Course Description:


In this course, you will understand the context and nature of cybersecurity risks and how to manage these risks using the NIST Cybersecurity Framework together with COBIT 5. ISO/IEC 27000 is also covered in this course. So if you are already using that standard or interested in applying it as an overall IT Security Management System, this course will be relevant as well.


Course Topics:


Course Introduction


●      Introductions


●      Course Objectives


●      Agenda


●      Learning Approach


Cybersecurity Challenges


●      What is cybersecurity?


●      What are the risks?


●      What are the challenges?


●      What are the benefits:


●      NIST Framework


●      COBIT 5


●      ISO27000


●      Introducing the Frameworks


●      NIST Core, Tier and Profiles Facts and Concepts


●      How to apply these concepts to a scenario


Step 1 : Prioritize and Scope


●      The CSF Goals and implementation steps


●      How the CSF relates to the NIST Framework


●      What are the drivers?


●      Implementation Considerations


●      Relevant COBIT 5 Practices


Steps 2 and 3 : Orient and Create a Current Profile


●      Where are we now?


●      Implementation Considerations


●      Relevant COBIT 5 Practices


Step 4 and Step 5 : Conduct a Risk Assessment and Create a Target Profile


●      Where do we want to be?


●      Implementation Considerations


●      Relevant COBIT 5 Practices


Step 6 : Determine, Analyze, and Prioritize Gaps


●      What needs to be done?


●      Implementation Considerations


●      Relevant COBIT 5 Practice


Step 7 : Implement Action Plan


●      How do we get there?


●      Implementation Considerations


●      Relevant COBIT 5 Practice


CSF Action Plan Review and CSF Life Cycle Management


●      Did we Get There


●      Implementation Considerations


●      Relevant COBIT 5 Practices


●      How do we Keep the Momentum Going


●      Implementation Considerations


●      Relevant COBIT 5 Practices


Learning Goals:


Incident and Change Managers


Course Agenda:


Day 1


●      Course Introduction


●      Cybersecurity Challenges


●      Introducing the Frameworks


●      Step 1: Prioritize and Scope


●      Steps 2 and 3: Orient and Create a Current Profile


Day 2


●      Step 4 and Step 5: Conduct a Risk Assessment and Create a Target Profile


●      Step 6: Determine, Analyze, and Prioritize Gaps


●      Step 7: Implement Action Plan


●      CSF Action Plan Review and CSF Life Cycle Management