Implementing NIST SP 800-37R2 Risk Management Framework (RMF) and NIST SP 800-53R5 Security and Privacy Controls
If your job requires you to manage cyber security risks in the high-stakes world of enterprise IT, this course is for you. You’ll examine risks, threats, opportunities, and vulnerabilities at the strategic and operational levels. This includes Cybersecurity IT value generation for the business, and the IT NIST Risk Management Framework (RMF).
What you’ll learn
- Take a risk-based approach developing such as a Risk Mangment program.
- Understand the key components of a NIST RMF.
- Develop required security policies, standards, and guidelines.
- Understand the key NIST security controls and countermeasures, how and when to apply them, and under which state condition.
- Understand information risk management and compliance.
- Apply appropriate risk-management techniques and models including risk scenarios..
- Align cyber security and enterprise risk management with NIST RMF.
- Manage and monitor the status of risk-management strategies and plans.
- Design and use effective techniques to communicate Cybersecurity risks to stakeholders in a clear manner..
- Select and tailor NIST secuirty and privacy controls.
Course Content
- Introduction –> 3 lectures • 11min.
- The Course case study –> 1 lecture • 3min.
- IT Cyber Security Risk –> 10 lectures • 57min.
- NIST 800-37 R2 Risk Management Framework –> 1 lecture • 7min.
- RMF Preparation Step 1 –> 1 lecture • 5min.
- RMF Categorize Information Systems Step 2 –> 1 lecture • 6min.
- RMF Select Security Controls Step 3 –> 3 lectures • 13min.
- RMF Implement NIST Security Controls step 4 –> 2 lectures • 6min.
- RMF Assess Security Controls step 5 –> 4 lectures • 19min.
- RMF Authorize Information System step 6 –> 1 lecture • 3min.
- RMF Monitor Security Controls step 7 –> 2 lectures • 11min.
- NIST RMF Knowledge Resources and Best Practices –> 2 lectures • 6min.
- CMMI maturity model and NIST RMF –> 1 lecture • 3min.
- Cyber Security Risk Metrics Indicators –> 1 lecture • 5min.
- NIST RMF Quick Start Guide, Frequently Asked Questions (FAQs) –> 1 lecture • 2min.
- Conclusions –> 1 lecture • 3min.
Requirements
- Basic Cybersecurity Knowledge.
If your job requires you to manage cyber security risks in the high-stakes world of enterprise IT, this course is for you. You’ll examine risks, threats, opportunities, and vulnerabilities at the strategic and operational levels. This includes Cybersecurity IT value generation for the business, and the IT NIST Risk Management Framework (RMF).
You’ll also explore risk appetite, risk tolerance, and mitigation strategies, selecting, implementing, tailoring, assessing, and monitoring NIST security controls. The course case study will highlight issues related to legal and regulatory compliance and stakeholder communication.
By the end of this course, you will be able to:
- Understand the seven-step NIST Risk management and compliance
- Apply appropriate risk-management techniques and models including risk scenarios.
- Conduct risk analysis and assessment
- Align cyber security and enterprise risk management.
- Manage and monitor the status of NIST risk-management strategies and plans.
- Provide oversight of related legal and regulatory compliance such as HIPPA and credit card regulation PCI DSS
- Design and use effective techniques to communicate Cybersecurity risks to stakeholders in a clear manner
- Select and tailor the proper NIST security and privacy controls
- Understand the difference between IT audit and assessment.
- Track risks and create cyber security performance indicators
The course will provide you with a foundational understanding of risk and how to identify, assess, and mitigate risk. You will become familiar with the concepts, tools, and techniques used to develop a risk management process. You will also learn how to use these tools and techniques to effectively manage risk using the NIST seven-step approach along with security and privacy controls.