This course introduces the NIST Cybersecurity Framework (NIST-CSF).
The Framework is a risk-based approach to managing cybersecurity and is composed of three parts: Framework Core, Framework Implementation Tiers, and Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities.
This course discusses how an organization can use the Framework as a key part of its systematic process for identifying, assessing, and managing cybersecurity risk.
The Framework is not intended to replace existing processes; an organization can use its current process and overlay it onto the Framework to determine gaps in its current approach and to develop a roadmap for improvement.
Using the Framework as a cybersecurity risk management tool, an organization can determine activities that are most important to critical service delivery and prioritize expenditures to maximize the impact of the investment.
This course is supplemented by a student book to enhance the learning experience.
The desired or expected outcome is a fundamental understanding of the NIST-CSF and preparation to sit the NCSP Foundation exam.
Learning Objectives
1|22|28
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Cybersecurity Management
- Risk Management
- Strategic Planning and Policy
- Training, Education, and Awareness
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.