As discussed in the segment titled Cyber Programs and Roles, in today’s tech environment it is critical that organizations be pro-active and prepared when considering cyber risk management.  Because of the size, complexity, and constant evolution of attack vectors there is no one-size-fits-all way to respond. it is essential to begin somewhere to establish a baseline for identifying the critical components that must be incorporated into any cybersecurity risk management approach. 

Multiple risk management frameworks have been introduced including:

  • NIST: National Institute of Standards and Technology (NIST) established by executive order in February 2013.
  • ISO/IEC Security Control Standard: developed by the International Organization for Standardization and the International Electrotechnical Commission 
  • FFIEC Cybersecurity Assessment – developed for Financial institutions by the Federal Financial Institutions Examination Council 
  • SEC/OCIE Cybersecurity Initiative – developed for brokers by the U.S. Securities and Exchange Commission (SEC) Office of Compliance Inspections and Examinations 
  • FCC Cyber Security Planning Guide – developed by the Federal Communications Commission for small businesses 
  • Although their organization and structures vary, all frameworks attempt to address the same basic functions designed by the NIST Cybersecurity Framework: 
    • Identify
    • Protect
    • Detect
    • Respond
    • Recover

 

In this course we evaluate several attributes critical to the proper establishment of a cyber risk management program. We delve into the concepts and apply thoughts as to how each component should be evaluated for your organization.  The course utilizes the NIST framework as a guide for application.

Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.

Learning Objectives
  • Explore effective cyber frameworks.
  • Identify the National Institute of Standards and Technology (NIST) cyber framework.
  • Evaluate components of the NIST cyber framework and their applicability to any framework.
  • Explore the concept of framework tiers.
  • Explore the concept of framework profiles.
  • Identify steps to implement a framework.
Last updated/reviewed: August 8, 2023

Included In Certifications

This course is included in the following Certification Programs:

13 CoursesCorporate Cyber Security Certification

  1. Cyber Threat – The Modern-Day Fraud: Breaches and Actions
  2. A Primer on Cyber Security Programs and Roles
  3. Cyber Risk Frameworks And Concepts
  4. Cyber Risk Framework - Identify Assets
  5. Cyber Risk Framework - Prioritize Assets
  6. Cyber Risk Framework - Protect Assets
  7. Cyber Risk Framework - Detect Part One
  8. Cyber Risk Framework - Detect Threats Part Two
  9. Cyber Risk Framework - Respond
  10. Cyber Risk Framework - Recover
  11. Cyber Risk Framework - Utilizing The Tier Approach
  12. Fraud and Personal Identity Theft
  13. Fraud and Business Identity Theft

28 CoursesInternal Controls and Internal Audit Certification

  1. Internal Audit Standards Overview
  2. Internal Audit Standards - Managing Internal Audit Work
  3. Internal Audit Standards - Executing the Audit Engagement
  4. Identifying and Implementing the Proper Balance of Internal Controls
  5. Documentation Methods For Internal Control Processes
  6. Segregation of Duties for Core Business Processes
  7. Foundations for a Strong Internal Audit Department
  8. Internal Audit Management - Top Skills
  9. Internal Audit: Keys to Managing an Effective Function
  10. Understanding Risk-Based Auditing
  11. Risk Based Auditing – Establishing a Methodology
  12. Risk Based Auditing – Applying the Methodology
  13. Cyber Risk Frameworks And Concepts
  14. Information Technology (IT) Controls in Emerging Business Environments
  15. Fraud Risk Assessments
  16. Professional Skepticism - Keys to Maintaining
  17. Introduction to Forensic Accounting
  18. The Fraud Triangle
  19. Internal Audit Effective Relations with the Audit Committee
  20. COSO 2013 Overview
  21. COSO 2013 - Operational Execution
  22. Internal Audit Emerging Risks for 2021 and Beyond - Part 1
  23. Internal Audit Emerging Risks for 2021 and Beyond - Part 2
  24. Internal Audit Emerging Risks for 2021 and Beyond - Part 3
  25. Internal Audit Emerging Risks for 2021 and Beyond - Part 4
  26. Internal Audit Challenges During Times of COVID
  27. Tools for Internal Control Certificate
  28. Lessons of an Auditor- Tools for Internal Control Certificate
36 Reviews (151 ratings)

Reviews

5
Anonymous Author
Very comprehensive and imfo content The instructor explained all topics in the course in easy and friendly manner I highly recommend this course to everyone who seeks cybersecurity course or to fulfill isaca cpe for isca certifications. Many thanks to illumeo All your courses are excellent and comprehensive in all fields.

5
Member's Profile
This course continues to build on the basics established in the first two courses. I like this certification learning plan - I can see my overall understanding of Cybersecurity improving, and the bite-sized sessions enable me to retain the information I’m learning.

5
Member's Profile
This is my 3rd training class with Lynn Fountain and this is my first entre into Cyber Security which I find fascinating. I'm very pleased that Lynn is teaching this class. She is an excellent instructor.

5
Member's Profile
It is hard to put these concepts into an overall diagram. It seems like there should be one in the material that interrelates all concepts with hierarchy or that segregates them into separate context.

3
Member's Profile
An example of the application of the framework would greatly enhance this course, otherwise a useful exposure to the key elements of the NIST standard.

5
Anonymous Author
This course provides a brief and basic knowledge on Cyber security frameworks, easy for understanding. Recommend for beginners

5
Anonymous Author
Great overview of NIST Cybersecurity framework. Gained a better understanding of core, implementation tiers and profiles.

5
Anonymous Author
This is a concise but well organized approach to introducing cyber risk management frameworks with a focus on NIST.

5
Anonymous Author
The instructor provides a thorough overview of the Cyber Risk Framework and related concepts. Valuable information.

5
Anonymous Author
Great course that covers a great deal about the risk management frameworks with emphasis on NIST. Well done!!!

4
Anonymous Author
Seemed a little redundant to the other parts, but again, you cannot be over exposed to this topic in a business

4
Anonymous Author
The course was very well presented, and provided a good understanding into cyber risk frameworks and concepts.

4
Anonymous Author
Very comprehensive and helpful course. I am very happy to take the course it is really informative and worth.

5
Anonymous Author
It was easy to understand and gave me an understanding I needed. I will continue to other related courses.

4
Anonymous Author
This is a refreshing course. Nothing surprise me. Performance auditors will gain a lot from this training

4
Member's Profile
The information is well organized and provides an excellent foundation for the NIST framework.

5
Anonymous Author
I liked how the core was described and the detail in which the sub-categories were explained

5
Anonymous Author
Very informative course really increased my knowledge of and need for cyber security network.

5
Anonymous Author
Program materials were relevant and contributed to the achievement of the learning objectives

5
Anonymous Author
This was a good course. I liked the way the framework was presented and tied together

5
Anonymous Author
This course provides a good overview of the NIST framework and frameworks in general.

5
Member's Profile
This course was very helpful in explaining the cyber risk management framework.

4
Anonymous Author
The course definitely helped to increase knowledge of cyber security frameworks

4
Anonymous Author
Great course of cyber risk framework and concepts which add value to me

5
Anonymous Author
Excellent introduction from Lynn Fountain, full of context and insight.

5
Anonymous Author
This instructor is always very good. This course was a nice overview.

4
Anonymous Author
This is simple explanation of the basic concepts of the NIST framework

5
Member's Profile
Excellent entry-level course, covers many points and is easy to digest

5
Anonymous Author
Great course, insightful and full of detail which was very helpful!

4
Member's Profile
Great overview of the NIST cybersecurity framework. Thank you.

4
Member's Profile
Great view/summary of the NIST framework. Great for beginners.

4
Anonymous Author
This course provides an understanding of the NIST Framework.

4
Anonymous Author
Great comprehensive course for risk managers and auditors.

5
Anonymous Author
Cyber Risk Frameworks And Concepts is an excellent course.

4
Anonymous Author
The course was informative on cyber security framework.

5
Anonymous Author
Crucial topic for audit function to master and perform

Prerequisites
Course Complexity: Intermediate

No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.

Education Provider Information
Company: Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
Contact: For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Instructor for this course
Course Syllabus
INTRODUCTION AND OVERVIEW
  Introduction to Cyber Risk Management Frameworks and Concepts4:07
  Effective Framework11:51
  NIST Framework Part One: Core9:15
  Framework Core Functions13:47
  NIST Framework Part Two: Implementation Tiers7:17
  NIST Framework Part Three: Profile 5:37
  Framework Implementation2:58
  How to Use the Framework7:09
  Summary1:49
CONTINUOUS PLAY
  Cyber Risk Management Frameworks and Concepts1:03:50
SUPPORTING MATERIALS
  Slides: Cyber Risk Management Frameworks and ConceptsPDF
  Cyber Risk Management Frameworks and Concepts Glossary/IndexPDF
REVIEW AND TEST
  REVIEW QUESTIONSquiz
 FINAL EXAMexam