Cybersecurity Frameworks
Published by O'Reilly Media, Inc.
Building a resilient defense to manage and reduce your risk
Course outcomes
- Learn how to assess and implement security frameworks
- Explain security frameworks to business decision makers
Course description
A cybersecurity framework is a structured set of guidelines and best practices designed to help organizations to manage and mitigate their cybersecurity risks. It establishes a common language and systematic approach for ensuring an organization’s digital assets, infrastructure, and data are adequately protected from threat actors.
Join cybersecurity expert Harpreet Kohli to explore security framework components, examine critical uses and benefits, and determine which of them is the best fit for your organization. You’ll tour several frameworks, including the NIST Cybersecurity Framework 2.0, NIST SP 800-53, COBIT, and the ISO 27000 series, to better understand how a security framework fits in with your broader security program. At the completion of the course, you’ll know the core functions of NIST CSF 2.0—govern, identify, protect, detect, respond, and recover—and understand through a hands-on exercise how they seamlessly integrate to enable you to increase the security posture of your organization.
What you’ll learn and how you can apply it
- Understand the value of a security framework in building a cyber-resilient organization
- Explore the problems a cybersecurity framework solves
- Discover the variety of frameworks and how to choose one
- Understand NIST CSF 2.0
This live event is for you because...
- You’re a decision maker who wants to better understand cybersecurity and the benefits of a security framework.
- You’re a cybersecurity consultant looking to explain and implement security frameworks.
- You’re a risk management professional who needs to assess cybersecurity posture and compliance.
Prerequisites
- A basic understanding of IT, security, and business concerns
Recommended follow-up:
- Take NIST Cybersecurity and Risk Management Frameworks (on-demand course)
- Read Building a Cyber Risk Management Program (book)
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Introduction to cybersecurity frameworks (90 minutes)
- Presentation and group discussion: What is a cybersecurity framework?; criteria for selecting a framework; aligning a cybersecurity framework with your organization's security program; understanding the relationship between different frameworks; exploring the dos and don’ts for a successful implementation of a security framework
- Hands-on exercise: Quiz
- Q&A
- Break
Deep dive into NIST CSF 2.0 (80 minutes)
- Presentation: Understanding the core functions (govern, identify, protect, detect, respond, and recover); structure, tiers, and implementation profiles; leveraging NIST CSF 2.0 to enhance your organization’s security posture
- Hands-on exercise: Apply the NIST cybersecurity framework to a hypothetical scenario, identify and prioritize risks, select appropriate controls, and develop an action plan
Wrap-up and Q&A (10 minutes)
Your Instructor
Harpreet Kohli
Harpreet Kohli is a cybersecurity leader with extensive experience building cybersecurity programs in various organizations, at both strategic and tactical levels. She’s helped organizations understand the impact of future technologies on their security landscape and view security risks and control strategies holistically. Harpreet serves as a member of the ISO/IEC Standards Council of Canada and holds multiple security certifications, including CISSP, CISM, CISA, and SABSA Chartered Security Architect. She has master’s degrees in both electronics engineering and information systems security management. To share her knowledge and experience with budding security professionals, she teaches master’s courses within the Information Systems Security Program at Concordia University.