NIST – Practitioner Course

Provided by

Enquire about this course

About the course

NIST – Practitioner Course

Practitioner Course
What is it?

The 4-day Practitioner course introduces the ‘Controls Factory’ as a conceptual model that represents a system of controls used to protect critical assets, by transforming assets from an unmanaged state to a managed state. Delegates will have the opportunity to gain an internationally recognised qualification and apply for CPE, PDU and CEU continuing education credits from PMI, ISACA, CompTIA and other professional certification bodies.

The Controls Factory Model (CFM) has three focus areas; the engineering centre, the technology centre and the business centre. The course includes a deep dive of these three areas.

The engineering centre includes threats and vulnerabilities, assets and identities, and the controls framework.  It uses the Lockheed Martin Cyber Kill Chain© to model threats and examines both technical and business vulnerabilities to understand potential areas of exposure.

In terms of assets, endpoints, networks, applications, systems, databases and information assets are considered. In terms of identities, the course considers business and technical identities, roles and permissions, with NCSF as the central, overarching framework.

The technology centre includes technical controls based on the CIS 20 Critical Security Controls© and looks at technology implementation through security product solutions and services; Information
Security Continuous Monitoring (ISCM) capability through people, process and technology; and technical controls testing and assurance based on the Payment Card Industry Data Security Standard
(PCI DSS) standard. The goal here is to understand how to design, build and maintain a technology focused security system.

The business centre includes the key business / people-oriented controls based on ISO 27002:2013 Code of Practice; implementation (via program, policy and governance); and workforce development,
testing and assurance based on the AICPA Cyber-risk Management Framework. The goal here is to understand how to build a security governance capability that focuses on employees / contractors,
management and executives.

Finally, the course addresses outcomes which include both a cybersecurity (technology based) and cyber-risk (business based) scorecard and roadmap.

Key Learning Points:

  • Understand cybersecurity risks and the best approach to design and build a comprehensive technology focused cybersecurity program
  • How to build a business focused cyber-risk management program that will minimise risks, whilst protecting critical assets.


This course assumes the delegate has successfully taken and passed the NCSF Foundation Certificate training course and associated exam.

Target Audience

In essence, anyone wanting to further their knowledge of the NCSF and understand how to effectively and practically implement it:

  • IT and network engineers
  • Operations, business risk, consultants and compliance professionals
  • IT and cybersecurity specialists including developers, pen testers, and auditors
  • Information security managers, cybersecurity managers, CIOs, CISOs

Course Outline
Chapter 1
Course Overview - Reviews at a high level each chapter of the course

Chapter 2 Framing the Problem – Establishes the context and rationale for the adoption and adaptation of the NCSF using the CFM.

Chapter 3
Controls Factory Model – Introduces the concept of the CFM model and the three areas of focus, the Engineering, Technology and Business Centres.

Chapter 4 Threats and Vulnerabilities – Provides an overview of cyber-attacks (using the Cyber Attack Chain Model) and the most common technical and business vulnerabilities.

Chapter 5
Assets and Identities – Provides a detailed discussion of asset families, key architecture diagrams, an analysis of business and technical roles, and a discussion of governance and risk assessment.

Chapter 6 Controls Framework – Provides a practitioner level analysis of the controls framework based on the NCSF.

Chapter 7
Technology Controls - Provides a detailed analysis of the technical controls based on the CIS 20 Critical Security Controls©. This section includes the objective, design, details and a diagram for each control.

Chapter 8 Security Operations Centre (SOC) - Provides a detailed analysis of information security continuous monitoring (ISCM) purpose and capabilities and an analysis of people, process, technology, and services provided by a SOC.

Chapter 9
Technical Program Testing and Assurance – Provides a high-level analysis of technology testing capabilities based on the PCI DSS. The testing capabilities include all 12 Requirements of the standard.

Chapter 10 Business Controls - Provides a high-level analysis of the business controls based on ISO 27002:2013 including the controls clauses, objective and implementation overview. The business controls support an information security management system (ISMS).

Chapter 11
Workforce Development – Provides a review of cybersecurity workforce demands and workforce standards based on the NICE Cybersecurity Workforce Framework (NCWF).

Chapter 12 The Cyber Risk Program – Provides a review of the AICPA proposed description criteria for cybersecurity risk management covering the 9 description criteria categories and the 31 description criteria.

Chapter 13
Cybersecurity Program Assessment – Provides a detailed review of the key steps organisations can use for conducting a cybersecurity programme assessment. Assessment results include a technical scorecard (based on the 20 critical controls), an executive report, a gap analysis and an implementation roadmap.

Chapter 14
Cyber-risk Program Assessment – Provides a review of the Cyber Risk Management Program based on the five core functions of the NCSF.

Exam Format

  • 65 multiple choice questions
  • 120-minute exam
  • Pass mark – 60% (39 marks)

Closed book
This NIST Cyber Security Professional (NCSP) Practitioner course is provided in partnership with CySec Professionals Ltd, an APMG-International Accredited Training Organisation

Foundation Course

The Foundation Course is a 1 day course.  It will provide attendees with the knowledge and ability to take the associated exam and gain an internationally recognised qualification in identifying, assessing and managing security threats in organisations of every level.


Start date Location / delivery
No fixed date Online

Related article

The CISSP exam is now updated to reflect the most pertinent issues facing today’s cybersecurity professionals, along with the best practices for mi...