NIST Cybersecurity A-Z: NIST Cybersecurity Framework (CSF)

This course will teach you how to use the  NIST Cybersecurity Framework that provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle. The risk-based approach to control selection and specification considers effectiveness, efficiency, and constraints due to applicable laws, directives, Executive Orders, policies, standards, or regulations. Managing organizational risk is paramount to effective information security and privacy programs; the CSF approach can be applied to new and legacy systems, any type of system or technology (e.g., IoT, control systems), and within any type of organization regardless of size or sector.

NIST premised the entire Framework on the concept of risk management, which is “the ongoing process of identifying, assessing, and responding to risk,” an approach that provides a dynamic implementation of the Framework’s recommendations. The Framework consists of three parts: The Framework Core, the Framework Implementation, and the Framework Profile Tiers. The purpose of these three parts is to provide a “common language” that all organizations can use to understand, manage, and communicate their cybersecurity initiatives, both internally and externally, and can scale down or up to various parts of an organization as needed.

The Framework Core is a set of activities aimed at organizing cybersecurity initiatives to achieve specific outcomes. The Core has five functions: Identify, Protect, Detect, Respond, and Recover.

Section 2: Cybersecurity Risk Planning and Management:

This section discusses how to establish knowledge of the systems in place and how to inform management of those systems’ risk profiles. We will also discuss how to develop plans for dealing with the highest priority risks. The goal is to help the students to develop an understanding necessary to manage cybersecurity risk to systems, assets, data, and capabilities.

Section 3: User and Network Infrastructure Planning and Management:

This section provides a series of steps and tools to improve their organizations’ network infrastructure protection through improved asset access control, awareness and training, data security, protection policies, maintenance procedures, and automated protection processes.

Section 4: Tools and Techniques for Detecting Cyber Incidents

This section aims to help the students describe effective techniques for detecting cyber incidents or attacks, establish best approaches for monitoring systems to detect incidents, and plan for the development of organizational processes for detecting incidents.

Section 5: Developing a Continuity of Operations Plan

This section will provide the reader with fundamental concepts and practical steps to respond to and recover from a cybersecurity incident. By the end of this section, the student will grasp the concepts necessary to develop an incident response plan (IRP), maintaining communications within the response team and the broader organization throughout an incident. The section will introduce the reader to the basic concepts of how to contain and mitigate an incident. Finally, the section will introduce the student to the basic principles and elements of developing a recovery plan and the importance of lessons learned in the aftermath of a cybersecurity incident.

Section 6: Supply Chain Risk Management

This section will provide the student with an introduction to the complex and evolving supply chain risk management field. The student will also learn about the five essential aspects of supply chain risk management in the most recently updated version of the NIST Framework: (1) how to identify where you should manage supply chain risks, (2) pinpointing which suppliers are crucial to supply chain risk management, (3) developing vendor contracts that minimize supply chain risks, (4) continually assessing supply chain risk management procedures, and (5) testing to make sure vendors are resilient in the event of supply disruptions.

You are going the get the ultimate learning experience as every section is followed by practice test and has reading resources uploaded.