Detailed Class Syllabus
Chapter 1: Course Overview
Reviews at a high level each chapter of the course
Chapter 2: Framing the Problem
Establishes the context and rationale for the adoption and daptation of the NIST-CSF using the Controls Factory Model.
Chapter 3: The Controls Factory Model
Introduces the concept of a Controls factory model and the three areas of focus, the Engineering Center, the Technology Center, and the Business Center.
Chapter 4: The Threats and Vulnerabilities
Provides an overview of cyber â€“attacks (using the Cyber Attack Chain Model), discusses the top 15 attacks of 2015 and 2016, and the most common technical and business vulnerabilities.
Chapter 5: Digital Assets, Identities and Business Impact
Provides a detailed discussion of asset families, key architecture diagrams, an analysis of business and technical roles, and a discussion of governance and risk assessment.
Chapter 6: The NIST Cybersecurity Framework
Provides a practitioner level analysis of the controls framework based on the NIST Cybersecurity Framework.
Chapter 7: Technology Program Design and Build
Provides a detailed analysis of the technical controls based on the Center for Internet Security 20 Critical Security Controls©. Includes the controls objective, controls design, controls details, and a diagram for each control.
Chapter 8: The Security Operations Center (SOC)
Provides a detailed analysis of Information Security Continuous Monitoring (ISCM) purpose and capabilities. Includes an analysis of people, process, technology, and services provided by a Security Operations Center.
Chapter 9: Technology Program Testing and Assurance
Provides a high-level analysis of technology testing capabilities based on the PCI Data Security Standard (DSS). The testing capabilities include all 12 Requirements of the standard.
Chapter 10: Business Program Design and Build
Provides a high-level analysis of the business controls based on the ISO 27002:2013 Code of Practice. Includes the controls clauses, objective, and implementation overview. The business controls are in support of ISO 27001 Information Security Management System (ISMS).
Chapter 11: Cyber Workforce Skills Development
Provides a review of cybersecurity workforce demands and workforce standards based on the NICE Cybersecurity Workforce Framework (NCWF).
Chapter 12: Cyber-Risk Management Program
Provides a review of the AICPA Proposed Description Criteria for Cybersecurity Risk Management. Covers the 9 Description Criteria Categories and the 31 Description Criteria.
Chapter 13: Cybersecurity Program Assessment
Provides a detailed review of the key steps organizations can use for conducting a Cybersecurity Program Assessment. Assessment results include a technical scorecard (based on the 20 critical controls), an executive report, a gap analysis and an implementation roadmap.
Chapter 14: Cyber Risk Program Assessment
Provides a review of the Cyber Risk Management Program based on the five Core Functions of the NIST Cybersecurity Framework.
THE itSMS COURSE IS PROVIDED "AS IS" WITH NO GUARANTEE OF COMPLETENESS, ACCURACY, TIMELINESS, OR NONINFRINGEMENT. itSMS AND THE UNIVERSITY OF MASSACHUSETTS DO NOT WARRANT THAT ACCESS TO OR USE OF THE CONTENT, THE COURSE, OR THE INFORMATION PROVIDED THEREIN OR SERVICES PROVIDED THEREWITH WILL BE UNINTERRUPTED OR ERROR FREE. itSMS AND THE UNIVERSITY OF MASSACHUSETTS EXPRESSLY DISCLAIM ALL WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, ANY WARRANTIES OF AVAILABILITY, PERFORMANCE, MERCHANTABILITY, NONINFRINGEMENT, OR FITNESS FOR A PARTICULAR PURPOSE.