1 - Digital Transformation
Explores what the Practitioner needs to know about the relationship between digital transformation and cybersecurityExplain how to determine the impact of cybersecurity on DX.Explain the relationships between culture and digital transformation from the perspective of a practitioner.Explain the delivery of value to stakeholders in a DX & cybersecurity environment.Illustrate the interdependent relationship between cybersecurity and DX.
2 - Threat Landscape
The Practitioner needs to understand what threat actors do and their capabilities.Compare the evolving attack type impact to the threat environment.Apply knowledge about the threat landscape to maintain a readiness to respond.Develop a risk profile based on business impact analysisEstablish the relationship between awareness and training in the continual improvement of cybersecurity posture.Develop and treat training & awareness as a critical aspect of deterrenceUse knowledge about the threat landscape as a predicate to the adoption and adaptation of your cybersecurity posture.
3 - The Controls
This chapter provides a sample set of controls based on an informative reference.Understand the purpose goals & objectives for each control.Characterize & explain the informative reference controlsDiscover how to apply the controls in an organizational context.
4 - Adopt & Adapt
Adopt is a decision about governance; adapt is the set of management decisions that result from the decision to adopt.Distinguish Adopt, Adapt, Management & Governance.Develop an approach to adoption & adaptation.Distinguish & demonstrate the impact of organizational culture on developing cybersecurity as a capability.Develop an assessment approach to define current state.
5 - Adaptive Way of Working
Threat actors are agile and highly adaptive. The cybersecurity Practitioner must develop the same capabilitiesBreak down what constitutes an adaptive approach.Characterize & apply the need for crossfunctional teams.Recognize and prioritize the first steps (get started).Demonstrate & establish cybersecurity phases.Break down the impact of the flows.
6 - Rapid Adoption & Rapid Adaptation FastTrack
FastTrack™ is an approach to allow organizations to learn to adapt to an evolving threat landscape rapidly.Approach: Establish what it takes to adopt CS.Determine how that impacts management adaptation of CS.Determine how that impacts the capability to assess.CS Capability: Determine the gap between existing & needed capabilities.Establish what must be developed.Develop appropriate risk management profile.Discover how cybersecurity impacts people, practice & technology impacts organization.Differentiate CIS Implementation groups.Determine appropriate implementation group & approach.Develop appropriate phase approaches.
7 - CIIS Practice
Cybersecurity is an ongoing game of cat and mouse. Organizations must learn how to inculcate cybersecurity improvement into their DNA.Break down & develop mechanisms for ongoing cybersecurity improvement that includes developing a learning organization.Illustrate an improvement plan based on the NIST 7-Step Approach.Illustrate an improvement plan based on the Improvement GPSDemonstrate understanding of Cybersecurity Maturity Model CertificationBreak down the balancing loop & how it fits into the escalation archetypeUse the Fast Track™ (improvement & implementation) cycles.
Actual course outline may vary depending on offering center. Contact your sales representative for more information.
Who is it For?
This course assumes the student has successfully taken and passed the NCSF Foundation 2.0 course based on the NIST Cybersecurity Framework version 1.1, release April 2018. Following the course introduction, the course provides an introduction to the intersection between digital transformation and cybersecurity, which is followed by an overview of the threat landscape. Following an approach to the implementation of cybersecurity controls, the course delves into an organizational approach to cybersecurity that starts governance, management, and a supportive culture,Finally, the course provides additional guidance for the cybersecurity practitioner to determine the current state, the desired state, and a plan to close the gap – and to do this over and over again to inculcate it into organizational DNA.