In February 2013, the President of the United States issued Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity.” In response to this mandate, the National Institute of Standards and Technology (NIST) was tasked with development of the Framework for Improving Critical Infrastructure Cybersecurity, more commonly known as the Cybersecurity Framework. Although it was designed specifically for companies that are part of the U.S. critical infrastructure, many other organizations in the private and public sectors, including federal agencies, are using the framework as a helpful tool in managing cybersecurity risks.

This boot camp covers each of the three NIST Cybersecurity Framework components: the framework core, the framework implementation tiers and the framework profiles.

• Three days of training with an expert instructor
• Instructor-led walkthroughs and demonstrations
• 90-day access to course replays (Flex Pro)
• 100% Satisfaction Guarantee

After attending this NIST Cybersecurity Framework Boot Camp, you will be able to:

• Implement the NIST Cybersecurity Framework to identify, assess and manage cybersecurity risk
• Identify connections between business drivers and cybersecurity activities
• Determine activities that are most important to critical service delivery
• Prioritize expenditures to maximize the impact of the investment

Executive Order (EO) 13636, “Improving Critical Infrastructure Cybersecurity,” was issued to “enhance the security and resilience of the Nation’s critical infrastructure and to maintain a cyber environment that encourages efficiency, innovation, and economic prosperity while promoting safety, security, business confidentiality, privacy, and civil liberties.”

The order provided a mandate to establish a voluntary common framework for cybersecurity defense, now known as the NIST Cybersecurity Framework.

We don’t just have great instructors, our instructors have years of industry experience and are recognized as experts. Over the past 15 years, we’ve helped tens of thousands of students learn new skills, get certified and advance their careers.

Day 1: Risk frameworks

• Course introduction
• Legal/governmental guidelines
  • Legislative
  • Regulatory

Day 2: CSF Components and Processes

• NIST frameworks
  • RMF
  • CSF
• CSF components
  • Profile
    • Current profile
    • Target profile
  • Core
    • Functions
    • Categories
    • Subcategories
    • Informative references
  • Implementation tiers
    • Tier 1: Partial
    • Tier 2: Risk informed
    • Tier 3: Repeatable
    • Tier 4: Adaptive
  • CSF processes (5 steps)
    • Identify

Day 3: CSF Processes and Implementation

• CSF processes (cont.)
  • Protect
  • Defend
  • Respond
  • Recover
• 7-step approach to establishing or improving a cybersecurity program
  • Step 1: Prioritize and scope
  • Step 2: Orient
  • Step 3: Create a current profile
  • Step 4: Conduct a risk assessment
  • Step 5: Create a target profile
  • Step 6: Determine, analyze and prioritize gaps
  • Step 7: Implement action plan
• Links from CSF to security controls, COBIT 5 and ISO 27001