
As discussed in the segment titled Cyber Programs and Roles, in today’s tech environment it is critical that organizations be pro-active and prepared when considering cyber risk management. Because of the size, complexity, and constant evolution of attack vectors there is no one-size-fits-all way to respond. it is essential to begin somewhere to establish a baseline for identifying the critical components that must be incorporated into any cybersecurity risk management approach.
Multiple risk management frameworks have been introduced including:
- NIST: National Institute of Standards and Technology (NIST) established by executive order in February 2013.
- ISO/IEC Security Control Standard: developed by the International Organization for Standardization and the International Electrotechnical Commission
- FFIEC Cybersecurity Assessment – developed for Financial institutions by the Federal Financial Institutions Examination Council
- SEC/OCIE Cybersecurity Initiative – developed for brokers by the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations
- FCC Cyber Security Planning Guide – developed by the Federal Communications Commission for small businesses
- Although their organization and structures vary, all frameworks attempt to address the same basic functions designed by the NIST Cybersecurity Framework:
- Identify
- Protect
- Detect
- Respond
- Recover
In this course we evaluate several attributes critical to the proper establishment of a cyber risk management program. We delve into the concepts and apply thoughts as to how each component should be evaluated for your organization. The course utilizes the NIST framework as a guide for application.
Learning Objectives
- Explore effective cyber frameworks.
- Identify the National Institute of Standards and Technology (NIST) cyber framework.
- Evaluate components of the NIST cyber framework and their applicability to any framework.
- Explore the concept of framework tiers.
- Explore the concept of framework profiles.
- Identify steps to implement a framework.
Included In Certifications
This course is included in the following Certification Programs:
13 CoursesCorporate Cyber Security Certification
- Cyber Threat – The Modern-Day Fraud: Breaches and Actions
- A Primer on Cyber Security Programs and Roles
- Cyber Risk Frameworks And Concepts
- Cyber Risk Framework - Identify Assets
- Cyber Risk Framework - Prioritize Assets
- Cyber Risk Framework - Protect Assets
- Cyber Risk Framework - Detect Part One
- Cyber Risk Framework - Detect Threats Part Two
- Cyber Risk Framework - Respond
- Cyber Risk Framework - Recover
- Cyber Risk Framework - Utilizing The Tier Approach
- Fraud and Personal Identity Theft
- Fraud and Business Identity Theft
23 Reviews (71 ratings)Reviews
Prerequisites
No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.