NIST Cybersecurity Framework – A Risk Assessment Process

5/23/2019

In May 2017, a Presidential Executive Order was signed that requires all Federal agencies to use the Cybersecurity Framework (CSF) that was created by the National Institute for Standards and Technology (NIST) to improve cybersecurity for critical infrastructure throughout the United States. The NIST Cybersecurity Framework (NCSF) is a guide to analyze risk and to create, implement, monitor and continually improve a plan of action to increase cybersecurity.

This responsibility for risk assessment does not just lie with the IT department, however.  Nor is the framework only applicable to Federal Government agencies.  The management of cybersecurity risk is critical to every organization whether it is a Federal or local government entity, business, not for profit or academic.  The NIST Framework is flexible enough to include different framework sets as well as account for other regulations or requirements. 

In partnership with itSM Solutions LLC and UMass Lowell, a NSA/DHS National Center of Academic Excellence in Cyber Defense Research (CAE-R), LRS Education Services is proud to offer the NIST Cybersecurity Professional (NCSP) training curriculum. The curriculum is designed to train how to engineer and implement a cybersecurity program to protect critical assets using the NCSF.

Accredited by APMG International, the NCSP Training Program contains best practices and standards from both the private sector and government. It is applicable to organizations in any industry to address and manage cybersecurity risks in a cost-effective way based on organizational needs without additional regulatory requirements.

LRS Education Services' NIST Cybersecurity Professional (NCSP) Certification courses are recognized and listed on the National Initiative For Cybersecurity Careers and Studies (NICCS) website for our expertise and professionalism. NICCS is managed by the Department of Homeland Security.

The NCSP Foundation Certification Training v 1.1 outlines current cybersecurity challenges and explains how organizations that implement a NCSF program can mitigate these risks. This program is focused on candidates who need a basic understanding of the NCSF to perform their daily jobs as executives, accountants, lawyers or information technology professionals.

This course is a great fit for anyone with an interest in or responsibility for the survival of the business. This includes IT, C level personnel, compliance, legal, auditing, human resources, etc.

  • One-day, high-level overview of threats and common risks.
  • Introduces the three main components of the NIST Cybersecurity Framework: the Core, Implementation Tiers and Profiles.
  • Outlines how the NIST CSF can be used to plan, implement, monitor and improve protection of critical assets.
  • Instructor Led Classes (Guaranteed to Run):  June 25, July 16, August 19, September 9, October 21.  Students may attend at either of our LRS Education facilities in Bloomington or Springfield IL, or choose to connect virtually from any location.

The NCSP Practitioner Certification Training v 1.1 details the current cybersecurity challenges plus teaches in depth the UMass Lowell NCSF Controls Factory Model methodology on how to design, build, test and manage a NCSF cybersecurity program. This training is focused on candidates who need a detailed understanding of the NCSF to perform their daily roles as cybersecurity engineers, testers or operations professionals.

This course is suited for individuals working with and overseeing the technology, including CIOs, IT Directors and Managers, IT Security personnel and IT staff.

  • Three-day deep dive that builds on the Foundation concepts.
  • Focus on designing and implementing (or improving) a cybersecurity program to minimize risks and protect critical assets based on the NIST CSF.
  • Provides a detailed analysis of the technical controls based on the Center for Internet Security Critical Security Controls.
  • Instructor Led Classes (Guaranteed to Run):  June 26-28, July 17-19, August 20-22, September 10-12, October 22-24.  Students may attend at either of our LRS Education facilities in Bloomington or Springfield IL, or choose to connect virtually from any location.

The NCSP Bootcamp Certification Training is a combination of the Foundation and Practitioner courses over four days, and it aligns with the same audience as the Practitioner course.  See schedules above.

All programs come with a certificate of completion and continuing education credits, such as PDUs and CEUs. The optional certification exams are available through APMG International.

NIST Cybersecurity Framework Assessment Program

For those that would like a more hands-on approach in aligning your organization’s current cybersecurity policies and tools with the NIST Cybersecurity framework, LRS Education Services offers an assessment program which provides a tracking and monitoring tool to rank and assess risk moving forward.

The Benefits of the Assessment To Your Organization:

  • NIST CSF Foundation Essentials and Assessment Tool Training for up to six individuals.
  • In person or live video calls, phone and email communications with an LRS Education Services certified cybersecurity practitioner.
  • A customized assessment file to document your current cybersecurity state, determine alignment with the NIST Cybersecurity Framework, discover critical security gaps and prioritize cybersecurity remediation.
  • Reliable data organized in a fashion that will be simple to include in an in-depth report and or an executive presentation.
  • The confidence of knowing your current state and ability to create a clear plan to secure your organization against existing and zero-day cybersecurity threats as they emerge.

Have questions or would like to enroll? Feel free to call or email me for more information!

Christopher Becher
Education Consultant
P 309.664.7670 ext. 6302
F 309.662.7282
christopher.becher@lrs.com
LRS® Education Services