NCSF Practitioner Certification

Similar documents
NCSF Foundation Certification

NCSF-CFM Practitioner Syllabus

NCSF Foundation Certification

NCSF-CFM Practitioner Syllabus

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

NISTCSF.COM. NIST Cybersecurity Framework (NCSF) Workforce Development Solutions

A Controls Factory Approach To Building a Cyber Security Program Based on the NIST Cybersecurity Framework (NCSF)

DxCERTS IT & NIST Cybersecurity Video Training Catalog

BRING EXPERT TRAINING TO YOUR WORKPLACE.

A Controls Factory Approach To Operationalizing a Cyber Security Program Based on the NIST Cybersecurity Framework

DATA SHEET RISK & CYBERSECURITY PRACTICE EMPOWERING CUSTOMERS TO TAKE COMMAND OF THEIR EVOLVING RISK & CYBERSECURITY POSTURE

Designing and Building a Cybersecurity Program

Why you should adopt the NIST Cybersecurity Framework

FPM-IT-420B: FAC-P/PM-IT Planning & Acquiring Operations of IT Systems Course Details

ITIL Intermediate: Operational Support and Analysis Lesson Plan

Cyber Risk Program Maturity Assessment UNDERSTAND AND MANAGE YOUR ORGANIZATION S CYBER RISK.

COBIT 5 Foundation. Lesson Plan. Mock Exam: Duration: Language:

SOC for cybersecurity

ITIL Intermediate: Planning, Protection and Optimization Lesson Plan

Practitioner Certificate in Business Continuity Management (PCBCM) Course Description. 10 th December, 2015 Version 2.0

itsm003 v.3.0 NISTCSF.COM Role-Based IT & NIST Cybersecurity Curriculum Solutions

*** THIS DOCUMENT IS CLASSIFIED FOR PUBLIC ACCESS ***

CCNA Cybersecurity Operations. Program Overview

Ingram Micro Cyber Security Portfolio

Information Security Management System (ISMS) ISO/IEC 27001:2013

ICT Mentors e-learning portfolio provides our delegates with materials for study at the comfort of their homes, work place etc.

ITIL 2011 Foundation Lesson Plan

BUILD YOUR CYBERSECURITY SKILLS WITH TRASYS INTERNATIONAL

Advanced Penetration Testing The Ultimate Penetration Testing Standard

locuz.com SOC Services

ISM 324: Information Systems Security Spring 2014

Appendix A. Syllabus. NIST Cybersecurity Foundation. Syllabus. Status: First Draft

Effective Strategies for Managing Cybersecurity Risks

EC-Council - EC-Council Certified Security Analyst (ECSA) v8

itsm003 v.3.0 NISTCSF.COM NICE Training Curriculum & Workforce Planning Program

Cloud Security. Copyright Ramesh Nagappan. All rights reserved.

Sage Data Security Services Directory

STUDENT LEARNING OUTCOMES Beacom College of Computer and Cyber Sciences

Kaplan-Norton BSC Certification Boot Camp

Introducing Cyber Observer

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Digital Transformation (Dx) Enterprise Training Curriculum

CompTIA Cybersecurity Analyst+

CYBERSECURITY NEXUSTM (CSX) The Premier Source For Cyber Security Knowledge and Expertise

Exam Requirements v4.1

May 14, :30PM to 2:30PM CST. In Plain English: Cybersecurity and IT Exam Expectations

Schedule of Maine is IT Offerings: 01/20/ /16/2015 Three Core IT Offerings:

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

To Audit Your IAM Program

Cybersecurity Auditing in an Unsecure World

SOLUTIONS BRIEF GOGO AIRBORNE SECURITY SUMMARY 2017 Q3 RELEASE

ITT Technical Institute. IT360 Networking Security I Onsite Course SYLLABUS

ITIL Intermediate: Service Design Lesson Plan. Included in Course (x2)

ITIL Intermediate: Service Transition. Lesson Plan. Mock Exam: Duration: Language: Included in Course (x2) 21 hours, self-paced English

Exploring Emerging Cyber Attest Requirements

TOGAF Certified (Level 1 and 2) 9.1. Lesson Plan. This course covers all learning materials for TOGAF v9.1. Mock Exam: Duration: Language:

ISACA Enterprise. Solutions and Resources

ITIL Intermediate: Service Operation Lesson Plan. Included in Course (x2)

Project Management Professional (PMP) Exam Preparation elearning Course

EU General Data Protection Regulation (GDPR) Achieving compliance

TOGAF 9 Foundation v9.1 Level 1 Level 1: An Introduction to TOGAF

IS305 Managing Risk in Information Systems [Onsite and Online]

CCNA Cybersecurity Operations 1.1 Scope and Sequence

Advanced Security Tester Course Outline

2018 HIPAA One All Rights Reserved. Beyond HIPAA Compliance to Certification

External Supplier Control Obligations. Cyber Security

Forensics and Active Protection

IoT & SCADA Cyber Security Services

Learning Level Advance...

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

TRAINING CURRICULUM 2017 Q2

Welcome to the Hyster Training Knowledge Center

CyberVista Certify cybervista.net

ECCouncil EC-Council Certified CISO (CCISO) Download Full Version :

PROGRAMME SPECIFICATION

itsm003 v.3.0 DxCERTS IT & NIST Cybersecurity Workforce Development Training Curriculum & Management Program

ISACA GEEK WEEK SECURITY MANAGEMENT TO ENTERPRISE RISK MANAGEMENT USING THE ISO FRAMEWORK AUGUST 19, 2015

Governance, Organisation, Law, Regulation and Standards Syllabus QAN 603/0855/2

National Initiative for Cybersecurity Education

K12 Cybersecurity Roadmap

M.S. IN INFORMATION ASSURANCE MAJOR: CYBERSECURITY. Graduate Program

RISK MANAGEMENT Education and Certification

NW NATURAL CYBER SECURITY 2016.JUNE.16

Assurance through the ISO27002 Standard and the US NIST Cybersecurity Framework. Keith Price Principal Consultant

A guide to CompTIA training and certification DDLS Australia Pty Ltd

THE POWER OF TECH-SAVVY BOARDS:

Copyright 2016 EMC Corporation. All rights reserved.

SOLUTION BRIEF esentire Risk Advisory and Managed Prevention (RAMP)

A guide to CompTIA training and certification DDLS Australia Pty Ltd

EC-Council Certified Incident Handler v2. Prepare to Handle and Respond to Security Incidents EC-COUNCIL CERTIFIED INCIDENT HANDLER 1

Technology Risk Management in Banking Industry. Rocky Cheng General Manager, Information Technology, Bank of China (Hong Kong) Limited

ISACA MOSCOW CHAPTER Chapter meeting 22 September 2016

GDPR Update and ENISA guidelines

DXC Security Training

ForeScout Extended Module for Splunk

Cyber Semantic Landscape Ontology and Taxonomy

ISE North America Leadership Summit and Awards

CYBER RISK MANAGEMENT: ADDRESSING THE CHALLENGE SIMON CRUMPLIN, FOUNDER & CEO

Cybersecurity Fundamentals

CAPM & PMP Exam Preparation Boot Camp

EXAM PREPARATION GUIDE

Transcription:

NCSF Practitioner Certification Overview This ACQUIROS accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity Framework (NCSF) across an enterprise and its supply chain. The NCSF Practitioner program teaches the knowledge to prepare for the NSCF Practitioner exam plus the skills and abilities to design, build, test, manage and improve a cybersecurity program based on the NCSF. Course Introduction To realize the positive potential of technology and inspire confidence to achieve innovation through technology, we must collectively manage cyber-risks to an acceptable level. This includes both business risk and technology risks. Our business goals may include organizing the company to make it more efficient and profitable, or to redefine our target market to three major areas. One of our key business goal will undoubtedly be to reduce the risk of a data breach, the loss of intellectual property, or the compromise of valuable research data. To be successful, we will need a business focused cyber-risk management program. Our technology goals may include providing the right information, at the right time, in the right format, to the right parties and systems, at the right cost. To understand our security control requirements, we must first identify what the system is supposed to do (aka, the ideal state), and consider the risks associated with our systems, applications and processing environment. To be successful, we will need a technology focused cybersecurity program. This course looks at cybersecurity risks and instructs students on the best approach to design and build a comprehensive technology focused cybersecurity program and business focused cyber-risk management program that will minimize risks, and at the same time, protect our critical assets. Executives are keenly aware of the risks, but have limited knowledge on the best way to mitigate these risks. We will want to enable our executives to answer the key question Are we secure? The class will include lectures, informative supplemental reference materials, quizzes, exercises and tests. Outcomes and benefits from this class is a practical approach that students can use to build and maintain comprehensive cybersecurity and cyber-risk management programs. Body of Knowledge The course introduces a Controls Factory as a conceptual model that represents a system of controls used to protect our critical assets, by transforming our assets from an unmanaged state to a managed state. The Controls Factory Model (CFM) has three focus areas, the engineering center, the technology center and the business center. The course includes a deep dive of these three areas.

The engineering center includes threats and vulnerabilities, assets and identities, and our controls framework. We use the Lockheed Martin Cyber Kill Chain to model threats. We examine technical and business vulnerabilities to understand potentially areas of exposure. For assets, we will study endpoints, networks, applications, systems, databases, and information assets. For identities, we look at business and technical identities, roles and permissions. We use the NIST Cybersecurity Framework as our controls framework. The technology center includes technical controls based on the 20 Critical Security Controls, technology implementation through security product solutions and services, Information Security Continuous Monitoring (ISCM) capability through people, process and technology, and technical controls testing and assurance based on the PCI-Data Security Standard (DSS) standard. The goal is to understand how to design, build and maintain a technology focused security system. The business center includes the key business / people oriented controls design based on ISO 27002:2013 Code of Practice, implementation (via program, policy and governance), workforce development, testing and assurance based on the AICPA Cyber-risk Management Framework. The goal is to understand how to build a security governance capability that focuses on employees / contractors, management and executives. Finally, we discuss outcomes which include a cybersecurity (technology based) scorecard and roadmap and a cyber-risk (business based) scorecard and roadmap. These deliverables answer the questions that business and technology executives will ask Are we secure? Course Organization: The course is organized as follows: Chapter 1: Course Overview - Reviews at a high level each chapter of the course Chapter 2: Framing the Problem Reviews the main business and technical issues that we will address through the course. Chapter 3: The Controls Factory Model Introduces the concept of a Controls factory model and the three areas of focus, the Engineering Center, the Technology Center, and the Business Center. Chapter 4: The Threats and Vulnerabilities Provides an overview of cyber attacks (using the Cyber Attack Chain Model), discusses the top 15 attacks of 2015 and 2016, and the most common technical and business vulnerabilities. Chapter 5: The Assets and Identities Provides a detailed discussion of asset families, key architecture diagrams, an analysis of business and technical roles, and a discussion of governance and risk assessment. Chapter 6: The Controls Framework Provides a detailed analysis of the controls framework based on the NIST Cybersecurity Framework. Includes the five core functions (Identify, Protect, Detect, Respond and Recover).

Chapter 7: The Technology Controls - Provides a detailed analysis of the technical controls based on the Center for Internet Security 20 Critical Security Controls. Includes the controls objective, controls design, controls details, and a diagram for each control. Chapter 8: The Security Operations Center (SOC) - Provides a detailed analysis of Information Security Continuous Monitoring (ISCM) purpose and capabilities. Includes an analysis of people, process, technology, and services provided by a Security Operations Center. Chapter 9: Technical Program Testing and Assurance Provides a high-level analysis of technology testing capabilities based on the PCI Data Security Standard (DSS). The testing capabilities include all 12 Requirements of the standard. Chapter 10: The Business Controls - Provides a high-level analysis of the business controls based on the ISO 27002:2013 Code of Practice. Includes the controls clauses, objective, and implementation overview. The business controls are in support of ISO 27001 Information Security Management System (ISMS). Chapter 11: Workforce Development Provides a review of cybersecurity workforce demands and workforce standards based on the NICE Cybersecurity Workforce Framework (NCWF). Chapter 12: The Cyber Risk Program Provides a review of the AICPA Proposed Description Criteria for Cybersecurity Risk Management. Covers the 9 Description Criteria Categories and the 31 Description Criteria. Chapter 13: Cybersecurity Program Assessment Provides a detailed review of the key steps organizations can use for conducting a Cybersecurity Program Assessment. Assessment results include a technical scorecard (based on the 20 critical controls), an executive report, a gap analysis and an implementation roadmap. Chapter 14: Cyber-risk Program Assessment Provides a review of the Cyber Risk Management Program based on the five Core Functions of the NIST Cybersecurity Framework. This chapter includes a resource guide by the Conference of State Bank Supervisors (CSBS), Cybersecurity 101 A Resource Guide for Bank Executives. Results include a sample business scorecard, executive report, gap analysis and an implementation roadmap. This course will focus on Blooms Level 1 through 4. Each chapter will end with a multiple choice quiz. The student is expect to attain a minimum of 80% passing score. The quizzes will be Blooms Level 1 & 2. Each chapter after the course introduction may have one or more exercises. Each exercise will provide the student to analyze a given scenario and apply the knowledge acquired in the previous and current chapters to formulate an optimal solution to the problem. The exercises will be Blooms Level 3 & 4.

Exam FAQ s Once purchased, how long is the voucher valid for? Do the voucher(s) have an expiration time frame? We set the expiration at 30 days from the time of the order. This is to ensure you test while the knowledge is still fresh in your mind. If needed the voucher can be extended out but for no more than the calendar year in which it is ordered. What is the style of the exams? Are they adaptive? Are they all multiple-choice questions? Are there an essay questions on the exam(s)? The certification exam will be comprised of 100 multiple choice questions. Approximately 60% will be Blooms Level 1 & 2 and the remaining 40% will be Blooms Level 3 & 4. You will have 180 minutes for this exam You must achieve 70 or more correct answers to pass Use of the keyboard is not necessary and prohibited on the exam Students should use their mouse to navigate the exam Use of keyboard will cause your test session to be paused and assistance from the proctor to relaunch your exam The first part of the exam focuses on Bloom levels 1 & 2, while the second part focuses on Bloom level 3 & 4. All 100 questions should be attempted there are no trick questions Please provide more detail on how the web proctor (OLP) option works and any requirements needed for online webcam proctoring (OLP online proctor) With OLP you need to have a web cam that can be placed so the proctor can see your desk, keyboard and hands. No papers can be used during the exam nor can you leave the area. The exam can be done at your home desk or office. Again, the exam agency sets up an exam based on the date and time that you request and forwards you the confirmation. You can find the specs on the web cam proctor and host locations at Acqurios; Testing center vouchers: Which testing centers can I choose from? Locations, etc. You can go to host location, offered by Acquiros, near you or test with a webcam proctor. (testing center -OLS online standard). With this option you request a date, time and location to take your exam (locations can be found by going to the following website; http://www.acquiros.com/student-faqs ) and the exam agency will set up your appointment and forward you a confirmation for that appointment. This is a computer based exam with a proctor in the room with you. Any other information you can provide regarding the NCSF-CFM Boot Camp Exam(s) / voucher The NCSF certification exam process utilizes the most flexible model available. A student is provided a voucher to take the exam online. You can take the exam right after you finish your course or when it is

more convenient to you; with a webcam enabled laptop computer, or at a nearby testing center or even at home or back at your place of work. If you would prefer to study more before you take the exam you have 30 days to do so, again using your own computer at work or home or at a nearby testing center. You have the luxury of deciding when you are ready to prove what you ve learnt and at a location and environment that is most conducive to you. Once you place the order on our ecommerce site; you will receive an email and exam voucher code from me. This allows you to set up your exam directly with the examination institute, Acquiros. The boot camp exam voucher can be purchased on our ecommerce site: http://www.itsmmentorstore.com/nistcsf.asp Credits Earned 24 PDU Credits

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback