
Define cybersecurity and culture through a practical lens, showing prevention, protection, restoration, and governance aligned with NIST risk management and cybersecurity frameworks and the CSRC publications library.
Explore the NIST CSF and RMF, detailing their five functions and risk-based controls. Learn the RMF steps—prepare, categorize, select, implement, assess, authorize, monitor—and how they guide asset risk management.
Explore the identify function of the NIST cybersecurity framework, connect asset management with governance and risk, and reference subcategories and informative references.
Explore how the NIST cybersecurity framework identify function links the business environment to a business impact assessment, detailing BIA processes, RTO, RPO, and recovery strategies, including supply chain considerations.
Explore security policies and procedures within the NIST cybersecurity framework, focusing on governance, organizational policy, roles and responsibilities, and how standards, guidelines, and processes drive risk management.
Explore protective technology for networks, including network access control, firewalls, VPNs, DNS, DNSSec, segmentation, and zero-trust concepts, tied to NIST SP800-53r5 controls.
Explore how to conduct security and privacy control assessments by defining objectives, methods, and objects. Report outcomes with standardized measures aligned to NIST SP 800-53 and CSF.
Explore how mitigation and improvements within the NIST cybersecurity and risk management frameworks drive containment, vulnerability identification, patch management, remediation, and continual lessons learned.
Explore how virtualization and the cloud enable rapid recovery in the NIST CSF by restoring from templates or clones and mixing on-premises and cloud environments.
Discover the NIST RMF overview and preparation, detailing risk management framework goals and the seven steps: prepare, categorize, select, implement, assess, authorize, monitor, for consistent risk-based security.
Define risk with NIST vocabulary and apply a risk-based security approach aligned to the RMF and CIA triad, then outline the SP 800-30R1 risk assessment steps.
Identify and document the system with a system security plan (SSP) that inventories hardware and software, defines controls, and supports incident response and minimum security baselines.
Learn how to scope and categorize assets in the RMF step, applying risk analysis to determine confidentiality, integrity, and availability impacts, and derive security baselines.
In the US, NIST is the de-facto standard for security, compliance and privacy. If you are doing business with the US federal government, manage critical infrastructure, or maintain personally identifiable information (PII), you must be compliant with NIST standards.
NIST provides the Cybersecurity Framework (CSF) and Risk Management Framework (RMF) to guide organizations on securing their infrastructure, systems, and data. In this course, you will apply the NIST Cybersecurity and Risk Management Frameworks to better protect their infrastructure, detect possible cyber incidents and appropriately respond and recover should they occur. You'll become well-versed in the NIST CSF and RMF, how to implement them, and ways to effectively manage CSF & RMF processes for optimal security, privacy and compliance.
This course provides an overview of the NIST Cybersecurity and Risk Management Frameworks and their application. Organizations may require additional industry-specific knowledge and specialized guidance to tailor these frameworks to their unique needs and compliance requirements.
Upon completing the course, participants should have the knowledge and skills necessary to assess, implement, and enhance cybersecurity practices within their organizations using the NIST Cybersecurity and Risk Management Frameworks. They will be equipped to make informed decisions regarding risk management, establish appropriate controls, and respond to cybersecurity incidents in a proactive and efficient manner.