more
Lynn Fountain, CPA, CGMA, CRMA, MBA, Consultant, Author, Trainer
Former Chief Audit Executive for two global companies, expert in SOX, COSO, ERM and corporate governance frameworks. Nationally recognized trainer, speaker published author.
This instructor has 177 courses »To Access This Course:
As discussed in the segment titled Cyber Programs and Roles, in today’s tech environment it is critical that organizations be pro-active and prepared when considering cyber risk management. Because of the size, complexity, and constant evolution of attack vectors there is no one-size-fits-all way to respond. it is essential to begin somewhere to establish a baseline for identifying the critical components that must be incorporated into any cybersecurity risk management approach.
Multiple risk management frameworks have been introduced including:
- NIST: National Institute of Standards and Technology (NIST) established by executive order in February 2013.
- ISO/IEC Security Control Standard: developed by the International Organization for Standardization and the International Electrotechnical Commission
- FFIEC Cybersecurity Assessment – developed for Financial institutions by the Federal Financial Institutions Examination Council
- SEC/OCIE Cybersecurity Initiative – developed for brokers by the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations
- FCC Cyber Security Planning Guide – developed by the Federal Communications Commission for small businesses
- Although their organization and structures vary, all frameworks attempt to address the same basic functions designed by the NIST Cybersecurity Framework:
- Identify
- Protect
- Detect
- Respond
- Recover
In this course we evaluate several attributes critical to the proper establishment of a cyber risk management program. We delve into the concepts and apply thoughts as to how each component should be evaluated for your organization. The course utilizes the NIST framework as a guide for application.
Learning Objectives
- Explore effective cyber frameworks.
- Identify the National Institute of Standards and Technology (NIST) cyber framework.
- Evaluate components of the NIST cyber framework and their applicability to any framework.
- Explore the concept of framework tiers.
- Explore the concept of framework profiles.
- Identify steps to implement a framework.
Last updated/reviewed: November 23, 2020
Included In Certifications
This course is included in the following Certification Programs:
13 CoursesCorporate Cyber Security Certification
- Cyber Threat – The Modern-Day Fraud: Breaches and Actions
- A Primer on Cyber Security Programs and Roles
- Cyber Risk Frameworks And Concepts
- Cyber Risk Framework - Identify Assets
- Cyber Risk Framework - Prioritize Assets
- Cyber Risk Framework - Protect Assets
- Cyber Risk Framework - Detect Part One
- Cyber Risk Framework - Detect Threats Part Two
- Cyber Risk Framework - Respond
- Cyber Risk Framework - Recover
- Cyber Risk Framework - Utilizing The Tier Approach
- Fraud and Personal Identity Theft
- Fraud and Business Identity Theft
28 CoursesInternal Audit Certificate
- Internal Audit Standards Overview
- Internal Audit Standards - Managing Internal Audit Work
- Internal Audit Standards - Executing the Audit Engagement
- Identifying and Implementing the Proper Balance of Internal Controls
- Documentation Methods For Internal Control Processes
- Segregation of Duties for Core Business Processes
- Foundations for a Strong Internal Audit Department
- Internal Audit Management - Top Skills
- Internal Audit: Keys to Managing an Effective Function
- Understanding Risk-Based Auditing
- Risk Based Auditing – Establishing a Methodology
- Risk Based Auditing – Applying the Methodology
- Cyber Risk Frameworks And Concepts
- Information Technology (IT) Risks in Emerging Business Environments
- Fraud Risk Assessments
- Professional Skepticism - Keys to Maintaining
- Introduction to Forensic Accounting
- The Fraud Triangle
- Internal Audit Effective Relations with the Audit Committee
- COSO 2013 Overview
- COSO 2013 - Operational Execution
- Internal Audit Emerging Risks for 2021 and Beyond - Part 1
- Internal Audit Emerging Risks for 2021 and Beyond - Part 2
- Internal Audit Emerging Risks for 2021 and Beyond - Part 3
- Internal Audit Emerging Risks for 2021 and Beyond - Part 4
- Internal Audit Challenges During Times of COVID
- Tools for Internal Control Certificate
- Lessons of an Auditor- Tools for Internal Control Certificate
24 Reviews (76 ratings)Reviews
Holly Aglio
(CFO at Govplace, Inc.)
This course continues to build on the basics established in the first two courses. I like this certification learning plan - I can see my overall understanding of Cybersecurity improving, and the bite-sized sessions enable me to retain the information I’m learning.
Jeffrey Kirsch
(CFO / VP Finance at Kirsch CFO Advisor)
This is my 3rd training class with Lynn Fountain and this is my first entre into Cyber Security which I find fascinating. I'm very pleased that Lynn is teaching this class. She is an excellent instructor.
Martin Smith
(owner at M. Ward Smith, Inc.)
It is hard to put these concepts into an overall diagram. It seems like there should be one in the material that interrelates all concepts with hierarchy or that segregates them into separate context.
Peter Addison
(Security Consultant at Capgemini)
An example of the application of the framework would greatly enhance this course, otherwise a useful exposure to the key elements of the NIST standard.
Anonymous
(Assistant Internal Audit Manager)
This course provides a brief and basic knowledge on Cyber security frameworks, easy for understanding. Recommend for beginners
Anonymous
(Head of Global Business Assurance)
This is a concise but well organized approach to introducing cyber risk management frameworks with a focus on NIST.
Anonymous
(Finance and IT Consultant)
Great course that covers a great deal about the risk management frameworks with emphasis on NIST. Well done!!!
Anonymous
()
It was easy to understand and gave me an understanding I needed. I will continue to other related courses.
Anonymous
(Associate)
I liked how the core was described and the detail in which the sub-categories were explained
Anonymous
()
Very informative course really increased my knowledge of and need for cyber security network.
Anonymous
()
Program materials were relevant and contributed to the achievement of the learning objectives
Anonymous
()
This was a good course. I liked the way the framework was presented and tied together
Jacqueline Westmoreland
(Internal Review Specialist at FDIC)
This course was very helpful in explaining the cyber risk management framework.
Anonymous
(Senior Internal Auditor)
The course definitely helped to increase knowledge of cyber security frameworks
Anonymous
()
Great course of cyber risk framework and concepts which add value to me
Anonymous
(Consultant)
This instructor is always very good. This course was a nice overview.
Anonymous
(Not Provided)
This is simple explanation of the basic concepts of the NIST framework
Anonymous
(-)
Great course, insightful and full of detail which was very helpful!
Sophia Kasozi
(- at City of Edmonton)
Great overview of the NIST cybersecurity framework.
Thank you.
RICARDO CAMPOLINA DE TOLEDO
( at WPP)
Great view/summary of the NIST framework. Great for beginners.
Anonymous
()
This course provides an understanding of the NIST Framework.
Anonymous
(Program Management)
Great comprehensive course for risk managers and auditors.
Anonymous
()
Cyber Risk Frameworks And Concepts is an excellent course.
Anonymous
(Accountant)
The course was informative on cyber security framework.
Prerequisites
Course Complexity: Intermediate
No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.
Education Provider Information
Company:
Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact:
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .