NCSF-CFM Bootcamp On-Demand

Course Overview

The boot camp is based on the NCSF-CFM Foundation and Practitioner certification training programs. The NCSF-CFM Foundation program teaches the fundamentals of the NIST Cybersecurity Framework and the UMass Lowell Controls Factory™ Model. The NCSF-CFM Practitioner program teaches the advanced skills necessary to engineer, operate and manage the business risk of a NIST Cybersecurity Framework program. The program is designed for IT and Business professionals who will play an active role in the design and management of an NCSF program. Students have access to the course content for 6 months

Who Should Attend

This course is targeted at IT, Cybersecurity and Business Professionals looking to become certified on how to operationalize the NIST Cybersecurity Framework (NCSF) across an enterprise and its supply chain

Course Objectives

This course introduces the NIST Cybersecurity Framework (NIST CSF). The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. This course discusses how an organization can use the Framework as a key part of its systematic process for identifying, assessing, and managing cybersecurity risk. The NCSF Practitioner program teaches the knowledge to prepare for the NSCF Practitioner exam plus the skills and abilities to design, build, test, manage and improve a cybersecurity program based on the NCSF.

Course Outline

1 - Course Introduction

2 - Today's Digital Economy

  • What Cybersecurity is and why it's Important
  • Cybersecurity's Impact on the Economy
  • Basic Principle of Cybersecurity
  • Critical Infrastructure, Vulnerabilities & Consequences
  • What is PPD-21: Presidential Policy Directive and why it's Important?
  • The Cyber Kill Chain(CKC) & Basic Cybersecurity Principles
  • What are Threats, Vulnerabilities & Assets?
  • What is the Difference Between a Threat and a Vulnerability?

3 - Understanding Cyber Risks

  • Understand and Explain the Terms: Risk, Asset, Vulnerability, Threat
  • Determine Actions to Address Risk & Opportunities
  • Establish Context
  • Establish Criteria for Risk Assessment & Acceptance
  • Risk
  • Identify Action
  • Analysis & Evaluation
  • Treatment (Includes Avoidance, Modification, Sharing & Retention)
  • Understand how to Capture, Document & Manage
  • Risks
  • Treatment Plans

4 - The NIST Cybersecurity Framework Fundamentals

  • Understand the NIST Cybersecurity Framework (NIST CSF)
  • Understand & Explain the NIST CSF Objectives

5 - Core Functions, Categories & Subcategories

  • Understand & Explain the Core Functions
  • Understand & Explain the Framework Categories
  • Understand & Explain the Framework Subcategories
  • Understand & Explain the Informative References

6 - Implementation Tiers

  • Understand in General Terms NIST CSF Implementation Tiers & Their Use
  • Understand the four NIST CSF Implementation Tiers
  • Understand the Three Risk Categories

7 - Developing Framework Profiles

  • Understand in General Terms NIST CSF Profiles & Their Use
  • Understand How to Determine Biggest Gaps
  • Understand & Demonstrate how to Determine Profiles through a Risk Assessment

8 - Cybersecurity Improvement

  • Understand Key Considerations for Beginning a Security Program
  • Learn How to Integrate Cybersecurity into an Information Security Management System (ISMS)
  • Understand How to Adopt the NIST Risk Management Framework
  • Learn How to Develop Organizational Capability to Continually Improve Cybersecurity Capabilities
  • Understand the Expected Framework Adoption
  • Understand Differences Between a Rules-Based Approach and a risk Based Approach
  • Know the Differences Between Risk Assessment & Compliance Assessment\
  • Understand the 7-Step Process Organizations use to Create a New Cybersecurity Program or Improve an Existing Program

9 - NCSF Controls Factory Model

  • Understand the NCSF Controls Factory Model (CFM)
  • Learn How the CFM Converts Assets from Unmanaged to Managed
  • Understand the Purpose, Goals, Objectives & Key Capabilities
  • Describe How the NCSF CFM Operationalized

10 - Background & Introduction

11 - Framing the Problem

  • Cybersecurity Risks & Controls
  • Cyber-Risks to Critical Infrastructure
  • Mitigating Cyber-Risks: Steps 2 – 5

12 - The Controls Factory Model

  • Cybersecurity Controls Model
  • The Engineering Center
  • The Technical Center
  • The Business Center

13 - Cyber Threats & Vulnerabilities

  • Cyber Kill Chain® Model
  • The Cyber Threat Landscape
  • Vulnerabilities & Control Deficiencies

14 - Digital Assets, Identities & Business Impact

  • Securing our Digital Assets
  • Asset Management
  • Business Applications
  • Security Practices
  • Business Environment
  • Governance & Risk Assessment
  • Risk Management & Supply Chain

15 - NIST Cybersecurity Framework – Design & Build

  • NIST CSF: Core Function Mapping

16 - Technology Program – Design & Build

  • The Technology Program
  • Critical Security Control 01 – 20

17 - Security Operations Center (SOC)

  • Security Operations Overview
  • SOC Technology
  • SOC People
  • SOC Process/Procedures
  • SOC Services
  • SOC Options

18 - Technology Program Test & Assurance

  • PCI=DSS Overview & Mapping
  • Build & Maintain a Secure Network & Systems
  • Protect Cardholder Data
  • Maintain a Vulnerability Management Program
  • Implement Strong Access Control Measures
  • Regularly Monitor & Test Networks
  • Maintain an Information Security Policy

19 - Business Center Design & Build

  • Controls Factory Model – Business Center
  • ISO 27002 Control Clause A.5 to A.18

20 - Cyber Workforce Skills Development

  • The Controls Factory Model – Cyber Workforce Development
  • Lesson the NICE Workforce Framework (NCWF)
  • Securely Provision
  • Operate & Maintain
  • Oversee & Govern
  • Protect & Defend
  • Analyze
  • Collect & Operate
  • Investigate

21 - Cyber Risk Program Design & Build

  • Controls Factory Model – Cyber Risk Program
  • AICPA Description Criteria Categories: 1 to 19

22 - Cybersecurity Program Assessment

  • Sample Assessment
  • Cybersecurity Program Summary Design

23 - The Risk Management Framework

  • AICPA Cyber Risk Categories
  • FTC Compliance with the Framework

Enroll Today

Price: $1,895.00
Payment Options

ILT Instructor‑Led Training


GTR  Guaranteed to Run

Class times are listed Eastern time. This class is available for Private Group Training

To sort by location or date, click the ‘When’ and ‘Where’ column headings.

Class dates not listed.
Please contact us for available
dates and times.