This course details the current cybersecurity challenges plus teaches in depth the UMass Lowell NCSF Control Factory Methodology on how to build, test, maintain and continually improve a cybersecurity program based on the NIST Cybersecurity Framework. This program is focused on candidates who need a detailed understanding of the NCSF to perform their daily roles as cybersecurity engineers, testers or operations professionals.
This course looks at cybersecurity risks and instructs students on the best approach to design and build a comprehensive technology focused cybersecurity program and business focused cyber-risk management program that will minimize risks, and at the same time, protect critical assets. Executives are keenly aware of the risks, but have limited knowledge on the best way to mitigate these risks. We will want to enable executives to answer the key question – Are we secure? **Please Note: NCSF Foundation is a Pre-requisite.**
Who Should Attend
IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity Framework (NCSF) across an enterprise and its supply chain.
The NCSF Practitioner program teaches the knowledge to prepare for the NSCF Practitioner exam plus the skills and abilities to design, build, test, manage and improve a cybersecurity program based on the NCSF.
1 - Digital Transformation
- Explores what the Practitioner needs to know about the relationship between digital transformation and cybersecurity.
- Explain how to determine the impact of cybersecurity on DX.
- Explain the relationships between culture and digital transformation from the perspective of a practitioner.
- Explain the delivery of value to stakeholders in a DX & cybersecurity environment.
- IIlustrate the interdependent relationship between cybersecurity and DX.
2 - Threat Landscape
- The Practitioner needs to understand what threat actors do and their capabilities.
- Compare the evolving attack type impact to the threat environment.
- Apply knowledge about the threat landscape to maintain a readiness to respond.
- Develop a risk profile based on business impact analysis
- Establish the relationship between awareness and training in the continual improvement of cybersecurity posture.
- Develop and treat training & awareness as a critical aspect of deterrence
- Use knowledge about the threat landscape as a predicate to the adoption and adaptation of your cybersecurity posture.
3 - The Controls
- This chapter provides a sample set of controls based on an informative reference.
- Understand the purpose goals & objectives for each control.
- Characterize & explain the informative reference controls
- Discover how to apply the controls in an organizational context.
4 - Adopt & Adapt
- Adopt is a decision about governance; adapt is the set of management decisions that result from the decision to adopt.
- Distinguish Adopt, Adapt, Management & Governance.
- Develop an approach to adoption & adaptation.
- Distinguish & demonstrate the impact of organizational culture on developing cybersecurity as a capability.
- Develop an assessment approach to define current state.
5 - Adaptive Way of Working
- Threat actors are agile and highly adaptive. The cybersecurity Practitioner must develop the same capabilities
- Break down what constitutes an adaptive approach.
- Characterize & apply the need for crossfunctional teams.
- Recognize and prioritize the first steps (get started).
- Demonstrate & establish cybersecurity phases.
- Break down the impact of the flows.
6 - Rapid Adoption & Rapid Adaptation FastTrack™
- FastTrack™ is an approach to allow organizations to learn to adapt to an evolving threat landscape rapidly.
- Establish what it takes to adopt CS.
- Determine how that impacts management adaptation of CS.
- Determine how that impacts the capability to assess.
- CS Capability
- Determine the gap between existing & needed capabilities.
- Establish what must be developed.
- Develop appropriate risk management profile. Discover how cybersecurity impacts people, practice & technology impacts organization.
- Differentiate CIS Implementation groups.
- Determine appropriate implementation group & approach.
- Develop appropriate phase approaches.
7 - CIIS Practice
- Cybersecurity is an ongoing game of cat and mouse. Organizations must learn how to inculcate cybersecurity improvement into their DNA.
- Break down & develop mechanisms for ongoing cybersecurity improvement that includes developing a learning organization.
- Illustrate an improvement plan based on the NIST 7-Step Approach.
- Illustrate an improvement plan based on the Improvement GPS.
- Demonstrate understanding of Cybersecurity Maturity Model Certification
- Break down the balancing loop & how it fits into the escalation archetype.
- Use the Fast Track™ (improvement & implementation) cycles.