The NIST Cybersecurity Framework 2.0 provides a policy framework of computer security guidance for how private sector organizations in the United States and around the world can assess and improve their ability to prevent, detect, and respond to cyber attacks. The framework has been translated to many languages, and is used by the governments of Japan and Israel, among others.
Want to establish yourself as an expert in developing, implementing, and managing a robust cybersecurity program?
The Certified NIST CSF LI 2.0 certification is the perfect way to do it! This certification will certify your ability to implement formal structure, governance, and policy of a robust cybersecurity framework following internationally recognized and respected NIST best practices and standards.
Get trained and certified as an expert in developing, implementing, and managing a robust cybersecurity program according to internationally adopted NIST CSF 2.0 governance and management best practices. Stand out in the competitive cybersecurity landscape and take your career to the next level with this prestigious certification.
This 3-day NIST Cybersecurity Framework 2.0 workshop provides thorough coverage of the CSF, as well as setting out advice on the implementation of cybersecurity initiative. The purpose of the course is to:
Register for a class (in-person or virtual) and get started today!
Class details
* Access to a soft copy of the NIST CSF is provided in class. However, ISO Standards are NOT included in this risk management training, nor provided in class. ISO standards are available for purchase at www.iso.org. |
The U.S. Department of Homeland Security recommends involving a cross-functional team representing business, operations, security, information technology, and maintenance areas, including those responsible for:
This program is required for the following professional certification:
Our simple guarantee to you.
Preparing for Certified Information Security's professional certification exam
#CSF101 is serious business. This is where we can help. If you first successfully complete:
Certified Information Security guarantees your success in passing CIS exam #CSF101.
If you do not pass exam #CSF101 on your first attempt after completion of your required course and practice exams, Certified Information Security will allow you to re-test at no additional charge until you successfully pass your certification exam.
The Cyber Resilience Review* is a lightweight assessment method that was created by the U.S. Department of Homeland Security (DHS) for the purpose of evaluating the cybersecurity and service continuity practices of critical infrastructure owners and operators. However, private sector organizations and foreign government bodies leverage the same CRR to evaluate enterprise programs and practices across a range of ten domains including risk management, incident management, service continuity, and others.
The CRR assessment strives to identify how an organization aligns its cybersecurity management activities to the performance or production of its critical services. The assessment consists of 299 questions, and is typically delivered in a 12 - 16 hour workshop led by a qualified facilitator over a period of two consecutive days. Our specially-trained facilitator elicits answers from the organization’s personnel in cybersecurity, operations, physical security, and business continuity. Throughout the assessment workshop, your organization's participating team members will work together to record answers to the assessment kit (available at no charge), which will then be used to generate a complete 176-page analysis and report. Learn more about assessment topics and structure in "Assessment approach" below.
Performing a CRR against the NIST CSF is an ideal way to get started with establishing or improving enterprise-wide cyber security governance and best practices based on the NIST Cybersecurity Framework. Certified Information Security's Cyber qualified security assessors have been trained by official DHS Security assessors to facilitate private (not involving the DHS) Cyber Resilience Review question-based assessments for organizations otherwise not eligible for DHS facilitation. Small teams often choose to attend regularly-scheduled public group assessment workshops, while larger teams typically opt to reserve discounted private on-site/virtual assessments.
* Self-assessment package is available at https://www.cisa.gov/sites/default/files/publications/1_CRR_v4.0_Self-Assessment-Reader_April_2020.pdf)
*The NIST Cybersecurity Framework was created through collaboration between industry and government, and consists of standards, guidelines, and practices to promote the protection of organizations and critical infrastructure. Learn more about the NIST Cybersecurity framework here.
The CRR is an interview-based assessment of an organization’s cybersecurity management program. It seeks to understand the cybersecurity management of services, and their associated assets, that are critical for an organization’s mission success. The CRR focuses on protection and sustainment practices within key areas that typically contribute to the overall cyber resilience of an organization. The assessment measures essential cybersecurity capabilities and behaviors to provide meaningful indicators of an organization’s operational resilience during normal operations and during times of operational stress.
The CRR is derived from the CERT® Resilience Management Model (CERT®-RMM), which was developed by the CERT Division at Carnegie Mellon University's Software Engineering Institute. The CERT-RMM is a capability-focused maturity model for process improvement, and it reflects best practices from industry and government for managing operational resilience across the disciplines of security management, business continuity management, and information technology operations management.
Asset ManagementPurpose: To identify, document, and manage assets during their lifecycle to ensure sustained productivity to support critical services. The Asset Management domain establishes a method for an organization to plan, identify, document, and manage its assets. Assets are the raw materials that services need to operate. The Asset Management domain comprises seven goals and 30 practices. |
|
Controls ManagementPurpose: To identify, analyze, and manage controls in a critical service’s operating environment. Internal control is a governance process used by an organization to ensure effective and efficient achievement of organizational objectives and to provide reasonable assurance of success. The Controls Management domain outlined in the CRR presents a way for the organization to identify control objectives and establish controls to meet those objectives. The Controls Management domain also addresses the importance of analyzing and assessing those controls to ensure that the process is constantly being improved. The Controls Management domain comprises four goals and 16 practices. |
|
Configuration and Change ManagementPurpose: To establish processes to ensure the integrity of assets, using change control and change control audits. An organization’s asset infrastructure is constantly evolving as technology changes, information is updated, and new personnel are hired. The Configuration and Change Management domain addresses how an organization can implement processes and procedures that manage assets and ensure that changes made to those assets are minimally disruptive to the organization. The Configuration and Change Management domain comprises three goals and 23 practices. |
|
Vulnerability ManagementPurpose: To identify, analyze, and manage vulnerabilities in a critical service’s operating environment. Vulnerability is the susceptibility of an asset, and the associated critical service, to disruption. Vulnerabilities can result in operational risks and must be identified and managed to avoid disruptions to the critical service’s operating environment. A vulnerability management process identifies and analyzes vulnerabilities before they are exploited and informs the organization of threats that must be analyzed in the risk management process to determine whether they pose tangible risk to the organization based on the organization’s risk tolerance. The Vulnerability Management domain comprises four goals and 15 practice |
|
Incident ManagementPurpose: To establish processes to identify and analyze events, detect incidents, and determine an organizational response. Disruptions to an organization’s operating environment regularly occur. The Incident Management domain examines an organization’s capability to recognize potential disruptions, analyze them, and determine how and when to respond. The Incident Management domain comprises five goals and 23 practices. |
|
Service Continuity ManagementPurpose: To ensure the continuity of essential operations of services and their associated assets if a disruption occurs as a result of an incident, disaster, or other event. The process of assessing, prioritizing, planning and responding to, and improving plans to address disruptive events is known as service continuity. The goal of service continuity is to mitigate the impact of disruptive events by utilizing tested or exercised plans that facilitate predictable and consistent continuity of the critical services. The Service Continuity Management domain comprises four goals and 16 practices. |
|
Risk ManagementPurpose: To identify, analyze, and mitigate risks to critical service assets that could adversely affect the operation and delivery of services. Risk management is a foundational activity for any organization and is practiced at all levels, from the executives down to individuals within business units. The CRR focuses on risks to cyber-dependent operations that have the potential to interrupt delivery of the critical service being examined. While the CRR focuses on operational risk, it is important to note that operational risk management requires a comprehensive approach to be effective. The Risk Management domain comprises five goals and 13 practices. |
|
External Dependencies ManagementPurpose: To establish processes to manage an appropriate level of controls to ensure the sustainment and protection of services and assets that are dependent on the actions of external entities. The outsourcing of services, development, and production has become a normal and routine part of operations for many organizations because outsourcing can engage specialized skills and equipment at a cost savings over internal options. The External Dependencies Management domain of the CRR presents a method for an organization to identify and prioritize those external dependencies and then focuses on managing and maintaining those dependencies. The domain comprises five goals and 14 practices. |
|
Training and AwarenessPurpose: The purpose of Training and Awareness is to develop skills and promote awareness for people with roles that support the critical service. Training and awareness focuses on the processes by which an organization plans, identifies needs for, conducts, and improves training and awareness to ensure the organization’s operational cyber resilience requirements and goals are known and met. An organization plans for and conducts training and awareness activities that make staff members aware of their role in the organization’s cyber resilience concerns and policies. Staff members also receive specific training to enable them to perform their roles in managing organizational cyber resilience. The Training and Awareness domain comprises two goals and 11 practices. |
|
Situational AwarenessPurpose: To actively discover and analyze information related to immediate operational stability and security and to coordinate such information across the enterprise to ensure that all organizational units are performing under a common operating picture. Situational awareness activities are performed throughout the organization to provide timely and accurate information about the current state of operational processes. Activities must support communication with a variety of internal and external stakeholders to support the resilience requirements of the critical service. The Situational Awareness domain comprises three goals and eight practices. |
®CERT is a registered mark owned by Carnegie Mellon University.
To conduct a CRR, the U.S Department of Homeland Security recommends involving a cross-functional team representing business, operations, security, information technology, and maintenance areas, including those responsible for:
Group discounts up to 30% are available! Discounts are automatically applied when placing booking reservation. |
Event Date (MM-DD-YYYY) | 06-12-2023 8:30 am |
Event End Date | 06-16-2023 2:30 pm |
Cut off date | 05-27-2023 5:00 pm |
Cancel Registration Before Date | 05-28-2023 11:59 pm |
Individual Price | USD $4,995.00 |
Location | Trinidad | Port-of-Spain | The Brix by Marriott |
Attachment | NIST_CSF_LICRR_Assessment.pdf |
#Registrants | Rate/Person (USD $) |
---|---|
5 | 3,996.00 |
10 | 3,746.25 |
20 | 3,496.50 |
Allen Keele is the founder and CEO of Certified Information Security. He is a recognized subject matter expert, author, consultant, and management systems architect for enterprise risk management (ERM), governance/risk/compliance (GRC), information security management, business continuity management (BCM), fraud control. A 7-time published author, including “Exam Cram 2: CISA”, Mr. Keele also achieved over twenty-five professional accreditations including CISA, CISM, CISSP, ISO 31000 CICRA, ISO 27001 LI/LA, ISO 22301 CBCM, CFE, ISO 37301 CCP, NIST CSF LI, CCSK, and a Bachelor of Business Administration degree in risk management from the University of Georgia.
Mr. Keele routinely works and collaborates with board members to educate and achieve buy-in for business-critical development and improvement. He presents to, and collaborates with, CEO's, CFO's, COO's, CRO's, CTO's, Chief Privacy Officers, Chief Information Officers/Security Officers, Chief Compliance Officers, Business Continuity Managers, Auditors, Fraud Risk Officers, Quality Managers, Procurement Managers, and HSE Managers to establish and integrate comprehensive and ISO-certifiable standards-based management systems and policies across functions throughout the enterprise. Mr. Keele brings a rare combination of risk management and compliance competence, real-world business experience, and a rigorous depth of certified technical skill to help organizations understand existing and emerging business needs, map these needs to proven and workable solutions strategies, and implement effective solutions strategies to achieve meaningful and measurable success.