Cybersecurity Risk Management-NIST Framework

(CYBERSEC-NIST.AE1)/ISBN:978-1-64459-464-3

This course includes
Lessons
TestPrep
Hands-On Labs
Cybersecurity Risk Management-NIST Framework

The Cybersecurity Risk Management-NIST Framework course provides essential knowledge about the National Institute of Standards and Technology (NIST) Framework for effective risk management in cybersecurity. With interactive lessons and hands-on labs, you'll learn to apply this comprehensive framework practically, making it accessible to both cybersecurity professionals and non-specialists. Gain insights into its background, risk management foundation, and core components to enhance your organization's cybersecurity practices successfully.

Lessons

9+ Lessons | 16+ Exercises | 50+ Quizzes | 15+ Flashcards | 15+ Glossary of terms

TestPrep

Hands-On Labs

12+ LiveLab | 12+ Video tutorials | 41+ Minutes

Need guidance and support? Click here to check our Instructor Led Course.

Here's what you will learn

Download Course Outline

Lessons 1: Preface – Overview of the NIST Framework

  • BACKGROUND ON THE FRAMEWORK
  • FRAMEWORK BASED ON RISK MANAGEMENT
  • THE FRAMEWORK CORE
  • FRAMEWORK IMPLEMENTATION TIERS
  • FRAMEWORK PROFILE
  • OTHER ASPECTS OF THE FRAMEWORK DOCUMENT
  • RECENT DEVELOPMENTS AT NIST

Lessons 2: Cybersecurity Risk Planning and Management

  • INTRODUCTION
  • WHAT IS CYBERSECURITY RISK MANAGEMENT?
  • ASSET MANAGEMENT
  • GOVERNANCE
  • RISK ASSESSMENT AND MANAGEMENT
  • SUMMARY
  • ESSENTIAL READING ON CYBERSECURITY RISK MANAGEMENT

Lessons 3: User and Network Infrastructure Planning and Management

  • INTRODUCTION
  • INFRASTRUCTURE PLANNING AND MANAGEMENT IS ALL ABOUT PROTECTION, WHERE THE RUBBER MEETS THE ROAD
  • AWARENESS AND TRAINING
  • DATA SECURITY
  • INFORMATION PROTECTION PROCESSES AND PROCEDURES
  • MAINTENANCE
  • PROTECTIVE TECHNOLOGY
  • SUMMARY
  • ESSENTIAL READING ON NETWORK MANAGEMENT

Lessons 4: Tools and Techniques for Detecting Cyber Incidents

  • INTRODUCTION
  • WHAT IS AN INCIDENT?
  • DETECT
  • SUMMARY
  • ESSENTIAL READING FOR TOOLS AND TECHNIQUES FOR DETECTING A CYBERATTACK

Lessons 5: Developing a Continuity of Operations Plan

  • INTRODUCTION
  • ONE SIZE DOES NOT FIT ALL
  • RESPONSE
  • ANALYSIS
  • MITIGATION
  • RECOVER
  • SUMMARY
  • ESSENTIAL READING FOR DEVELOPING A CONTINUITY OF OPERATIONS PLAN

Lessons 6: Supply Chain Risk Management

  • INTRODUCTION
  • NIST SPECIAL PUBLICATION 800-161
  • SOFTWARE BILL OF MATERIALS
  • NIST REVISED FRAMEWORK INCORPORATES MAJOR SUPPLY CHAIN CATEGORY
  • SUMMARY
  • ESSENTIAL READING FOR SUPPLY CHAIN RISK MANAGEMENT

Lessons 7: Manufacturing and Industrial Control Systems Security

  • ESSENTIAL READING ON MANUFACTURING AND INDUSTRIAL CONTROL SECURITY

Appendix A: Helpful Advice for Small Organizatio...plement Some of the Book’s Recommendations

Appendix B: Critical Security Controls Version 8.0 Mapped to NIST CSF v1.1

Hands-on LAB Activities

Cybersecurity Risk Planning and Management

  • Conducting Vulnerability Scanning Using Nessus
  • Performing Vulnerability Scanning Using OpenVAS

User and Network Infrastructure Planning and Management

  • Configuring a Default Domain Password Policy
  • Setting Up a VPN Server
  • Configuring AAA for Device Access Control
  • Using Windows Firewall
  • Taking a Full Backup

Tools and Techniques for Detecting Cyber Incidents

  • Simulating the DDoS Attack
  • Configuring Outbound Rules for a Firewall
  • Testing an Antivirus Program

Developing a Continuity of Operations Plan

  • Using FTK Imager

Supply Chain Risk Management

  • Examining an Intrusion Detection Policy