Instructor for this course

As discussed in the segment titled Cyber Programs and Roles, in today’s tech environment it is critical that organizations be pro-active and prepared when considering cyber risk management.  Because of the size, complexity, and constant evolution of attack vectors there is no one-size-fits-all way to respond. it is essential to begin somewhere to establish a baseline for identifying the critical components that must be incorporated into any cybersecurity risk management approach. 

Multiple risk management frameworks have been introduced including:

  • NIST: National Institute of Standards and Technology (NIST) established by executive order in February 2013.
  • ISO/IEC Security Control Standard: developed by the International Organization for Standardization and the International Electrotechnical Commission 
  • FFIEC Cybersecurity Assessment – developed for Financial institutions by the Federal Financial Institutions Examination Council 
  • SEC/OCIE Cybersecurity Initiative – developed for brokers by the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations 
  • FCC Cyber Security Planning Guide – developed by the Federal Communications Commission for small businesses 
  • Although their organization and structures vary, all frameworks attempt to address the same basic functions designed by the NIST Cybersecurity Framework: 
    • Identify
    • Protect
    • Detect
    • Respond
    • Recover


In this course we evaluate several attributes critical to the proper establishment of a cyber risk management program. We delve into the concepts and apply thoughts as to how each component should be evaluated for your organization.  The course utilizes the NIST framework as a guide for application.

Learning Objectives

  • Explore effective cyber frameworks.
  • Identify the National Institute of Standards and Technology (NIST) cyber framework.
  • Evaluate components of the NIST cyber framework and their applicability to any framework.
  • Explore the concept of framework tiers.
  • Explore the concept of framework profiles.
  • Identify steps to implement a framework.
Last updated/reviewed: November 24, 2019

Included In Certifications

This course is included in the following Certification Programs:

13 CoursesCorporate Cyber Security Certification

  1. Cyber Threat – The Modern-Day Fraud: Breaches and Actions
  2. A Primer on Cyber Security Programs and Roles
  3. Cyber Risk Management Frameworks and Concepts
  4. Cyber Risk Assessment - Identify Critical Assets
  5. Cyber Risk Assessment – Prioritize Assets for Protection
  6. Cyber Risk Assessment - Protect Assets from Threats
  7. Cyber Risk Assessment – Detect Threats Part One
  8. Cyber Risk Assessment – Detect Threats Part Two
  9. Cyber Risk Assessment – Respond to Incidents
  10. Cyber Risk Assessment – Recover from Incidents
  11. Measuring Cyber Risk Utilizing Tiers
  12. Personal Identity Theft
  13. The Business Identity Theft Crisis

14 Reviews (48 ratings)Reviews

Anonymous Author
Very informative course really increased my knowledge of and need for cyber security network.
Member's Profile
This course continues to build on the basics established in the first two courses. I like this certification learning plan - I can see my overall understanding of Cybersecurity improving, and the bite-sized sessions enable me to retain the information I’m learning.
Member's Profile
It is hard to put these concepts into an overall diagram. It seems like there should be one in the material that interrelates all concepts with hierarchy or that segregates them into separate context.
Member's Profile
An example of the application of the framework would greatly enhance this course, otherwise a useful exposure to the key elements of the NIST standard.
Anonymous Author
This is a concise but well organized approach to introducing cyber risk management frameworks with a focus on NIST.
Anonymous Author
Great course that covers a great deal about the risk management frameworks with emphasis on NIST. Well done!!!
Anonymous Author
It was easy to understand and gave me an understanding I needed. I will continue to other related courses.
Anonymous Author
I liked how the core was described and the detail in which the sub-categories were explained
Anonymous Author
This was a good course. I liked the way the framework was presented and tied together
Anonymous Author
The course definitely helped to increase knowledge of cyber security frameworks
Member's Profile
This course was very helpful in explaining the cyber risk management framework.
Anonymous Author
This instructor is always very good. This course was a nice overview.
Anonymous Author
This is simple explanation of the basic concepts of the NIST framework
Anonymous Author
Great comprehensive course for risk managers and auditors.


Course Complexity: Intermediate

No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.

Education Provider Information

Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
  4:06Introduction to Cyber Risk Management Frameworks and Concepts
  11:50Effective Framework
  9:15NIST Framework Part One: Core
  13:47Framework Core Functions
  7:17NIST Framework Part Two: Implementation Tiers
  5:36NIST Framework Part Three: Profile
  2:58Framework Implementation
  7:09How to Use the Framework
  1:03:46Cyber Risk Management Frameworks and Concepts
  PDFSlides: Cyber Risk Management Frameworks and Concepts
  PDFCyber Risk Management Frameworks and Concepts Glossary/Index