- Home
- NCSP® Practitioner
NCSP® Practitioner
Please contact Deep Creek Center for information on scheduling a course.
| Course Length |
5 days |
| Credits Earned |
35 PDU credits |
Powered By APMG Accredited NIST Cybersecurity Professional (NCSP) Curriculum.
**This course requires a NIST Foundation Certification before sitting the NIST Practitioner exam.**
In response to the accelerating set of security risks and threats to critical infrastructure sectors, the US Government’s National Institute for Standards and Technology (NIST) was directed to create a cybersecurity framework (CSF) for public and private organizations to use to assess their security practices and controls and to support continual improvement. The NIST cybersecurity framework (CSF) was published in 2014 and critical infrastructure sectors are expected to adopt these practices no later than 2022.
This APMG accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity Framework (NCSF) across an enterprise and its supply chain. The NCSF Practitioner program teaches the knowledge to prepare for the NCSF Practitioner exam plus the skills and abilities to design, build, test, manage and improve a cybersecurity program based on the NCSF.
**This course requires a NIST Foundation Certification before sitting the NIST Practitioner exam.**
In response to the accelerating set of security risks and threats to critical infrastructure sectors, the US Government’s National Institute for Standards and Technology (NIST) was directed to create a cybersecurity framework (CSF) for public and private organizations to use to assess their security practices and controls and to support continual improvement. The NIST cybersecurity framework (CSF) was published in 2014 and critical infrastructure sectors are expected to adopt these practices no later than 2022.
This APMG accredited training program is targeted at IT and Cybersecurity professionals looking to become certified on how to operationalize the NIST Cybersecurity Framework (NCSF) across an enterprise and its supply chain. The NCSF Practitioner program teaches the knowledge to prepare for the NCSF Practitioner exam plus the skills and abilities to design, build, test, manage and improve a cybersecurity program based on the NCSF.
What You Will Accomplish
You will:
- Learn how the NCSF helps you identify, assess, and manage cybersecurity risk
- Learn to develop a roadmap and scorecard for assessing and improving your cybersecurity risk management approach
- Develop engineering, technology, and business centers to implement the FasTrack Model
- Prioritize investments to maximize positive impact
- Build cybersecurity and cyber risk scorecards and roadmaps
- Be able to answer the question – are we secure?
Who Should Attend
Risk Managers, Security Managers, CISOs, all IT staff with security management responsibilities, business relationship managers, business leadership with responsibility for security practices and assurance.
Course Introduction
This course looks at cybersecurity risks and instructs students on the best approach to design and build a comprehensive technology focused cybersecurity program and business focused cyber-risk management program that will minimize risks, and at the same time, protect our critical assets. Executives are keenly aware of the risks, but have limited knowledge on the best way to mitigate these risks. We will want to enable our executives to answer the key question – Are we secure?
The class will include lectures, informative supplemental reference materials, quizzes, exercises and tests. Outcomes and benefits from this class is a practical approach that students can use to build and maintain comprehensive cybersecurity and cyber-risk management programs.
This course looks at cybersecurity risks and instructs students on the best approach to design and build a comprehensive technology focused cybersecurity program and business focused cyber-risk management program that will minimize risks, and at the same time, protect our critical assets. Executives are keenly aware of the risks, but have limited knowledge on the best way to mitigate these risks. We will want to enable our executives to answer the key question – Are we secure?
The class will include lectures, informative supplemental reference materials, quizzes, exercises and tests. Outcomes and benefits from this class is a practical approach that students can use to build and maintain comprehensive cybersecurity and cyber-risk management programs.
Body of Knowledge
This APMG and NCSC/GCHQ accredited four day in-depth course teaches students how to apply a best practice approach to designing an enterprise risk management cybersecurity program based on the NIST Cybersecurity Framework Informative references and management systems.
The course is based on the Framework for Improving Critical Infrastructure Cybersecurity, version 1.1 and qualifies for PMI, CompTIA and ISACA Professional Development Credits
This course provides an introduction to the intersection between digital transformation and cybersecurity, which is followed by an overview of the threat landscape.
With this in place, the course uses the Center for Internet Security Controls as an example of a cybersecurity “informative reference” (mentioned in the NIST Cybersecurity Framework. Each organization that sends candidates to the course should select one or more informative references that match the need of the organization (e.g., HIPAA, PCI-DSS, or NIST 800-171).
Following an approach to the implementation of cybersecurity controls, the course delves into an organizational approach to cybersecurity that starts governance, management, and a supportive culture, including an understanding of how things occur within the organization concerning three specific areas: work, communication, and improvement.
Finally, the course provides additional guidance for the cybersecurity practitioner to determine the current state, the desired state, and a plan to close the gap – and to do this over and over again to inculcate it into organizational DNA.
This APMG and NCSC/GCHQ accredited four day in-depth course teaches students how to apply a best practice approach to designing an enterprise risk management cybersecurity program based on the NIST Cybersecurity Framework Informative references and management systems.
The course is based on the Framework for Improving Critical Infrastructure Cybersecurity, version 1.1 and qualifies for PMI, CompTIA and ISACA Professional Development Credits
This course provides an introduction to the intersection between digital transformation and cybersecurity, which is followed by an overview of the threat landscape.
With this in place, the course uses the Center for Internet Security Controls as an example of a cybersecurity “informative reference” (mentioned in the NIST Cybersecurity Framework. Each organization that sends candidates to the course should select one or more informative references that match the need of the organization (e.g., HIPAA, PCI-DSS, or NIST 800-171).
Following an approach to the implementation of cybersecurity controls, the course delves into an organizational approach to cybersecurity that starts governance, management, and a supportive culture, including an understanding of how things occur within the organization concerning three specific areas: work, communication, and improvement.
Finally, the course provides additional guidance for the cybersecurity practitioner to determine the current state, the desired state, and a plan to close the gap – and to do this over and over again to inculcate it into organizational DNA.
Course Outline
Course Introduction
- Digital business threats
- Thinking like a threat actor
- Organizational strategy and associated cybersecurity risk
- Using the NIST-CSF to manage strategy-risk
- Identify, Protect, Detect, Respond and Recover
Understanding Organizational Capability
- Governance and assurance
- Planning
- Design (people, process, technology, culture)
- Change management
- Operate and execute
- Innovation
- Adopt and adapt
- Protection of business value
- A FastTrack™ approach to continual improvement
- Gap analysis
- NIST 800-53 control groups
- Alignment of NIST 800-53 control groups to organizational capabilities:
- Governance and assurance
- Planning
- Design (people, process, technology, culture)
- Change management
- Operate and execute
- Innovation
Assuring Organizational Capability using NIST 800-53
- 800-53 control implementation
- 800-53 control audit
- Assurance
- Cybersecurity risk management capability
- The link to organizational strategy-risk
- Business Context
- From Simple to More Complex
- Scalable, appropriate Cybersecurity Risk Management
Prerequisites
NIST Foundations certification required before the NIST Practitioner exam can be attempted. If you have not taken NIST Foundations, please see here for the NIST Bootcamp. NIST Bootcamp is a combination NIST Foundations and NIST Practitioner class that requires only one exam.Exam
While the exam is included in the price of the program, the exam voucher will not be issued until the NIST Foundations certification exam has been passed. Optional Exam required for certification. The Certification is through APMG. Student must pass a 120 minute, 65 question closed book multiple choice, examination with a passing score of 60% in order to receive the certificationOnsite Programs
Onsite program offerings can include an added day NCSF simulation program to help your organization assess your readiness and identify continual improvement areas of focus. Please contact us for more information.
Please contact Deep Creek Center for information.
It is only a solution if it produces the desired results.
It is only a solution if it produces the desired results.