NIST Cybersecurity and Risk Management Frameworks

Apply, adapt, respond, and recover using the NIST framework21 H 20 M

Just you? Training a whole team? There's an ITProTV plan that fits.

Start Training Today
  • Topic 1:NIST Cybersecurity Overview
    • Course Overview
    • NIST Cybersecurity and Publications
    • NIST Relationships
    • NIST CSF & RMF Overview
    • NIST CSF Core, Tiers, and Profiles
    • The Vocabulary of Risk
    • NIST Frameworks & Standards Case Study
  • Topic 2: NIST CSF Identify
    • NIST Core Review and Identify Function Overview
    • Inventory of Critical Assets
    • Business Impact Assessment
    • Security Policies and Procedures
  • Topic 3: NIST CSF Protect Function
    • NIST Core Review and Protect Function Overview
    • Awareness & Training
    • Access Control
    • Protective Technology - Network
    • Protective Technology - Systems
    • Data Security and Encryption
    • Maintenance
    • Personnel and Physical Security
  • Topic 4: NIST CSF Detect Function
    • System Auditing and Logging
    • Monitoring and Alerting
    • Assessments
  • Topic 5: NIST CSF Respond Function
    • Response Planning
    • Incident Response Plan Examples
    • Digital Forensics
    • Response Training and Testing
    • Mitigation and Improvements
  • Topic 6: NIST CSF Recover Function
    • Continuity of Operations Plan
    • Backup and Recovery
    • Virtualization and the Cloud
  • Topic 7: NIST RMF Preparation
    • NIST RMF Overview & Preparation
    • A Risk-Based Approach to Security
    • The RMF Preparation Step
    • System Security Plan (SSP)
  • Topic 8: NIST RMF Categorization
    • Categorizing Information Systems
    • Establishing Scope
    • The RMF Categorize Step
    • Categorization Risk Analysis
  • Topic 9: NIST RMF Control Selection
    • Selecting Security Controls
    • NIST Control Documents
    • Setting and Tailoring Control Baselines
    • Control Allocation and Monitoring
    • Documentation and Approval
  • Topic 10: NIST RMF Control Implementation
    • Security Control Implementation
    • Common Controls
    • Documenting Controls
  • Topic 11: NIST RMF Control Assessment
    • NIST RMF Assessment Step and Process
    • Assessment Plan
    • Conducting the Assessment
    • Analyzing Assessment Results
    • Assessment Documentation
    • Risk Remediation
  • Topic 12: NIST RMF Authorization
    • System Authorization
    • Risk Response
  • Topic 13: NIST RMF Risk Monitoring
    • Monitoring Controls Step
    • Change Management and Configuration Control
    • System Disposal (EOL)

Course Overview

3 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

NIST provides the Cybersecurity Framework (CSF) and Risk Management Framework (RMF) to guide organizations on securing their infrastructure, systems, and data. In this course, you will apply the NIST Cybersecurity and Risk Management Frameworks to better protect their infrastructure, detect possible cyber incidents and appropriately respond and recover should they occur. You'll become well-versed in the NIST CSF and RMF, how to implement them, and ways to effectively manage CSF & RMF processes for optimal security, privacy and compliance.

You're watching ITProTV. [MUSIC] >> Hey, thank you for choosing ITProTV. I'm your host Zach Memos for NIST cyber security and risk management frameworks, a great course. And joining me is our subject matter expert, Adam Gordon. >> Hello, everybody. Zach, how you doing? >> I'm doing well. So nice to see you here. >> Looking sniffy in that sweater, I like that >> Well, I know and you know, things a little bit different, aren't they? >> They are, you don't always see me in a jacket. >> Well, we're part of the ACI Learning company right now and so we have a little bit of ACI action going on, lovely sweater here. And before we get going talking about the course, tell us a little bit about yourself. >> Well, for those of you that are familiar with Zach and I, both are each of us individually from the ITProTV world. You'll know that I've been in the industry, working as an IT professional, an audit professional for decades. At this point in my career, I'm a consultant, I work with customers, helping them to implement IT security and infrastructure and audit that security and infrastructure posture for them globally. I have for a very long time, I work with governments, with militaries, private and public sectors all over the world. I also spend my time roughly splitting my time equally in that respect with doing what we call here at ACI Learning, entertainment. Spend my time, as many of us do here in the ACI studios, spending time with you. Helping create engaging and innovative, and creative content, in this case, around the NIST CSF, cybersecurity and RMF, first management frameworks. And our conversation around those frameworks is what we're gonna be spending time going through, and hopefully you'll join us for that journey. >> Well, I want to and I'm going to. >> [LAUGH] I hope so because I can't do it without you. >> Let me ask you this, what's in it for me, what can we hope to learn? >> So, when we think about what's in it for all of us, right? Whether you're an IT professional, whether you're an audit professional, perhaps both as I am and many of you, maybe. There's gonna be a lot of discussion about both the cybersecurity framework as well as the risk management framework. Whether it's individual or collective in terms of how you approach one or both of those. We're gonna take a look at what NIST's guidance on those frameworks is? Why those frameworks are important to IT and audit professionals? How that guidance can be used to drive the understanding of risk? But also then the addressing of risk remediation and control based activities. And from an audit, and compliance perspective, we bring that oversight and that verification validation to bear for the betterment of the organization. And that's really what we wanna focus on, and understand is the most valuable aspect of what we can help you to go through this part of the course. >> And lastly, why are you excited about this course? >> Well, I'm excited because I get to wear a jacket which I never get to do. It's very rare these days I get to dress up. So you're gonna see me in a sport coat and a collar shirt. Several of them actually throughout the course cuz I do have several wardrobe changes which is also exciting. But I'm excited, number one, to get to spend time with Zach. And both of us I think, it's fair to say are excited about being able to spend time with you talking about the frameworks. Helping you to walk through them in new and interesting ways. Certainly many of the traditional aspects of what we do here at ITProTV as we go through the course will be familiar to you. Some of which you may not have seen before aside from the wardrobe, obviously. But we will be looking at things from a slightly different perspective. We'll take some opportunities to invite you to have self-directed exercises, as well as case study driven interactions. And we'll certainly take a lot of time and effort to break down the material, explain how it all is connected. And to remind you constantly of the importance of looking at this from the real world perspectives of both an IT as well as an audit professional. And see how that guidance can be applied to your everyday practice, to the betterment of your organization. But also the betterment of your customers and your clients as you seek to put this into practice with them. >> Thank you, my jacketed and friend, and thank you. And by the way, NIST cyber security and risk management framework sounds like something you'd be interested in. You can check it out in our course library. This is Zach for ITProTV. >> I'm Adam Gordon. >> See you soon. >> Take care everybody. >> Thank you for watching ITProTV. [MUSIC] [BLANK_AUDIO]