NIST Cybersecurity A-Z: NIST Cybersecurity Framework (CSF)



Learn to create a complete Cybersecurity Framework from scratch with NIST Cybersecurity Guidelines

What you will learn

Deep look at the Cybersecurity Framework’s five Functions: Identify, Protect, Detect, Respond, and Recover

Cybersecurity Authorization and Authentication

Cybersecurity Risk Planning and Management

Identifying Cybersecurity Threats and Vulnerabilities in a Company

Develop Plans for Dealing with the Highest Risks

User and Network Infrastructure Planning Identity Management and Access Control

Firewalls Protecting Network Integrity

Data Security of Active and Archived Databases

Risk Baseline Configuration and Patch Management

Tools and Techniques for Detecting Cyber Incidents

Monitor Employee Behavior in Terms of Both Physical and Electronic Access to Detect Unauthorized Access

Develop an Executable Cybersecurity Response Plan

Cyber Attacks and Hackers Protection

Building and Examining Intrusion Detection System for Analyzing an Incident

Supply Chain Risk Management

Description

This course will teach you how to use the  NIST Cybersecurity Framework that provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle. The risk-based approach to control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. Managing organizational risk is paramount to effective information security and privacy programs; the CSF approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization regardless of size or sector.

NIST premised the entire Framework on the concept of risk management, which is “the ongoing process of identifying, assessing, and responding to risk,” an approach that provides a dynamic implementation of the Framework’s recommendations. The Framework consists of three parts: The Framework Core, the Framework Implementation, and the Framework Profile Tiers. The purpose of these three parts is to provide a “common language” that all organizations can use to understand, manage, and communicate their cybersecurity initiatives, both internally and externally, and can scale down or up to various parts of an organization as needed.

The Framework Core is a set of activities aimed at organizing cybersecurity initiatives to achieve specific outcomes. The Core has five functions: Identify, Protect, Detect, Respond, and Recover.

Section 2: Cybersecurity Risk Planning and Management:

This section discusses how to establish knowledge of the systems in place and how to inform management of those systems’ risk profiles. We will also discuss how to develop plans for dealing with the highest priority risks. The goal is to help the students to develop an understanding necessary to manage cybersecurity risk to systems, assets, data, and capabilities.

Section 3: User and Network Infrastructure Planning and Management:

This section provides a series of steps and tools to improve their organizations’ network infrastructure protection through improved asset access control, awareness and training, data security, protection policies, maintenance procedures, and automated protection processes.


Section 4: Tools and Techniques for Detecting Cyber Incidents

This section aims to help the students describe effective techniques for detecting cyber incidents or attacks, establish best approaches for monitoring systems to detect incidents, and plan for the development of organizational processes for detecting incidents.

Section 5: Developing a Continuity of Operations Plan


This section will provide the reader with fundamental concepts and practical steps to respond to and recover from a cybersecurity incident. By the end of this section, the student will grasp the concepts necessary to develop an incident response plan (IRP), maintaining communications within the response team and the broader organization throughout an incident. The section will introduce the reader to the basic concepts of how to contain and mitigate an incident. Finally, the section will introduce the student to the basic principles and elements of developing a recovery plan and the importance of lessons learned in the aftermath of a cybersecurity incident.

Section 6: Supply Chain Risk Management

This section will provide the student with an introduction to the complex and evolving supply chain risk management field. The student will also learn about the five essential aspects of supply chain risk management in the most recently updated version of the NIST Framework: (1) how to identify where you should manage supply chain risks, (2) pinpointing which suppliers are crucial to supply chain risk management, (3) developing vendor contracts that minimize supply chain risks, (4) continually assessing supply chain risk management procedures, and (5) testing to make sure vendors are resilient in the event of supply disruptions.

You are going the get the ultimate learning experience as every section is followed by practice test and has reading resources uploaded.

English
language

Content

Introduction

Introduction
Course Notes and Navigation

NIST Framework Overview

The NIST Framework
NIST Framework Core
Framework Implementation and Profile
Recent NIST Developments

Cybersecurity Risk Planning and Management

Cybersecurity Risk Planning
What is a Cyber Security Risk
Asset Management
Keeping Hardware Inventory Updated
Keeping Software Platform Inventory
Prioritizing Devices, Software and Apps
Personnel Security Requirements
Governance
Risk Assessment and Management
Identifying Internal and External Threats
Focus on Highlighted Risk
Plans for Dealing with the Highest Risk
Cybersecurity Risk Planning and Management Test

User and Network Infrastructure Planning and Management

User and Network Infrastructure
Authentication and Access Control
Control List and Remote Access
Network Security Controls
Association and Authentication
Awareness and Training
Data Security
Hardware Integrity
Information Protection
Patch Management
Maintenance
Protective Technology
Cybersecurity Risk Planning and Management

Tools and Techniques for Detecting Cyber Incidents

Tools and Techniques
Detecting Incidents
Anomalies and Events
Monitor Systems
Logging Devices and Log Files
Continuous Monitoring
Detection Process
Tools and Techniques for Detecting Cyber Incidents Test

Developing a Continuity of Operations Plan

Developing a Continuity of Operations Plan
Incident response
Executable Response Plan
Importance of Communications
Incident Analysis
Mitigation
Recover
Developing a Continuity of Operations Plan Test

Supply Chain Risk Management

Supply Chain Risk Management
Supply Chain Management Practices
Incorporating the Supply Chain Category
Develop, Assess and Test Supply Chain Risks
Supply Chain Risk Management Test

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions to block ads. Please support us by disabling these ads blocker.

Powered By
100% Free SEO Tools - Tool Kits PRO

Check Today's 30+ Free Courses on Telegram!

X