This is a multi-part series to assist the participant in evaluating all the necessary components to conducting a cyber risk assessment. The purpose of a cyber risk assessment lies in the objectives of ensuring:

  • Availability
  • Confidentiality
  • Integrity of data
  • Integrity of processing

We utilize the National Institute of Standards and Technology (NIST) cybersecurity framework to walk through various elements that should be considered with a cyber risk assessment.   A previous segment delved into the first function outlined by NIST which is the “Identify” concept. This segment will delve into the “protect” function.

We try to protect our information assets and systems against attack. Protection strategies can be the first line of defense, and breaches usually are a failure of protection strategies. Utilizing the concepts of categories and sub-categories an organization can effectively begin to map out their cyber risk process. The sub-categories of the protect function include:

  • Awareness control
  • Awareness and training
  • Data security
  • Information protection and procedures
  • Maintenance
  • Protective technologies

This segment is dedicated to delving into each of these sub-categories and outlining possible considerations for protecting information and cyber assets.

Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.

Learning Objectives
  • Explore the objectives of a cyber risk management assessment.
  • Explore security control designations.
  • Explore the concept of baseline controls.
  • Identify the requirements of ensuring awareness control within the protect function.
  • Identify the requirements of ensuring awareness and training within the protect function.
  • Identify the requirements of ensuring data security within the protect function.
  • Identify the requirements of ensuring information protection and procedures within the protect function.
  • Identify the requirements of ensuring maintenance within the protect function.
  • Identify the requirements of ensuring protective technology within the protect function.
Last updated/reviewed: August 21, 2023

Included In Certifications

This course is included in the following Certification Programs:

13 CoursesCorporate Cyber Security Certification

  1. Cyber Threat – The Modern-Day Fraud: Breaches and Actions
  2. A Primer on Cyber Security Programs and Roles
  3. Cyber Risk Frameworks And Concepts
  4. Cyber Risk Framework - Identify Assets
  5. Cyber Risk Framework - Prioritize Assets
  6. Cyber Risk Framework - Protect Assets
  7. Cyber Risk Framework - Detect Part One
  8. Cyber Risk Framework - Detect Threats Part Two
  9. Cyber Risk Framework - Respond
  10. Cyber Risk Framework - Recover
  11. Cyber Risk Framework - Utilizing The Tier Approach
  12. Fraud and Personal Identity Theft
  13. Fraud and Business Identity Theft
42 Reviews (179 ratings)

Reviews

5
Anonymous Author
Excellent overview of the NIST Protection framework for protection of assets from cyber threats. Very comprehensive discussion that covers a wide spectrum of IT controls and systems practices to help ensure mitigation of risks from cyber threats.

5
Member's Profile
Lynn did a great job walking through the material and objectives. The course was divided into organized sections in whhich Lynn talked about the importance of the various security controls to meet the objective of the overall security function.

4
Member's Profile
Очень сложно разбираться в одних голых терминах на английском языке. Курс надо увеличить с подробными примерами из практики

4
Anonymous Author
There are no trick questions on the exam. I appreciate that given that a cyber risk framework is pretty wordy and you can interpret words in so many ways (unlike numbers!)

4
Member's Profile
Great summary / view of the Cyber Risk Assessment: Protect from NIST framework. Good for those who are not experts but are interested to know more about the topic.

5
Anonymous Author
Lynn has provided a good understanding of one of the core areas that needs attention and action based on the NIST framework on cyber security. Well done!!!

5
Member's Profile
This is a fairly detailed summary of the Protect function of the NIST framework, but is presented in a fairly straightforward, easy to understand manner.

5
Anonymous Author
Great concise course over protection techniques / controls for Cyber relate risks. I would recommend this course to an entry level IT Audit associate.

4
Anonymous Author
The course provides a good understanding for Protection function of NIST framework. The instructor made it easy for beginners to capture the knowledge

4
Anonymous Author
.................................................................................................................................................

4
Anonymous Author
This course provides an good understanding of the types of cyber controls, why they are important, and examples of cyber control procedures.

4
Anonymous Author
The categories and sub-categories were well defined and explained. Procedures to ensure the Protect function was explained in detail.

3
Member's Profile
Not sure but it seems like protect was a subcategory of itself. The structure of all these items gets very difficult to follow.

5
Anonymous Author
I find the course very useful in a sense that it provides a comprehensive review of cyber risk framework over assets protection.

4
Anonymous Author
Very good course which helped me to understand the process of creating a cyber risk assessment. Instructor was also very good.

5
Member's Profile
This a great course, I really enjoyed and learn new things. The instructor is excellent in her presentation and explanations

5
Anonymous Author
This course provided a detailed understanding of the protect funtion of the framework, and was explained well and in detail.

4
Anonymous Author
Great course for aspiring IT auditors. Should have basic knowledge of ITGCs and Application controls would be helpful

5
Anonymous Author
Great break-down of Cyber Risks and creating the baselines needed to start reporting on organizational controls.

5
Member's Profile
Another additional improvement would be to provide detailed explanations of incorrect answers on quiz and final

4
Anonymous Author
Nice overview of cyber risk framework for protecting assets - gonna keep an eye out on our internal processes.

5
Anonymous Author
NIST can be intimidating. This series is a good breakdown of the components to make it understandable.

5
Anonymous Author
The course is refreshing. Nothing surprised me. This will be highly beneficial to non-IT professionals.

4
Anonymous Author
Excellent course in the cyber risk assessment series. This course covers the Protect portion in NIST.

5
Anonymous Author
Program materials were relevant and contributed to the achievement of the learning objectives

5
Anonymous Author
This cyber risk assessment overview was on point for understanding baselines, well done.

5
Anonymous Author
Good course on the cyber risk framework, very well put together and easy to follow!

5
Member's Profile
Course is comprehensive and well presented, especially for novices in this arena.

5
Anonymous Author
Great course. Provides valuable information on protecting assets from threats.

4
Anonymous Author
Very good course of cyber risk framework - Protect Assets which add value to me

5
Anonymous Author
Great overview of cybersecurity. Linkage to NIST was clear. Slides were clear.

4
Anonymous Author
i am grateful to expanding my learning in this area. thank you very much

3
Anonymous Author
The definitions were clear enabling future application of the concepts.

4
Anonymous Author
The course was useful and provided insight into protection strategies.

5
Member's Profile
Provided an excellent insight to the Protect category of controls.

5
Member's Profile
Good overview, well organized and presented, good for beginners.

5
Member's Profile
The details of Categories and sub-categories are well explained.

5
Anonymous Author
Good course, easy to follow, topics are current and relatable.

5
Member's Profile
Lynn’s course on the Cyber Risk Framework was well presented

5
Anonymous Author
Cyber Risk Framework - Protect Assets is an excellent course.

3
Anonymous Author
well thought out and acceptable for cpe review purposes

5
Anonymous Author
Crucial topic for audit function to master and perform

Prerequisites
Course Complexity: Intermediate

No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
INTRODUCTION AND OVERVIEW
  Introduction and Objectives to Cyber Risk Assessment: Protect14:49
  Security Control Designations9:54
  Control Baselines & Identity Management and Access Control15:18
  Identities and Credentials15:25
  Awareness and Training12:54
  Data Structures & Security9:57
  Information Protection Processes and Procedures6:59
  Maintenance3:32
  Protective Technologies7:39
  Summary2:16
CONTINUOUS PLAY
  Cyber Risk Assessment: Protect 1:38:43
Supporting Materials
  Slides: Cyber Risk Assessment: ProtectPDF
  Cyber Risk Assessment: Protect Glossary/IndexPDF
REVIEW AND TEST
  REVIEW QUESTIONSquiz
 FINAL EXAMexam