Course Modules:
Framing the Problem: Discusses the context of the introduction on the NIST-CSF and adaptation using the Controls Factory Model.
The Controls Factory Model: A closer look at the Controls Factory Model, including the three areas of focus; the Engineering Centre, the Technology Centre and the Business Centre.
Threats and Vulnerabilities: Using the Cyber Attack Chain Model, attendees will be shown an overview of cyber attacks, focusing on the top 15 attack methods and the most common vulnerabilities.
Assets and Identities: Detailed discussions of asset families and key architecture diagrams. This chapter also includes an analysis of business and technical roles, along with a discussion of governance and risk assessment.
The Controls Framework: A practitioner-level analysis of a controls framework based on the NIST Cybersecurity Framework and how it is applied.
The Technology Controls: A detailed analysis of the technical controls involved in the establishment of a cybersecurity framework. This will be based on the Center for Internet Security 20 Critical Security Controls©, including the controls objective, controls design, controls details and diagrams of all the controls.
The Security Operations Center (SOC): Attendees will undergo a detailed analysis of Information Security Continuous Monitoring (ICSM) purpose and capabilities. This includes analysing people, processes, services and technologies provided by a well-functioning Security Operations Center.
Technical Program Testing and Assurance: A high-level analysis of technology testing capabilities based on the PCI Data Security Standard (DSS). This includes an analysis of all 12 requirements of the DSS.
Business Controls: An analysis of the business controls based on the ISO 27002:2013 Code of Practice (including the goals of preserving confidentiality, integrity and availability). This chapter includes the controls clauses, objectives and implementation overview.
Workforce Development: An overview of current cybersecurity workforce demands and standards based on the NICE Cybersecurity Workforce Framework (NCWF).
The Cyber Risk Program: A review of the AICPA Proposed Description Criteria for Cybersecurity Risk Management. Develops attendees’ understanding of the 9 Description Criteria Categories and the 31 Description Criteria.
Cybersecurity Program Assessment: Highlights the key steps organizations can follow to conduct a Cybersecurity Program assessment. This will also look at recording assessment results including a technical scorecard based on the 20 critical controls. Also covers executive reports, gap analyses and implementation roadmaps.
Cyber-risk Program Assessment: Discussion on the Cyber Risk Management Program based on the five Core Functions of the NIST Cybersecurity Framework
- Exam:
- 65 multiple choice questions
- 120 minute exam
- Closed book - APMG Proctor Portal (Online exam)