• Home
  • NCSP® Practitioner

NCSP® Practitioner

All prices include the NIST certification exam.

    Upcoming Events

Please contact Deep Creek Center for information on scheduling a course.
Course Length
5 days
Credits Earned
35 PDU credits
Powered By APMG Accredited NIST Cybersecurity Professional (NCSP) Curriculum.

**This course requires a NIST Foundation Certification before sitting the NIST Practitioner exam.**

In response to the accelerating set of security risks and threats to critical infrastructure sectors, the US Government’s National Institute for Standards and Technology (NIST) was directed to create a cybersecurity framework (CSF) for public and private organizations to use to assess their security practices and controls and to support continual improvement. The NIST cybersecurity framework (CSF) was published in 2014 and critical infrastructure sectors are expected to adopt these practices no later than 2022.

This APMG accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity Framework (NCSF) across an enterprise and its supply chain. The NCSF Practitioner program teaches the knowledge to prepare for the NCSF Practitioner exam plus the skills and abilities to design, build, test, manage and improve a cybersecurity program based on the NCSF.  

What You Will Accomplish

You will:
  • Learn how the NCSF helps you identify, assess, and manage cybersecurity risk
  • Learn to develop a roadmap and scorecard for assessing and improving your cybersecurity risk management approach
  • Develop engineering, technology, and business centers to implement the FasTrack Model
  • Prioritize investments to maximize positive impact
  • Build cybersecurity and cyber risk scorecards and roadmaps
  • Be able to answer the question – are we secure?

Who Should Attend

Risk Managers, Security Managers, CISOs, all IT staff with security management responsibilities, business relationship managers, business leadership with responsibility for security practices and assurance.
Course Introduction

This course looks at cybersecurity risks and instructs students on the best approach to design and build a comprehensive technology focused cybersecurity program and business focused cyber-risk management program that will minimize risks, and at the same time, protect our critical assets. Executives are keenly aware of the risks, but have limited knowledge on the best way to mitigate these risks. We will want to enable our executives to answer the key question – Are we secure?

The class will include lectures, informative supplemental reference materials, quizzes, exercises and tests. Outcomes and benefits from this class is a practical approach that students can use to build and maintain comprehensive cybersecurity and cyber-risk management programs.  
 
Body of Knowledge

This APMG and NCSC/GCHQ accredited four day in-depth course teaches students how to apply a best practice approach to designing an enterprise risk management cybersecurity program based on the NIST Cybersecurity Framework Informative references and management systems.

The course is based on the Framework for Improving Critical Infrastructure Cybersecurity, version 1.1 and qualifies for PMI, CompTIA and ISACA Professional Development Credits

This course  provides an introduction to the intersection between digital transformation and cybersecurity, which is followed by an overview of the threat landscape.

With this in place, the course uses the Center for Internet Security Controls as an example of a cybersecurity “informative reference” (mentioned in the NIST Cybersecurity Framework. Each organization that sends candidates to the course should select one or more informative references that match the need of the organization (e.g., HIPAA, PCI-DSS, or NIST 800-171).

Following an approach to the implementation of cybersecurity controls, the course delves into an organizational approach to cybersecurity that starts governance, management, and a supportive culture, including an understanding of how things occur within the organization concerning three specific areas: work, communication, and improvement.

Finally, the course provides additional guidance for the cybersecurity practitioner to determine the current state, the desired state, and a plan to close the gap – and to do this over and over again to inculcate it into organizational DNA.
  

Course Outline

Course Introduction
    The Threat Landscape
    • Digital business threats
    • Thinking like a threat actor
    The Cyber Resilient Organization
    • Organizational strategy and associated cybersecurity risk
    • Using the NIST-CSF to manage strategy-risk
    • Identify, Protect, Detect, Respond and Recover
    Understanding Organizational Capability
    • Governance and assurance
    • Planning
    • Design (people, process, technology, culture)
    • Change management
    • Operate and execute
    • Innovation
    Enabling Organizational Capability
    • Adopt and adapt
    • Protection of business value
    • A FastTrack™ approach to continual improvement
    Improving Organizational Capability using NIST 800-53
    • Gap analysis
    • NIST 800-53 control groups
    • Alignment of NIST 800-53 control groups to organizational capabilities:
    • Governance and assurance
    • Planning
    • Design (people, process, technology, culture)
    • Change management
    • Operate and execute
    • Innovation
    Assuring Organizational Capability using NIST 800-53
    • 800-53 control implementation
    • 800-53 control audit
    • Assurance
    • Cybersecurity risk management capability
    • The link to organizational strategy-risk
    A Scalable Solution
    • Business Context
    • From Simple to More Complex
    • Scalable, appropriate Cybersecurity Risk Management
    Course Closure


    Please contact Deep Creek Center for information.
    It is only a solution if it produces the desired results.

    Deep Creek is pleased to deliver these programs through Cybersecurity Professionals, Ltd., the official Accredited Training Organization for the NIST Cyber Security Professional program.