• Home
  • NIST Bootcamp

NIST Bootcamp

  • Upcoming Events

    July 6 - July 10

    870.04 NIST Bootcamp

    August 3 - August 7

    870.05 NIST Bootcamp

    September 14 - September 18

    870.06 NIST Bootcamp

    October 12 - October 16

    870.07 NIST Bootcamp

    November 2 - November 6

    870.08 NIST Bootcamp

    December 7 - December 11

    870.09 NIST Bootcamp

    Self-Paced - Online courses to suit your schedule

    870.00 NIST Bootcamp self-paced e-learning 2020

Please contact Deep Creek Center for information on scheduling a course.
Course Length
4 days
Credits Earned
28 PDU credits
Powered By APMG Accredited NIST Cybersecurity Professional (NCSP) Curriculum.
In response to the accelerating set of security risks and threats to critical infrastructure sectors, the US Government’s National Institute for Standards and Technology (NIST) was directed to create a cybersecurity framework (CSF) for public and private organizations to use to assess their security practices and controls and to support continual improvement. The NIST cybersecurity framework (CSF) was published in 2014 and critical infrastructure sectors are expected to adopt these practices no later than 2022.

This APMG accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity Framework (NCSF) across an enterprise and its supply chain. The NCSF Practitioner program teaches the knowledge to prepare for the NCSF Practitioner exam plus the skills and abilities to design, build, test, manage and improve a cybersecurity program based on the NCSF.  

What You Will Accomplish

You will:
  • Learn how the NCSF helps you identify, assess, and manage cybersecurity risk
  • Learn to develop a roadmap and scorecard for assessing and improving your cybersecurity risk management approach
  • Develop engineering, technology, and business centers to implement the Controls Factory Model
  • Prioritize investments to maximize positive impact
  • Build cybersecurity and cyber risk scorecards and roadmaps
  • Be able to answer the question – are we secure?
  • Who Should Attend

    Risk Managers, Security Managers, CISOs, all IT staff with security management responsibilities, business relationship managers, business leadership with responsibility for security practices and assurance.
    Course Introduction

    This course looks at cybersecurity risks and instructs students on the best approach to design and build a comprehensive technology focused cybersecurity program and business focused cyber-risk management program that will minimize risks, and at the same time, protect our critical assets. Executives are keenly aware of the risks, but have limited knowledge on the best way to mitigate these risks. We will want to enable our executives to answer the key question – Are we secure?

    The class will include lectures, informative supplemental reference materials, quizzes, exercises and tests. Outcomes and benefits from this class is a practical approach that students can use to build and maintain comprehensive cybersecurity and cyber-risk management programs.  
    Body of Knowledge

    This APMG and NCSC/GCHQ accredited five day in-depth course teaches students how to apply a best practice approach to designing an enterprise risk management cybersecurity program based on the NIST Cybersecurity Framework Informative references and management systems.

    The course is based on the Framework for Improving Critical Infrastructure Cybersecurity, version 1.1 and qualifies for PMI, CompTIA and ISACA Professional Development Credits

    Following the course introduction, the course provides an introduction to the intersection between digital transformation and cybersecurity, which is followed by an overview of the threat landscape.

    With this in place, the course uses the Center for Internet Security Controls as an example of a cybersecurity “informative reference” (mentioned in the NIST Cybersecurity Framework. Each organization that sends candidates to the course should select one or more informative references that match the need of the organization (e.g., HIPAA, PCI-DSS, or NIST 800-171).

    Following an approach to the implementation of cybersecurity controls, the course delves into an organizational approach to cybersecurity that starts governance, management, and a supportive culture, including an understanding of how things occur within the organization concerning three specific areas: work, communication, and improvement.

    Finally, the course provides additional guidance for the cybersecurity practitioner to determine the current state, the desired state, and a plan to close the gap – and to do this over and over again to inculcate it into organizational DNA.

    Course Outline

    The course is organized as follows:
      Chapter 1: Course Overview Reviews at a high level each chapter of the course.
      Chapter 2: Framing the Problem Reviews the main business and technical issues that we will address through the course.
      Chapter 3: The Controls Factory Model Introduces the concept of a Controls Factory Model and the three areas of focus,:
      • the Engineering Center,
      • the Technology Center, and
      • the Business Center.
      Chapter 4: The Threats and Vulnerabilities Provides an overview of cyber –attacks (using the Cyber Attack Chain Model),
      • discusses the top 15 attacks,
      • the most common technical vulnerabilities and ,
      • the most common business vulnerabilities.
      Chapter 5: The Assets and Identities Provides a detailed discussion of
      • asset families,
      • key architecture diagrams,
      • an analysis of business and technical roles, and
      • a discussion of governance and risk assessment.
      Chapter 6: The Controls Framework Provides a detailed analysis of the controls framework based on the NIST Cybersecurity Framework. Includes the five core functions (Identify, Protect, Detect, Respond and Recover).
      Chapter 7: The Technology Controls Provides a detailed analysis of the technical controls based on the Center for Internet Security 20 Critical Security Controls©. This section includes:
      • the controls objective,
      • controls design,
      • controls details, and
      • a diagram for each control.
      Chapter 8: The Security Operations Center (SOC) Provides a detailed analysis of Information Security Continuous Monitoring (ISCM) purpose and capabilities. This section includes an analysis of:
      • people,
      • process,
      • technology, and
      • services provided by a Security Operations Center.
      Chapter 9: Technical Program Testing and Assurance Provides a high-level analysis of technology testing capabilities based on the PCI Data Security Standard (DSS). The testing capabilities include all 12 Requirements of the standard.
      Chapter 10: The Business Controls Provides a high-level analysis of the business controls based on the ISO 27002:2013 Code of Practice. Includes :
      • the controls clauses,
      • objective, and
      • implementation overview.
      The business controls are in support of ISO 27001 Information Security Management System (ISMS).
      Chapter 11: Workforce Development Provides a review of cybersecurity workforce demands and workforce standards based on the NICE Cybersecurity Workforce Framework (NCWF).
      Chapter 12: The Cyber Risk Program Provides a review of the AICPA Proposed Description Criteria for Cybersecurity Risk Management. Covers the 9 Description Criteria Categories and the 31 Description Criteria.
      Chapter 13: Cybersecurity Program Assessment Provides a detailed review of the key steps organizations can use for conducting a Cybersecurity Program Assessment. Assessment results include:
      • a technical scorecard (based on the 20 critical controls),
      • an executive report,
      • a gap analysis and
      • an implementation roadmap.
      Chapter 14: Cyber-risk Program Assessment Provides a review of the Cyber Risk Management Program based on the five Core Functions of the NIST Cybersecurity Framework. This chapter includes a resource guide by the Conference of State Bank Supervisors (CSBS), “Cybersecurity 101 – A Resource Guide for Bank Executives”. Results include:
      • a sample business scorecard,
      • executive report,
      • gap analysis and
      • an implementation roadmap.

    Please contact Deep Creek Center for information.
    It is only a solution if it produces the desired results.