Skip to content
  • Sign In
  • Try Now
View all events
Security

Cybersecurity Risk Management with the NIST 2.0 Framework

Published by O'Reilly Media, Inc.

Intermediate content levelIntermediate

Mastering the fundamentals of organizational security

  • How the new NIST 2.0 cybersecurity framework reflects the ever-changing cybersecurity risk management challenges
  • How to better manage cybersecurity risks to your organization’s systems, assets, data, and capabilities
  • Approaches for monitoring systems to detect incidents
  • How to better respond to and recover from a cybersecurity incident
  • Effective communication with internal and external stakeholders before, during, and after an incident

Seasoned IT professionals and newcomers can better manage the risks their organizations face via the all-important—but complex—gold standard of cybersecurity risk management, the NIST Cybersecurity Framework, which has been overhauled in its latest 2.0 version.

Join cybersecurity expert Cynthia Brumfield to learn the fundamentals of cybersecurity risk planning and management via the NIST CSF 2.0, including tools and techniques for detecting cyber incidents, developing a continuity of operations plan, managing supply chain risk, and other important takeaways included in the framework. You’ll examine scenarios inspired by real-world events to understand the bedrock principles and practices that are often obscured in the academic complexity of CSF 2.0, and you’ll review the key changes between the 1.1 and 2.0 versions of the framework.

****NOTE**:**With today’s registration, you’ll be signed up for both sessions. Although you can attend either of the sessions individually, we recommend participating in both.

What you’ll learn and how you can apply it

  • Navigate the growing complexities of governance and supply chain risk management as reflected in the 2.0 framework
  • Understand the real-world informative references appearing for the first time in the 2.0 framework
  • Establish knowledge of the systems you have in place and inform management of those systems’ risk profiles
  • Develop plans for dealing with the highest priority risks and improve your organization’s network infrastructure protection
  • Learn effective techniques for detecting incidents and develop organizational processes for detecting incidents
  • Understand the importance of developing an incident response plan

This live event is for you because...

  • You’re a non-technical executive or manager who wants to better understand and improve your organization’s cybersecurity risk management posture.
  • You’re an IT professional who’s interested in cybersecurity risk management and implementing solid cybersecurity practices.
  • You’re a cybersecurity professional who needs a practical approach to communicating the most important aspects of your job to your non-cybersecurity colleagues and constituents.

Prerequisites

Recommended preparation:

Recommended follow-up:

Schedule

The time frames are only estimates and may vary according to how the class is progressing.

Day 1

Cybersecurity risk planning and management (60 minutes)

  • Presentation: Overview of the NIST CSF; review of the process of cybersecurity risk management; importance of asset management, governance, and bringing management into the process; how to know where you are vulnerable and plan for dealing with the highest risks
  • Hands-on exercise: Answer poll questions based on section material
  • Q&A
  • Break

Identity and infrastructure management: Part I (60 minutes)

  • Presentation: Overview of identity and infrastructure management; identity management, authentication, and access control
  • Group discussion: Identity and infrastructure management in fictional Major Motors scenario
  • Q&A
  • Break

Identity and infrastructure management: Part II (60 minutes)

  • Presentation: Protecting data and implementing adequate data and hardware security; information protection processes and procedures; maintenance activities (keeping logs, managing diagnostic activities, etc.); protecting technology by managing the use of media on your systems
  • Group discussion: Identity and infrastructure management in fictional Major Motors scenario
  • Q&A

Day 2

Tools and techniques for detecting cybersecurity incidents (60 minutes)

  • Presentation: Defining an incident; detecting incidents; baseline anomalies and continuous monitoring; establishing detection processes; formal detection oversight and control management
  • Hands-on exercise: Answer poll questions based on section material
  • Q&A
  • Break

Developing a continuity of operations plan (60 minutes)

  • Presentation: Developing an executable response plan; understanding the importance of communication and preparing for company-wide involvement; understanding the impact of the event; gathering and preserving evidence; taking the necessary steps to contain the incident; recovering from an event
  • Hands-on exercise: Answer poll questions based on section material
  • Q&A
  • Break

Supply chain risk management, manufacturing and industrial control system security, and CSF changes ahead (60 minutes)

  • Presentation: The NIST SP 800-161; software bills of materials and supply chain risk management; overview of the NIST CSF supply chain recommendations; industrial control security in the CSF; NIST’s plan for modifying the framework
  • Group discussion: Supply chain recommendations
  • Q&A

Your Instructor

  • Cynthia Brumfield

    Cynthia Brumfield is a veteran communications industry analyst now focused on cybersecurity. She runs the cybersecurity news destination Metacurity.com and is a columnist for CSO Online. She is the author of Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework. Follow her cybersecurity updates on Twitter @Metacurity

    linkedinXlinksearch