This course introduces the NIST Cybersecurity Framework (NIST-CSF). The Framework is a risk-based approach to managing cybersecurity risk and is composed of three parts: Framework Core, Framework Implementation Tiers, and Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities.
This course discusses how an organization can use the Framework as a key part of its systematic process for identifying, assessing, and managing cybersecurity risk. The Framework is not designed to replace existing processes; an organization can use its current process and overlay it onto the Framework to determine gaps in its current cybersecurity risk approach and develop a roadmap to improvement. Utilizing the Framework as a cybersecurity risk management tool, an organization can determine activities that are most important to critical service delivery and prioritize expenditures to maximize the impact of the investment.
The class includes lectures, informative supplemental reference materials, quizzes, and tests. Outcomes and benefits from this class are a fundamental understanding of cybersecurity and the NIST-CSF.
Learning Objectives
1|22|28
Framework Connections
The materials within this course focus on the NICE Framework Task, Knowledge, and Skill statements identified within the indicated NICE Framework component(s):
Specialty Areas
- Cybersecurity Management
- Risk Management
- Strategic Planning and Policy
- Training, Education, and Awareness
Feedback
If you would like to provide feedback on this course, please e-mail the NICCS team at NICCS@mail.cisa.dhs.gov. Please keep in mind that NICCS does not own this course or accept payment for course entry. If you have questions related to the details of this course, such as cost, prerequisites, how to register, etc., please contact the course training provider directly. You can find course training provider contact information by following the link that says “Visit course page for more information...” on this page.