Course Overview
This course describes NIST Cybersecurity Framework and explains how organization can use the framework to manage cyber risks. The critical elements of the framework, Core, Tiers and Profile will be discussed along with relationship with other standards such as ISO 27001 and NIST SP800-53. The candidates will also learn how to to assess current cybersecurity posture, setting the target and plan to implement cybersecurity controls base on the framework concept.
Who Should Attend
  • IT Management, CSO, CIO
  • IT and Cybersecurity Professional
  • Cybersecurity auditor
  • Those who interested in adopting the framework within their organization
Course Contents
  • Current State of Cybersecurity
  • Overview of NIST Cybersecurity Framework
    • Framework Core
    • Framework Implementation Tiers
    • Framework Profiles
  • Core Functions: Identify, Protect, Detect, Respond and Recover
  • Categories and Subcategories
  • Implementation Tiers
    • Tier 1 Partial
    • Tier 2 Risk Informed
    • Tier 3 Repeatable
    • Tier 4 Adaptive
  • Developing Framework Profiles: Current Profile vs. Target Profile
  • Assessment and Implementation of the Framework
    • Step 1: Prioritize and Scope
    • Step 2: Orient
    • Step 3: Create a Current Profile
    • Step 4: Conduct a Risk Assessment
    • Step 5: Create a Target Profile
    • Step 6: Determine, Analyze, and Prioritize Gaps
    • Step 7: Implement Action Plan
  • Q & A
Training Info
  • Duration 2 days