Cyber Risk Frameworks And Concepts

Course Access: Lifetime
Take this Course
Course Overview

As discussed in the segment titled Cyber Programs and Roles, in today’s tech environment it is critical that organizations be pro-active and prepared when considering cyber risk management.  Because of the size, complexity, and constant evolution of attack vectors there is no one-size-fits-all way to respond. it is essential to begin somewhere to establish a baseline for identifying the critical components that must be incorporated into any cybersecurity risk management approach. 

Multiple risk management frameworks have been introduced including:

  • NIST: National Institute of Standards and Technology (NIST) established by executive order in February 2013.
  • ISO/IEC Security Control Standard: developed by the International Organization for Standardization and the International Electrotechnical Commission 
  • FFIEC Cybersecurity Assessment – developed for Financial institutions by the Federal Financial Institutions Examination Council 
  • SEC/OCIE Cybersecurity Initiative – developed for brokers by the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations 
  • FCC Cyber Security Planning Guide – developed by the Federal Communications Commission for small businesses 
  • Although their organization and structures vary, all frameworks attempt to address the same basic functions designed by the NIST Cybersecurity Framework: 
    • Identify
    • Protect
    • Detect
    • Respond
    • Recover 

In this course we evaluate several attributes critical to the proper establishment of a cyber risk management program. We delve into the concepts and apply thoughts as to how each component should be evaluated for your organization.  The course utilizes the NIST framework as a guide for application.

Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.

Leave A Comment