NIST Cybersecurity Framework (NCSF) Boot Camp Training

The three-day NIST Cybersecurity Bootcamp course is a combination of the NIST Cybersecurity Framework (NCSF) Foundation and Practitioner Training courses. The bootcamp provides a deep dive into the components of the NIST CSF and NIST Risk Management Framework (RMF) and how they align to risk management. The course will follow the principles of the NIST Cybersecurity Framework to design and implement (or improve) a cybersecurity program to protect critical assets. The bootcamp details defense in depth, creation of a Written Information Security Program, and implementing ongoing assessments for a continuous improvement plan. This course is suited for individuals working with and overseeing the cybersecurity of an organization, including CIOs, CISOs, IT Security workforce, and IT Directors/Managers/Personnel.

All questions on the exams were created based on slides and/or courseware content from the the NIST Cybersecurity Framework (NCSF) Training course that students attend.

Passing candidates receive a skills-gap document and an email with their certificate at address used when registering.

 Exam details are as follows:

The online exam does not prevent access to other resources on candidates local computer or online. Candidates are allowed to use such resources while taking the exam. Please note the time limit for each exam. If the time expires before the candidate can complete the exam, all unanswered questions will be scored as incorrect. 

NIST Cybersecurity Framework Bootcamp Certification Exam – 100 questions, 120 minutes, 70% pass (84 correct)

Exam voucher is included.

Module 1: Course Introduction

Provides the student with information relative to the course and the conduct of the course in the classroom, virtual classroom, and course materials.

Module 2: The Basics of Cybersecurity

• What is cybersecurity?
• Types of attackers
• Vulnerabilities
• Exploits
• Threats
• Controls
• Frameworks
• Risk-Based Cybersecurity

Module 3: A Holistic Study of the NIST Cybersecurity Framework

• History
  1. EO 13636
  2. Cybersecurity Enhancement Act of 2014
  3. EO 13800
• Uses and Benefits of the Framework
• Attributes of the Framework
• Framework Component Introduction
  1. Framework Core
  2. Framework Profiles
  3. Framework Implementation Tiers

Module 4: Cybersecurity Activities: The Framework Core

• Purpose of the Core
• Core Functions, Categories, and Subcategories
• Informative References

Module 5: Risk Management Considerations: Framework Implementation Tiers

• Purpose of the Tiers
• The Four Tiers
• Components of the Tiers
• Compare and contrast the NIST Cybersecurity Framework with the NIST Risk Management Framework

Module 6: Current and Desired Outcomes: Framework Profiles

• Purpose of the Profiles
• The Two Profiles
• Interrelationships between the Framework Components

Module 7: A Primer on the Seven Step Framework Implementation Process

• Prioritize and Scope
• Orient
• Create a Current Profile
• Conduct a Risk Assessment
• Create a Target Profile
• Determine, Analyze, and Prioritize Gaps
• Implement Action Plan

Module 8:The Components of the NIST Cybersecurity Framework

• Review of the NIST CSF Major Components
• Tiers and Tier selection
• Current and Target Profiles and the Framework Core
• Informative References
  i. Center for Internet Security Controls v8
  ii. ISO/IEC 27001:2013
  iii. ISO/IEC 27002:2013
  iv. NIST SP 800-53 Rev. 5
• Supply Chain Risk Management in the Enterprise
  
  

Module 9: Risk Management in the NIST CSF and NIST RMF

• Risk Management in the NIST Cybersecurity Framework
• Analyzing the NIST Risk Management Framework
  i. Introduction and History
  ii. Purpose and Use Cases
  iii. Six Steps
  1. Categorize System
  2. Select Controls
  3. Implement Controls
  4. Assess Controls
  5. Authorize System
  6. Monitor Controls
• Integrating the Frameworks
  
  

Module 10: Real World Attacks

• Major Cybersecurity Attacks and Breaches
• Cyber Kill Chain
• MITRE ATT&CK Matrices
  
  

Module 11: Defense in Depth and the NIST Cybersecurity Framework

• Defense in Depth and the NIST CSF
• Zero Trust
• Aligning vendor Controls with Subcategories
• Security Operations Center (SOC) activities and Security Information and Event Management solutions in relation to the Framework
  
  

Module 12: Assessing Security in the Subcategories

• Creating an Assessment Plan
• Assigning Roles and Responsibilities
• Tiers, Threats, Risks, Likelihoods, and Impact
  
  

Module 13: Creating a Written Information Security Programs (WISP)

• The Intersection of Business and Technical Controls
• What is a Written Information Security Program (WISP)?
• Creating a WISP Template
• Aligning Current Profile with a WISP
  
  

Module 14: A Practitioner’s Deep Dive into Creating or Improving a Cybersecurity Program

• Step 1: Prioritize and Scope
  a) Identifying organizational priorities
  b) Aiding and influencing strategic cybersecurity implementation decisions
  c) Determining scope of the implementation
  d) Planning for internal adaptation based on business line/process need
  e) Understanding risk tolerance
• Step 2: Orient
  a) Identifying systems and applications which support organizational priorities
  b) Working with compliance to determine regulatory and other obligations
  c) Planning for risk responsibility
• Step 3: Create a Current Profile
  a) Cybersecurity Assessment options
  b) How to measure real world in relation to the Framework
  c) Qualitative and quantitative metrics
  d) Current Profile and Implementation Tiers
• Step 4: Conduct a Risk Assessment
  a) Risk assessment options (3rd party vs internal)
  b) Organizational vs. system level risk assessment
  c) Risk assessment and external stakeholders
• Step 5: Create a Target Profile
  a) Target Profile and Steps 1-4
  b) External stakeholder considerations
  c) Adding Target Profiles outside the Subcategories
• Step 6: Determine, Analyze, and Prioritize Gaps
  a) Defining and determining Gaps
  b) Gap analysis and required resources
  c) Organizational factors in creating a prioritized action plan
• Step 7: Implement Action Plan
  a) Implementation team design from Executives to Technical Practitioners
  b) Assigning tasks when priorities conflict
  c) Considering compliance and privacy obligations
  d) Taking action
  e) Reporting and reviewing
  
  

Module 15: Continuous Cybersecurity Improvement

• Creating a continuous improvement plan
• Implementing ongoing assessments

There are no prerequisites for this course, although basic Security knowledge will be helpful.

The program is designed for IT and Business professionals who will play an active role in the design and management of an NCSF program.