NIST Cyber Security Professional NCSP Bootcamp

The NCSP Boot Camp program teaches delegates how to:

• Develop a program to rapidly operationalise the NIST Cyber Security Framework controls and management systems
• Design and engineer a solution to be used across the organisation and its supply chain, identifying key weaknesses and how to resolve them.
• Organise a Security Operations Centre (SOC) which will regularly monitor the cyber health of the organisation and respond accordingly.
• Implement solutions that will automate the risk assessment, threat update reporting process
• Establish a continuous learning program for all Technical and Business employees

There are no prerequisites for attending this training. The aim is to provide staff with a better understanding of how to apply the NIST Cybersecurity Framework and establish a national common framework for preventing cyber attacks.

Target audience

Originally created as a common framework to be used by government and businesses to assess cyber threats, the NIST Cybersecurity Framework has value for staff in almost every department of an organisation’s structure.

Some examples of potential training groups:

Candidates looking to enhance their understanding of the NIST framework and how to apply it practically in a business context.

IT and network engineers, for an understanding of best practice when creating and implementing a security framework Operations, Business Risk and Compliance professionals who will benefit from more information about common cyber security risks and how organisations should be managing them.

IT and Cybersecurity specialists such as Developers, Penetration Testers and Auditors. This group will gain knowledge of how to apply the NIST framework practically and how to ensure an organisation is compliant with the common expectation for businesses.

Business professionals, such as lawyers and accountants or sales, marketing and HR departments. Staff who regularly interact with personal data will also benefit from understanding how to ensure cybersecurity best practice at all times.

Course Modules:

Framing the Problem: Discusses the context of the introduction on the NIST-CSF and adaptation using the Controls Factory Model.

The Controls Factory Model: A closer look at the Controls Factory Model, including the three areas of focus; the Engineering Centre, the Technology Centre and the Business Centre.

Threats and Vulnerabilities: Using the Cyber Attack Chain Model, attendees will be shown an overview of cyber attacks, focusing on the top 15 attack methods and the most common vulnerabilities.

Assets and Identities: Detailed discussions of asset families and key architecture diagrams. This chapter also includes an analysis of business and technical roles, along with a discussion of governance and risk assessment.

The Controls Framework: A practitioner-level analysis of a controls framework based on the NIST Cybersecurity Framework and how it is applied.

The Technology Controls: A detailed analysis of the technical controls involved in the establishment of a cybersecurity framework. This will be based on the Center for Internet Security 20 Critical Security Controls©, including the controls objective, controls design, controls details and diagrams of all the controls.

The Security Operations Center (SOC): Attendees will undergo a detailed analysis of Information Security Continuous Monitoring (ICSM) purpose and capabilities. This includes analysing people, processes, services and technologies provided by a well-functioning Security Operations Center.

Technical Program Testing and Assurance: A high-level analysis of technology testing capabilities based on the PCI Data Security Standard (DSS). This includes an analysis of all 12 requirements of the DSS.

Business Controls: An analysis of the business controls based on the ISO 27002:2013 Code of Practice (including the goals of preserving confidentiality, integrity and availability). This chapter includes the controls clauses, objectives and implementation overview.

Workforce Development: An overview of current cybersecurity workforce demands and standards based on the NICE Cybersecurity Workforce Framework (NCWF).

The Cyber Risk Program: A review of the AICPA Proposed Description Criteria for Cybersecurity Risk Management. Develops attendees’ understanding of the 9 Description Criteria Categories and the 31 Description Criteria.

Cybersecurity Program Assessment: Highlights the key steps organizations can follow to conduct a Cybersecurity Program assessment. This will also look at recording assessment results including a technical scorecard based on the 20 critical controls. Also covers executive reports, gap analyses and implementation roadmaps.

Cyber-risk Program Assessment: Discussion on the Cyber Risk Management Program based on the five Core Functions of the NIST Cybersecurity Framework

• Exam:
• 65 multiple choice questions
• 120 minute exam
• Closed book - APMG Proctor Portal (Online exam)