This four-day course details the current cybersecurity challenges and teaches in-depth the UMass Lowell NCSF Control Factory Methodology on how to build, test, maintain and continually improve a cybersecurity program based on the NIST Cybersecurity Framework. This program is focused on candidates who need a detailed understanding of the NCSF to perform their daily roles as cybersecurity engineers, testers or operations professionals. This course looks at cybersecurity risks and instructs students on the best approach to design and build a comprehensive technology focused cybersecurity program and business focused cyber-risk management program that will minimize risks, and at the same time, protect critical assets. Executives are keenly aware of the risks but have limited knowledge on the best way to mitigate these risks. We will want to enable executives to answer the key question – Are we secure? **Please Note: NCSF Foundations is a Pre-requisite.**
Why NIST Cyber Security Professional (NCSP) Foundation training?
For IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity Framework (NCSF) across an enterprise and its supply chain.
Who should attend?
IT professionals and C-level personnel responsible for an organization’s security framework and compliance. People who are looking to be NIST certified.
The DVIRC Difference
As your trusted local advisor, DVIRC offers the authorized NCSF Practitioner program, which prepares participants for the NSCF Practitioner exam and teaches the skills necessary to design, build, test, manage and improve a cybersecurity program based on the NCSF. This class was put together by NIST SME Larry Wilson UMass Lowell
1 – DIGITAL TRANSFORMATION
- Explores what the Practitioner needs to know about the relationship between digital transformation and cybersecurity.
- Explain how to determine the impact of cybersecurity on DX.
- Explain the relationships between culture and digital transformation from the perspective of a practitioner.
- Explain the delivery of value to stakeholders in a DX & cybersecurity environment.
- Illustrate the interdependent relationship between cybersecurity and DX.
2 – THREAT LANDSCAPE
- The Practitioner needs to understand what threat actors do and their capabilities.
- Compare the evolving attack type impact to the threat environment.
- Apply knowledge about the threat landscape to maintain a readiness to respond.
- Develop a risk profile based on business impact analysis
- Establish the relationship between awareness and training in the continual improvement of cybersecurity posture.
- Develop and treat training & awareness as a critical aspect of deterrence
- Use knowledge about the threat landscape as a predicate to the adoption and adaptation of your cybersecurity posture.
3 – THE CONTROLS
- This chapter provides a sample set of controls based on an informative reference.
- Understand the purpose goals & objectives for each control.
- Characterize & explain the informative reference controls
- Discover how to apply the controls in an organizational context.
4 – ADOPT & ADAPT
- Adopt is a decision about governance; adapt is the set of management decisions that result from the decision to adopt.
- Distinguish Adopt, Adapt, Management & Governance.
- Develop an approach to adoption & adaptation.
- Distinguish & demonstrate the impact of organizational culture on developing cybersecurity as a capability.
- Develop an assessment approach to define current state.
5 – ADAPTIVE WAY OF WORKING
- Threat actors are agile and highly adaptive. The cybersecurity Practitioner must develop the same capabilities
- Break down what constitutes an adaptive approach.
- Characterize & apply the need for cross functional teams.
- Recognize and prioritize the first steps (get started).
- Demonstrate & establish cybersecurity phases.
- Break down the impact of the flows.
6 – RAPID ADOPTION & RAPID ADAPTATION FASTTRACK™
- FastTrack™ is an approach to allow organizations to learn to adapt to an evolving threat landscape rapidly.
- Establish what it takes to adopt CS.
- Determine how that impacts management adaptation of CS.
- Determine how that impacts the capability to assess.
- CS Capability
- Determine the gap between existing & needed capabilities.
- Establish what must be developed.
- Develop appropriate risk management profile. Discover how cybersecurity impacts people, practice & technology impacts organization.
- Differentiate CIS Implementation groups.
- Determine appropriate implementation group & approach.
- Develop appropriate phase approaches.
7 – CIIS PRACTICE
- Cybersecurity is an ongoing game of cat and mouse. Organizations must learn how to inculcate cybersecurity improvement into their DNA.
- Break down & develop mechanisms for ongoing cybersecurity improvement that includes developing a learning organization.
- Illustrate an improvement plan based on the NIST 7-Step Approach.
- Illustrate an improvement plan based on the Improvement GPS.
- Demonstrate understanding of Cybersecurity Maturity Model Certification
- Break down the balancing loop & how it fits into the escalation archetype.
- Use the Fast Track™ (improvement & implementation) cycles.
Cancellations received up to 5 business days prior to class start date will not be charged the training fee, or will be refunded if payment has already been submitted. Cancellations 1-3 business days prior to class will be charged the training fee. As a courtesy, we will allow you to apply 50% of your payment towards a future training course within one year of the cancellation date. No refund will be provided for same-day cancellations and no-shows; customer is responsible for full payment without future training credit. Registrant substitutions may be made at any time. Cancellations must be submitted via email to firstname.lastname@example.org or by phone at 215-552-3827.
DVIRC recommends all guests be vaccinated against COVID-19.
Unvaccinated visitors must take a rapid test (which may be supplied by DVIRC) and receive a negative response. Considering the test will take about 15 minutes to process, all unvaccinated guests should arrive 15 minutes early to ensure they can take the rapid test and receive negative results before they proceed to the training room or to their scheduled meeting within the building.