This course is a premium course it can be accessed either by individual purchase or through a premium subscription

Purchase this course | $54

Cyber risk is one of the top business risks today.  Information technology continues to evolve and cyber risk continues to escalate.  It is important that all individuals understand the basics of cyber risk and threats.  In addition, organizations must learn to develop effective cyber risk programs and appropriately measure cyber risk.

This course is complimentary to courses on:

  • Cyber risk management frameworks
  • Cyber programs and roles
  • Cyber breaches and actions

As discussed in the segment on cyber risk management frameworks, multiple risk management frameworks exist and can be effectively utilized by organizations to establish their cyber programs.  These learning segments utilize the NIST Framework (National Institute of Standards and Technology (NIST) established by executive order in February 2013) as a template for assisting in understanding the various components that should be assessed related to cyber risk. This course delves into the process of assessing risk management status utilizing the tier concept.

The NIST framework introduces the concept of tiers. Tiers are utilized to help an organization determine its current cyber risk management status. Tiers can also be used when determining the desired risk management status. The tier concept and its execution can be compared to the maturity model concept utilized in Enterprise Risk Management (ERM). However, the tiers are NOT representative of maturity level. The manner or process utilized for the organization to determine its tier level can be similar to an ERM maturity assessment.

Regardless of the specific framework chosen to follow for a risk management program, the tier concept can be an effective addition to any cyber risk management program.  

Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to

Learning Objectives
  • Identify the National Institute of Standards and Technology (NIST) tiers. 
  • Explore the meaning and impact of tier one.
  • Explore the meaning and impact of tier two.
  • Explore the meaning and impact of tier three.
  • Explore the meaning and impact of tier four. 
  • Identify how to assess tiers.
  • Explore how to utilize tier measurement.
  • Explore how to properly inform and position your organization to properly manage cyber risk.
Last updated/reviewed: March 21, 2024

Included In Certifications

This course is included in the following Certification Programs:

13 CoursesCorporate Cyber Security Certification

  1. Cyber Threat – The Modern-Day Fraud: Breaches and Actions
  2. A Primer on Cyber Security Programs and Roles
  3. Cyber Risk Frameworks And Concepts
  4. Cyber Risk Framework - Identify Assets
  5. Cyber Risk Framework - Prioritize Assets
  6. Cyber Risk Framework - Protect Assets
  7. Cyber Risk Framework - Detect Part One
  8. Cyber Risk Framework - Detect Threats Part Two
  9. Cyber Risk Framework - Respond
  10. Cyber Risk Framework - Recover
  11. Cyber Risk Framework - Utilizing The Tier Approach
  12. Fraud and Personal Identity Theft
  13. Fraud and Business Identity Theft
6 Reviews (27 ratings)


Member's Profile
Whilst NIST and Tiers are not maturity one approach might be to relate the tiers to risk and control profiles that an organisation might want to adopt either wholly across the organisation or in a fragmented manner across those parts of the business where a given tier of controls/risk can be justified to ensure a balanced approach to delivering and maintaining security is leveraged for business benefit.

Member's Profile
Great course! The information is helpful and prevelant for use in measuring cyber risk utilizing tiers.

Anonymous Author
I now understand the meaning and purpose of the 4 tiers, and how to perform he assessment.

Anonymous Author
The material in the course was sufficient to provide a broad understanding of the tiers

Member's Profile
Thanks for a great course. The Tier assessment was very interesting.

Member's Profile
Really educational! Thanks Lynn! Instructor(s) was effective.

Course Complexity: Intermediate

No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
  Introduction to Measuring Cyber Risk Utilizing Tiers4:35
  NIST Tiers & Tier One Partial12:22
  Tier Two & Tier Three9:54
  Tier Four: Adaptive6:31
  Assessing Tiers17:38
  Utilizing Tier Measurement3:09
  Communicate Tier Level and Position Organization to Manage Cyber Risk11:52
  Measuring Cyber Risk Utilizing Tiers 1:08:37
  Slides: Measuring Cyber Risk Utilizing TiersPDF
  Measuring Cyber Risk Utilizing Tiers Glossary/IndexPDF