NIST Cyber Security Professional (NCSP) 800-53 Practitioner Certificate

NIST Cybersecurity Professional (NCSP®) Programme Training

The NIST Cybersecurity Professional (NCSP®) certified training programme is based on the NIST Cyber Security Framework (NCSF), a publication of the National Institute of Standards and Technology. The National Institute of Standards and Technology (NIST) is a non-regulatory agency of the United States Department of Commerce. NIST implements practical cybersecurity and privacy through outreach and effective application of standards and best practices necessary for organisations to adopt cybersecurity capabilities.

The NIST Cyber Security Framework (NIST-CSF) provides a policy framework of computer security guidance for how organisations can assess and improve their ability to prevent, detect, and respond to cyber-attacks. It provides a high-level taxonomy of cybersecurity outcomes and a methodology to assess and manage those outcomes. Originally aimed at operators of critical infrastructure, the framework is now being used by a wide range of businesses and organisations and helps shift organisations to a proactive approach to risk management. Internationally the framework has been adopted in over 27 countries, and Japan and Australia have made NCSF central to its Government programs.

The NIST-CSF focuses on using business drivers to guide cybersecurity activities and considering cybersecurity risks as part of the organisation’s risk management processes. The Framework consists of three parts:

• the Framework Core,
• the Implementation Tiers, and
• the Framework Profiles.

The Framework Core is a set of cybersecurity activities, outcomes, and informative references that are common across sectors and critical infrastructure. Elements of the Core provide detailed guidance for developing individual organisational Profiles.

The Tiers provide a mechanism for organisations to view and understand the characteristics of their approach to managing cybersecurity risk, which will help in prioritizing and achieving cybersecurity objectives.

Through use of Profiles, the Framework will help an organisation to align and prioritize its cybersecurity activities with its business/mission requirements, risk tolerances, and resources.

While the NIST-CSF was developed to improve cybersecurity risk management in critical infrastructure, the Framework can be used by organisations in any sector or community. The Framework enables organisations – regardless of size, degree of cybersecurity risk, or cybersecurity sophistication – to apply the principles and best practices of risk management to improving security and resilience. The Framework provides a common organising structure for multiple approaches to cybersecurity by assembling standards, guidelines, and practices that are working effectively today. Moreover, because it references globally recognized standards for cybersecurity, the Framework serves as a model for international cooperation on strengthening cybersecurity in critical infrastructure as well as other sectors and communities.

The Framework offers a flexible way to address cybersecurity, including cybersecurity’s effect on physical, cyber, and people dimensions. It is applicable to organisations relying on technology, whether their cybersecurity focus is primarily on information technology (IT), industrial control systems (ICS), cyber-physical systems (CPS), or connected devices more generally, including the Internet of Things (IoT). The Framework can assist organisations in addressing cybersecurity as it affects the privacy of customers, employees, and other parties. Additionally, the Framework’s outcomes serve as targets for workforce development and improvement activities.

NIST Cybersecurity Professional (NCSP®) Programme Credentials

Accredited through APMG International, certified in the United Kingdom by the National Cyber Security Centre (NCSC) and listed as qualified cyber training by Department of Homeland Security Cybersecurity and Infrastructure Security Agency (DHS CISA) in the U.S., the NCSP® training programme teaches individuals and organisations how to engineer, operationalise and continually improve a NIST Cybersecurity Framework Programme.

Following on from the learning secured during the NCSP® Foundation Certificate course, the NCSP® 800-53 Practitioner Certificate course outlines current cybersecurity challenges and explains how organisations who operationalize a NIST-CSF program across an enterprise and its supply chain can mitigate these challenges, using the NIST 800-53 standard as an informative reference.

This course will empower candidates with the following learning outcomes:

• Understand and describe how an organization can approach the adoption and adaptation of the NIST-CSF
• Understand and describe how to implement cybersecurity controls using an incremental improvement approach, using the NIST 800-53 Standard as an informative reference
• Understand and describe how to create, protect, and deliver digital business value

Included:

• NCSP® 800-53 Practitioner Certificate digital courseware
• UK NCSC Certified, APMG International Accredited, USA DHS CISA Listed Qualified Cyber Training
• Online Proctored Exam fees included
• 'Practitioner Guide to Adapting the NIST Cybersecurity Framework' eBook
• Certificate of Attendance
• CSP® 800-53 Practitioner Certificate Digital Badge on successful completion of exam
• Access to the NIST Cyber Security Professional (NCSP®) LinkedIn community
• Access to the Digital Value Management System Institute (DMVSi) LinkedIn community

Delegates must have completed the NCSP® Foundation Certificate (QANCSPFOU) prior to attending this course.

This NCSP® 800-53 Practitioner Certificate course builds on knowledge secured during NCSP® Foundation Certificate study and covers the following topics:

Course Introduction

The Threat Landscape

• Digital business threats
• Thinking like a threat actor

The Cyber Resilient Organization

• Organizational strategy and associated cybersecurity risk
• Using the NIST-CSF to manage strategy-risk
• Identify, Protect, Detect, Respond and Recover

'Understanding' Organizational Capability

• Governance and assurance
• Planning
• Design (people, process, technology, culture)
• Change management
• Operate and execute
• Innovation

'Enabling' Organizational Capability

• Adopt and adapt
• Protection of business value
• A FastTrack™ approach to continual improvement

'Improving' Organizational Capability using NIST 800-53

• Gap analysis
• NIST 800-53 control groups
• Alignment of NIST 800-53 control groups to organizational capabilities:
  • Governance and assurance
  • Planning
  • Design (people, process, technology, culture)
  • Change management
  • Operate and executeInnovation

'Assuring' Organizational Capability using NIST 800-53

• 800-53 control implementation
• 800-53 control audit
• Assurance
• Cybersecurity risk management capability
• The link to organizational strategy-risk

A Scalable Solution

• Business Context
• From 'Simple' to 'More Complex'
• Scalable, 'appropriate' Cybersecurity Risk Management

NCSP® Pathway

Students who complete and successfully pass the associated NCSP® 800-53 Practitioner Certificate exam progress onto NCSP® Specialist study and associated exams:

• NCSP® 800-171 Specialist
• NCSP® ISO 27001 Specialist

Target Audience

For IT, Business and Cyber Security professionals who will play an active or passive role in engineering, operationalizing and continually improving an organizations NIST-CSF programme and those looking for a baseline knowledge of the NIST-CSF who are considering a career in cybersecurity.