This course introduces the NIST Cybersecurity Framework (NIST-CSF). The Framework is a risk-based approach to managing cybersecurity risk and is composed of three parts: Framework Core, Framework Implementation Tiers, and Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities.
This course discusses how an organization can use the Framework as a key part of its systematic process for identifying, assessing, and managing cybersecurity risk. The Framework is not designed to replace existing processes; an organization can use its current process and overlay it onto the Framework to determine gaps in its current cybersecurity risk approach and develop a roadmap to improvement. Utilizing the Framework as a cybersecurity risk management tool, an organization can determine activities that are most important to critical service delivery and prioritize expenditures to maximize the impact of the investment.
The class includes lectures, informative supplemental reference materials, quizzes, and tests. Outcomes and benefits from this class are a fundamental understanding of cybersecurity and the NIST-CSF.