NIST Cyber Security Expert - Fast Track

Provided by

"Teaches You How to Establish, Assess and Operationalize a Cyber Security Program Based on the NIST Cyber Security Framework"

The NCSE (NIST Cyber Security Expert) certification course has been developed to teach businesses how to establish and operationalize a cyber security program based on the NIST Cyber Security Framework. This non-tech syllabus aimed at business leaders and/or cyber security practitioners has been developed based on a holistic body of knowledge that encompasses a real-life pragmatic approach to understanding the fundamental concepts of cyber risk management and how to leverage the NIST Cyber Security Framework in order to assess, implement and operationalize a cyber security program. No previous cyber security knowledge is assumed and the course is appropriate for all levels.

What does the Course Cover?

The course is non-technical in approach and supports students on a 10 modules journey. You are provided with 24/7 access to all materials and a 3 hours workshop at the end of the 30 days access.

The syllabus presumes little to no cyber related experience and commences with providing an understanding of the CYBER THREAT LANDSCAPE. In the first module, we explore the cyber threat landscape and gain an understanding of the key threat actors, their motivations and techniques.

We breakdown the underground economy of cybercrime. We reference real-life case studies of high-profile cyber-attacks with a view to understanding why and how they were attacked and what could have been done to prevent the breach.

We then move on to understanding CYBER RISK MANAGEMENT FUNDAMENTALS.

*NIST Videos are provided Courtesy of the National Institute of Standards and Technology. All rights reserved, U.S. Secretary of Commerce.

In the second module, we explore the key aspects of cyber risk management. Understanding the fundamentals of CRQ Cyber Risk Quantification and how to engage the business by leveraging "Meaningful Metrics" related to the business strategy. Developing KPI's (Key Performance Indicators) and KRI's (Key Risk Indicators) that empower the business and how to leverage those metrics to develop appropriate maturity roadmaps and appropriately inform business leadership.

We then progress to UNDERSTANDING FRAMEWORKS AND CYBER STRATEGY. In the third module, we outline the importance and the anatomy of a cyber strategy and how a cyber risk framework supports that mission, leadership, culture, governance structure and all supporting processes.

We explore how a cyber risk framework operates and how it integrates with the business value chain. Understand the foundational elements including standards, policies, procedures, legal and regulatory controls.

The next 5 modules are focused on thoroughly understanding the NIST CSF FUNCTIONS. Each function is explained with easy to understand terminology leveraging real-life and abstract examples across each function including every single category and subcategory of controls.

We also review the related informative references with implementation tiers for each function area.In module 5, we breakdown the NIST IDENTIFY FUNCTION by exploring how to develop an organizational understanding in order to manage cybersecurity risk to systems, people, assets, data, and capabilities.
  • We then breakdown the NIST PROTECT FUNCTION by exploring how to develop and implement appropriate safeguards to ensure delivery of services.
  • Next we breakdown the NIST DETECT FUNCTION by exploring how to develop and implement appropriate activities to identify the occurrence of a cybersecurity event.
  • We now move to breaking down the NIST RESPOND FUNCTION by exploring how to develop and implement appropriate activities to take action regarding a detected cybersecurity incident.
  • We then breakdown the fifth area which is the NIST RECOVER FUNCTION by exploring how to develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Finally, we outline what is involved in ESTABLISHING A CYBER RISK PROGRAM. How to apply the NIST CSF in the real world is the objective of this module. We explore methodologies, protocols and lifecycles in relation to assessing and implementing the framework. We leverage a case study of a financial service entity and walk through assessing the organization, developing a maturity roadmap related to a target profile and implementing it. Understanding how to manage and communicate the status of the program is a key component of this module.

Explore the Modules

MODULE 1

CYBER THREAT LANDSCAPE

We explore the global cyber threat landscape and gain an understanding of the key threat actors, their motivations and techniques. We breakdown the underground economy of cybercrime. We reference real life case studies of high-profile cyber-attacks. This module provides a context and background to the ecosystem of cyber threat actors. We reveal their modus operandi and TTPs (Tactics, Techniques and Procedures) from targeting to money laundering.

MODULE 2

CYBER RISK MANAGEMENT FUNDAMENTALS

We explore the key aspects of cyber risk management. Understanding the fundamentals of CRQ (Cyber Risk Quantification) and how to engage the business by leveraging "Meaningful Metrics" related to the business strategy. Developing KPI's (Key Performance Indicators) and KRI's (Key Risk Indicators) that empower the business and how to leverage those metrics to develop appropriate maturity roadmaps and support business leadership in making informed decisions.

MODULE 3

UNDERSTANDING FRAMEWORKS AND CYBER STRATEGY

We outline the importance and the anatomy of a cyber strategy and how a cyber risk framework supports that mission, leadership, culture, governance structure and all supporting processes. We explore how a cyber risk framework operates and how it integrates with the business value chain. Understand the foundational elements including standards, policies, procedures, legal and regulatory controls.

MODULE 4

ANATOMY OF THE NIST CYBER SECURITY FRAMEWORK

We outline the background and context to the NIST Cyber Security Framework and breakdown the anatomy and structure including functions, categories, subcategories and informative references. We explore the use cases, benefits, future roadmap developments and gain an in-depth understanding of specific terminology and related resources.

MODULE 5

NIST CSF FUNCTION - IDENTIFY

We explore how to develop an organizational understanding in order to manage cybersecurity risk to systems, people, assets, data, and capabilities. We breakdown every single category and subcategory of controls within the "Identify" function. Explained in easy to understand terminology with real-life and abstract examples across the entire NIST CSF function. We explore related informative references and implementation tiers.

MODULE 6

NIST CSF FUNCTION - PROTECT

We explore how to develop and implement appropriate safeguards to ensure delivery of services. We breakdown every single category and subcategory of controls within the "Protect" function. Explained in easy to understand terminology with real-life and abstract examples across the entire NIST CSF function. We explore related informative references and implementation tiers.

MODULE 7

NIST CSF FUNCTION - DETECT

We explore how to develop and implement appropriate activities to identify the occurrence of a cybersecurity event. We breakdown every single category and subcategory of controls within the "Detect" function. Explained in easy to understand terminology with real-life and abstract examples across the entire NIST CSF function. We explore related informative references and implementation tiers.

MODULE 8

NIST CSF FUNCTION - RESPOND

We explore how to develop and implement appropriate activities to take action regarding a detected cybersecurity incident. We breakdown every single category and subcategory of controls within the "Respond" function. Explained in easy to understand terminology with real-life and abstract examples across the entire NIST CSF function. We explore related informative references and implementation tiers.

MODULE 9

NIST CSF FUNCTION - RECOVER

We explore how to develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. We breakdown every single category and subcategory of controls within the "Recover" function. Explained in easy to understand terminology with real-life and abstract examples across the entire NIST CSF function. We explore related informative references and implementation tiers.

MODULE 10

ESTABLISHING A CYBER RISK PROGRAM

Applying the NIST CSF in the real world is the objective of this module. We explore methodologies, protocols and lifecycles in relation to assessing and implementing the framework. We leverage a case study of a financial service entity and walk through assessing the organization, developing a maturity roadmap related to a target profile and implementing it. Understanding how to manage and communicate the status of the program is a key component of this module.

The Course is for?

The course syllabus has been specifically designed to be collaborative and bring together business leaders of various disciplines within an organization. They are the key stakeholders in designing, implementing or supporting the cyber risk management program of an organization. Key cyber risk management stakeholders include:
  • C-Suite
  • CISO/CSO/CIO or CRO
  • Head of IT/Security
  • CCO Chief Compliance Officer
  • Cyber Security/Risk/Compliance Teams
  • Legal
  • Procurement
  • Head of Business Units
  • Technology Leaders / Project Managers
  • Management Professionals / Team Leaders
  • Digital Consultants
IDEAL TRAINING COURSE FOR

Cyber Risk Leader

Develop and Implement Strategy

Gaining Recognition

Cyber Risk Management Specialist

Cyber Security and Risk Teams

Collaborate and Support Enterprise

How do you Learn?

The course is delivered entirely online. Students are provided with 30 days access to all the training material and exams. Followed by a 3 hours workshop. Training material comprises of rich interactive media such as videos, infographics and course notes.
There are many opportunities for collaborative learning via the discussion forums and you can leverage the portal to connect to other students around the world.
There are 10 modules with an online exam at the end of each module. The pass score for each module is 80% and you must obtain an average score of 80% or higher across all modules to be successfully certified. You can re-sit each of the module exams three times if required during your 10 weeks.

What Support do I Get?

Head Tutor

Subject Expert

Course Manager

One to One Student Support

Technical Support

Available to Solve Tech Issues

Social Learning

Student Network Collaboration

Extended Network

Related article

A set of measures to change the conversation from security to risk management, fully aligned to business strategy