHAPTER 8: THE SECURITY OPERATIONS CENTER (SOC)
Provides a detailed analysis of Information Security Continuous Monitoring (ISCM) purpose and capabilities. Includes an analysis of people, process, technology, and services provided by a Security Operations Center.
CHAPTER 9: TECHNICAL PROGRAM TESTING AND ASSURANCE
Provides a high-level analysis of technology testing capabilities based on the PCI Data Security Standard (DSS). The testing capabilities include all 12 Requirements of the standard.
CHAPTER 10: THE BUSINESS CONTROLS
Provides a high-level analysis of the business controls based on the ISO 27002:2013 Code of Practice. Includes the controls clauses, objective, and implementation overview. The business controls are in support of ISO 27001 Information Security Management System (ISMS).
CHAPTER 11: WORKFORCE DEVELOPMENT
Provides a review of cybersecurity workforce demands and workforce standards based on the NICE Cybersecurity Workforce Framework (NCWF).
CHAPTER 12: THE CYBER RISK PROGRAM
Provides a review of the AICPA Proposed Description Criteria for Cybersecurity Risk Management. Covers the 9 Description Criteria Categories and the 31 Description Criteria.
CHAPTER 13: CYBERSECURITY PROGRAM ASSESSMENT
Provides a detailed review of the key steps organizations can use for conducting a Cybersecurity Program Assessment. Assessment results include a technical scorecard (based on the 20 critical controls), an executive report, a gap analysis and an implementation roadmap.
CHAPTER 14: CYBER-RISK PROGRAM ASSESSMENT