Provided by

Enquire about this course

About the course

NIST Cyber Security Professional Foundation NIST Cyber Security Professional Practitioner

Accredited through APMG International and listed as qualified cyber training by DHS CISA in the U.S. and NCSC in the UK, the NCSP accredited training program teaches organizations how to rapidly engineer, operationalize and automate the NIST-CSF informative reference controls and management systems required to deliver the business outcomes expected by executive management, government regulators and industry auditors.

Candidates who attend and complete the NCSP Boot Camp Certificate course are eligible to sit the associated APMG certification exam along with applying for CPE, PDU and CEU continuing education credits from PMI, ISACA, CompTIA and other professional certification bodies.

This 5 day, instructor-led NCSP Boot Camp combines both the Foundation and Practitioner courses and includes a single multiple-choice question exam for full certification.

Suitable for all individuals and members of an organisation in need of a deeper understanding of the NIST Cybersecurity Framework, the Boot Camp training will help protect the online defences of any business in line with national standards.

Exams are booked and taken online via APMG proctor platform, at a time and date that delegates choose.


There are no prerequisites for attending this training. The aim is to provide staff with a better understanding of how to apply the NIST Cybersecurity Framework and establish a national common framework for preventing cyber attacks.

Target audience
Originally created as a common framework to be used by government and businesses to assess cyber threats, the NIST Cybersecurity Framework has value for staff in almost every department of an organisation’s structure.

Some examples of potential training groups:

Candidates looking to enhance their understanding of the NIST framework and how to apply it practically in a business context.

IT and network engineers, for an understanding of best practice when creating and implementing a security framework Operations, Business Risk and Compliance professionals who will benefit from more information about common cyber security risks and how organisations should be managing them.

IT and Cybersecurity specialists such as Developers, Penetration Testers and Auditors. This group will gain knowledge of how to apply the NIST framework practically and how to ensure an organisation is compliant with the common expectation for businesses.

Business professionals, such as lawyers and accountants or sales, marketing and HR departments. Staff who regularly interact with personal data will also benefit from understanding how to ensure cybersecurity best practice at all times.

Learning Outcomes 

The NCSP Boot Camp program teaches delegates how to:

  • Develop a program to rapidly operationalise the NIST Cyber Security Framework controls and management systems
  • Design and engineer a solution to be used across the organisation and its supply chain, identifying key weaknesses and how to resolve them.
  • Organise a Security Operations Centre (SOC) which will regularly monitor the cyber health of the organisation and respond accordingly.
  • Implement solutions that will automate the risk assessment, threat update reporting process
  • Establish a continuous learning program for all Technical and Business employees

Course Outline 

Course Modules:

Framing the Problem:
Discusses the context of the introduction on the NIST-CSF and adaptation using the Controls Factory Model.

The Controls Factory Model:
A closer look at the Controls Factory Model, including the three areas of focus; the Engineering Centre, the Technology Centre and the Business Centre.

Threats and Vulnerabilities:
Using the Cyber Attack Chain Model, attendees will be shown an overview of cyber attacks, focusing on the top 15 attack methods and the most common vulnerabilities.

Assets and Identities:
Detailed discussions of asset families and key architecture diagrams. This chapter also includes an analysis of business and technical roles, along with a discussion of governance and risk assessment.

The Controls Framework:
A practitioner-level analysis of a controls framework based on the NIST Cybersecurity Framework and how it is applied.

The Technology Controls:
A detailed analysis of the technical controls involved in the establishment of a cybersecurity framework. This will be based on the Center for Internet Security 20 Critical Security Controls©, including the controls objective, controls design, controls details and diagrams of all the controls.

The Security Operations Center (SOC):
Attendees will undergo a detailed analysis of Information Security Continuous Monitoring (ICSM) purpose and capabilities. This includes analysing people, processes, services and technologies provided by a well-functioning Security Operations Center.

Technical Program Testing and Assurance:
A high-level analysis of technology testing capabilities based on the PCI Data Security Standard (DSS). This includes an analysis of all 12 requirements of the DSS.

Business Controls:
An analysis of the business controls based on the ISO 27002:2013 Code of Practice (including the goals of preserving confidentiality, integrity and availability). This chapter includes the controls clauses, objectives and implementation overview.

Workforce Development:
An overview of current cybersecurity workforce demands and standards based on the NICE Cybersecurity Workforce Framework (NCWF).

The Cyber Risk Program:
A review of the AICPA Proposed Description Criteria for Cybersecurity Risk Management. Develops attendees’ understanding of the 9 Description Criteria Categories and the 31 Description Criteria.

Cybersecurity Program Assessment:
Highlights the key steps organizations can follow to conduct a Cybersecurity Program assessment. This will also look at recording assessment results including a technical scorecard based on the 20 critical controls. Also covers executive reports, gap analyses and implementation roadmaps.

Cyber-risk Program Assessment:
Discussion on the Cyber Risk Management Program based on the five Core Functions of the NIST Cybersecurity Framework

65 multiple choice questions
120 minute exam
Pass Mark – 60% (39 marks)
Closed book - APMG Proctor Portal (Online exam)

What's Included 
Exam included - worth £0



Start date Location / delivery
22 Mar 2021 Online Book now
26 Apr 2021 Online Book now

Related article

Read the latest edition of Cyber Pulse: Law enforcement takes down global cybercrime VPN services Safe-Inet; European Medicines Agency Covid-19