NIST CYBER SECURITY EXPERT - ON DEMAND

ONLINE COURSE

“Teaches You How to Establish, Assess and Operationalize a
Cyber Security Program Based on the NIST Cyber Security Framework”​
Please Note: ICTTF Ltd is an independent organization and is in no way affiliated or associated with the National Institute of Standards and Technology.

About This Course

{{ 'el_1614617865254_126' | embed }}
90 Days Online Access
24/7 Access to All Training Material
3-5 Hours Per Module
Self Paced Entirely Online
Online Academy
Delivered Entirely Online
30 CPD Points
Approved by Various Bodies
Certification
Continual  Module Related Exams
Course Accessible Anytime
Self Paced Learning
€ 899 (VAT may be applied)

NIST CSF 2.0 UPDATES

NCSE Course in 1 Minute

{{ 'el_1614618972663_228' | embed }}
Write your awesome label here.
“Teaches You How to Establish, Assess and Operationalize a Cyber Security Program Based on the NIST Cyber Security Framework”
The NCSE (NIST Cyber Security Expert) certification course has been developed to teach businesses how to establish and operationalize a cyber security program based on the NIST Cyber Security Framework. This non-tech syllabus aimed at business leaders and/or cyber security practitioners has been developed based on a holistic body of knowledge that encompasses a real-life pragmatic approach to understanding the fundamental concepts of cyber risk management and how to leverage the NIST Cyber Security Framework in order to assess, implement and operationalize a cyber security program. No previous cyber security knowledge is assumed and the course is appropriate for all levels.

Our Partners 

{{ 'el_1649265632702_267' | embed }}

More Info

{{ 'el_1614622750368_37' | embed }}

NIST CSF 2.0 UPDATES

On February 26, 2024, the National Institute of Standards and Technology (NIST) introduced the updated version 2.0 of the Cybersecurity Framework (CSF). This new version builds upon the previous version 1.1, which has been in use since its release on April 16, 2018, succeeding the original framework established on February 12, 2014.

The latest version 2.0 brings significant advancements, particularly in the management of organizational governance and the security of supply chains. Starting April 15, 2024, we are providing a new additional module aimed at those interested in comprehending the recent changes and ensuring a smooth transition from the earlier version 1.1 to the enhanced version 2.0.

Module Title: Bridging the Gap: Transitioning from NIST CSF 1.1 to 2.0


Synopsis:
This module addresses the evolution of the NIST Cybersecurity Framework from version 1.1 to 2.0, focusing on significant advancements in governance and supply chain security. The module aims to equip professionals with the knowledge to navigate the changes and incorporate the updated framework into their cybersecurity practices.

Objectives:

·       To understand the core changes and enhancements introduced in NIST CSF 2.0.

·       To learn how to transition from using NIST CSF 1.1 to effectively implementing 2.0 within an organization.

·       To develop skills for creating, updating, and leveraging NIST CSF Profiles tailored to organizational needs.

·       To enhance cybersecurity risk communication and integrate NIST CSF 2.0 with Enterprise Risk Management (ERM) strategies.


Module Outline:

1.   NIST CSF 2.0 Overview

·       Introduction to the updated framework

·       Key changes from 1.1 to 2.0

·       Implications for current cybersecurity practices

2.   NIST CSF Profiles

·       Creating Current and Target Profiles for an Organization

·       Leveraging Community Profiles with the NIST National Cybersecurity Center of Excellence (NCCoE)

·       Customizing Profiles: Step-by-Step Process

3.   Understanding and Leveraging Informative References

·       Navigating Implementation Examples

·       Aligning Informative References with Organizational Goals

4.   NIST CSF Tiers

·       Adjusting to the new Tier structuring and guidance

·       Tier transition considerations

5.   NIST CSF Online Resources

·       Exploring and utilizing the array of online tools and resources

·       Staying updated with NIST CSF developments

6.   Improving Cyber Risk Communication

·       Strategies for effective communication within the framework of NIST CSF 2.0

·       Case studies on successful risk communication

7.   Integrating with ERM (Enterprise Risk Management)

·       Synchronizing NIST CSF 2.0 with ERM

·       Building a cohesive risk management approach


Assessment:

·       MCQ Exam to assess understanding and application of the NIST CSF 2.0 updates

Module Content Duration:

·       4 Hours, including the MCQ exam

Course Deliverables:

·       Comprehensive course materials

·       Certificate of Completion: NCSE NIST Cyber Security Expert (Version 2.0 Update)

Target Audience:

·       Cybersecurity professionals familiar with NIST CSF 1.1
·       Existing Certified NCSE v1.1

·       Risk management personnel

·       Compliance officers and IT professionals



What does the Course Cover?

{{ 'el_1614774127025_1' | embed }}
The course is non-technical in approach and supports students on a 10 modules journey. You are provided with 24/7 access to all materials and are also supported with access to live learning support sessions. Successful certification is via continual assessments with weekly online exams.
{{ 'el_1614854568717_42' | embed }}
The syllabus presumes little to no cyber related experience and commences with providing an understanding of the CYBER THREAT LANDSCAPE. In the first module, we explore the cyber threat landscape and gain an understanding of the key threat actors, their motivations and techniques. 

We breakdown the underground economy of cybercrime. We reference real-life case studies of high-profile cyber-attacks with a view to understanding why and how they were attacked and what could have been done to prevent the breach. 

We then move on to understanding CYBER RISK MANAGEMENT FUNDAMENTALS. 
Write your awesome label here.
*NIST Videos are provided Courtesy of the National Institute of Standards and Technology. All rights reserved, U.S. Secretary of Commerce.
In the second module, we explore the key aspects of cyber risk management. Understanding the fundamentals of CRQ Cyber Risk Quantification and how to engage the business by leveraging “Meaningful Metrics” related to the business strategy. Developing KPI’s (Key Performance Indicators) and KRI’s (Key Risk Indicators) that empower the business and how to leverage those metrics to develop appropriate maturity roadmaps and appropriately inform business leadership.
We then progress to UNDERSTANDING FRAMEWORKS AND CYBER STRATEGY. In the third module, we outline the importance and the anatomy of a cyber strategy and how a cyber risk framework supports that mission, leadership, culture, governance structure and all supporting processes.

We explore how a cyber risk framework operates and how it integrates with the business value chain. Understand the foundational elements including standards, policies, procedures, legal and regulatory controls.
The next 5 modules are focused on thoroughly understanding the NIST CSF FUNCTIONS. Each function is explained with easy to understand terminology leveraging real-life and abstract examples across each function including every single category and subcategory of controls.

We also review the related informative references with implementation tiers for each function area.In module 5, we breakdown the NIST IDENTIFY FUNCTION by exploring how to develop an organizational understanding in order to manage cybersecurity risk to systems, people, assets, data, and capabilities.
  • We then breakdown the NIST PROTECT FUNCTION by exploring how to develop and implement appropriate safeguards to ensure delivery of services.

  • Next we breakdown the NIST DETECT FUNCTION by exploring how to develop and implement appropriate activities to identify the occurrence of a cybersecurity event.

  • We now move to breaking down the NIST RESPOND FUNCTION by exploring how to develop and implement appropriate activities to take action regarding a detected cybersecurity incident.

  • We then breakdown the fifth area which is the NIST RECOVER FUNCTION by exploring how to develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.
Finally, we outline what is involved in ESTABLISHING A CYBER RISK PROGRAM. How to apply the NIST CSF in the real world is the objective of this module. We explore methodologies, protocols and lifecycles in relation to assessing and implementing the framework. We leverage a case study of a financial service entity and walk through assessing the organization, developing a maturity roadmap related to a target profile and implementing it. Understanding how to manage and communicate the status of the program is a key component of this module.

Explore the Modules

{{ 'el_1614774325872_7' | embed }}

MODULE 1

CYBER THREAT LANDSCAPE
{{ 'el_1614679048323_11' | embed }}
Write your awesome label here.
We explore the global cyber threat landscape and gain an understanding of the key threat actors, their motivations and techniques. We breakdown the underground economy of cybercrime. We reference real life case studies of high-profile cyber-attacks. This module provides a context and background to the ecosystem of cyber threat actors. We reveal their modus operandi and TTPs (Tactics, Techniques and Procedures) from targeting to money laundering. 

MODULE 2

CYBER RISK MANAGEMENT FUNDAMENTALS
{{ 'el_1614680909873_2' | embed }}
Write your awesome label here.
We explore the key aspects of cyber risk management. Understanding the fundamentals of CRQ (Cyber Risk Quantification) and how to engage the business by leveraging “Meaningful Metrics” related to the business strategy. Developing KPI’s (Key Performance Indicators) and KRI’s (Key Risk Indicators) that empower the business and how to leverage those metrics to develop appropriate maturity roadmaps and support business leadership in making informed decisions. 

MODULE 3

UNDERSTANDING FRAMEWORKS AND CYBER STRATEGY
{{ 'el_1614681501189_238' | embed }}
Write your awesome label here.
We outline the importance and the anatomy of a cyber strategy and how a cyber risk framework supports that mission, leadership, culture, governance structure and all supporting processes. We explore how a cyber risk framework operates and how it integrates with the business value chain. Understand the foundational elements including standards, policies, procedures, legal and regulatory controls.

MODULE 4

ANATOMY OF THE NIST CYBER SECURITY FRAMEWORK
{{ 'el_1614681501189_296' | embed }}
Write your awesome label here.
We outline the background and context to the NIST Cyber Security Framework and breakdown the anatomy and structure including functions, categories, subcategories and informative references. We explore the use cases, benefits, future roadmap developments and gain an in-depth understanding of specific terminology and related resources.

MODULE 5

NIST CSF FUNCTION – IDENTIFY
{{ 'el_1614685281522_76' | embed }}
Write your awesome label here.
We explore how to develop an organizational understanding in order to manage cybersecurity risk to systems, people, assets, data, and capabilities. We breakdown every single category and subcategory of controls within the “Identify” function. Explained in easy to understand terminology with real-life and abstract examples across the entire NIST CSF function. We explore related informative references and implementation tiers.

MODULE 6

NIST CSF FUNCTION – PROTECT
{{ 'el_1614685281522_84' | embed }}
Write your awesome label here.
We explore how to develop and implement appropriate safeguards to ensure delivery of services. We breakdown every single category and subcategory of controls within the “Protect” function. Explained in easy to understand terminology with real-life and abstract examples across the entire NIST CSF function. We explore related informative references and implementation tiers.

MODULE 7

NIST CSF FUNCTION – DETECT
{{ 'el_1614685345929_110' | embed }}
Write your awesome label here.
We explore how to develop and implement appropriate activities to identify the occurrence of a cybersecurity event. We breakdown every single category and subcategory of controls within the “Detect” function. Explained in easy to understand terminology with real-life and abstract examples across the entire NIST CSF function. We explore related informative references and implementation tiers.

MODULE 8

NIST CSF FUNCTION – RESPOND
{{ 'el_1614685345929_118' | embed }}
Write your awesome label here.
We explore how to develop and implement appropriate activities to take action regarding a detected cybersecurity incident. We breakdown every single category and subcategory of controls within the “Respond” function. Explained in easy to understand terminology with real-life and abstract examples across the entire NIST CSF function. We explore related informative references and implementation tiers.

MODULE 9

NIST CSF FUNCTION – RECOVER
{{ 'el_1614856397873_113' | embed }}
Write your awesome label here.
We explore how to develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident. We breakdown every single category and subcategory of controls within the “Recover” function. Explained in easy to understand terminology with real-life and abstract examples across the entire NIST CSF function. We explore related informative references and implementation tiers.

MODULE 10

ESTABLISHING A CYBER RISK PROGRAM
{{ 'el_1614856397873_121' | embed }}
Write your awesome label here.
Applying the NIST CSF in the real world is the objective of this module. We explore methodologies, protocols and lifecycles in relation to assessing and implementing the framework. We leverage a case study of a financial service entity and walk through assessing the organization, developing a maturity roadmap related to a target profile and implementing it. Understanding how to manage and communicate the status of the program is a key component of this module.

The Course is for?

{{ 'el_1614774205320_4' | embed }}
The course syllabus has been specifically designed to be collaborative and bring together business leaders of various disciplines within an organization. They are the key stakeholders in designing, implementing or supporting the cyber risk management program of an organization. Key cyber risk management stakeholders include:

  • C-Suite
  • CISO/CSO/CIO or CRO
  • Head of IT/Security
  • CCO Chief Compliance Officer
  • Cyber Security/Risk/Compliance Teams
  • Legal
  • Procurement
  • Head of Business Units
  • Technology Leaders / Project Managers
  • Management Professionals / Team Leaders
  • Digital Consultants
IDEAL TRAINING COURSE FOR
Cyber Risk Leader
Develop and Implement Strategy
Gaining Recognition
Cyber Risk Management Specialist
Cyber Security and Risk Teams
Collaborate and Support Enterprise

How do you Learn?

{{ 'el_1614774223268_5' | embed }}
The course is delivered entirely online. Students are provided with 90 days access to all the training material and exams.
Training material comprises of rich interactive media such as videos, infographics and course notes. There are many opportunities for collaborative learning via the discussion forums and you can leverage the portal to connect to other students around the world. All students also have access to scheduled remote live learning sessions, with an opportunity to directly liaise with the tutor.
There are 10 modules with an online exam at the end of each module. The pass score for each module is 80% and you must obtain an average score of 80% or higher across all modules to be successfully certified. You can re-sit each of the module exams three times if required during your 10 weeks.

What Support do I Get?

{{ 'el_1614774298002_6' | embed }}
Head Tutor
Subject Expert
Course Manager
One to One Student Support
Technical Support
Available to Solve Tech Issues
Social Learning
Student Network Collaboration
Extended Network of Material
Recommended External Material
Subtitles/CC
Core Module Videos Have Captions

About the Head Tutor

{{ 'el_1614774357768_8' | embed }}
Paul C Dwyer – President of the ICTTF International Cyber Threat Task Force
{{ 'el_1642173072117_271' | embed }}
Paul C Dwyer is recognised as one of the world’s foremost experts on cyber security, risk and privacy. As CEO of Cyber Risk International he specialises in corporate and enterprise security, development of cyber defence programs, and business operations protection for CRI clients. As founder and President of the ICTTF International Cyber Threat Task Force he is an advocate for diversity in the industry and leads a community of over 30,000 with a common goal to defeat cyber evil.
Certified an industry professional by the International Information Security Certification Consortium (ISC2) and the Information System Audit and Control Association (ISACA). Approved by the National Crime Faculty and the HTCN High Tech Crime Network. He has worked extensively around the world his diverse career spans more than 30 years working with military, law enforcement and the commercial sector.
Roles have included:
  • President of the ICTTF International Cyber Threat Task Force
  • Co Chairman of the UK NCA National Crime Agency Industry Group
  • Advisor to NaCTSO (National Counter Terrorism Security Office)
  • Advisor to NATO on Countering Hybrid Cyber Threats
  • Advisor to UK Defence Committee DEFCOM in Parliament
  • Deputy Chair – Organised Crime Task Force Industry Group – NI
  • Interim Global CISO for numerous multi national organisations
  • Advisor to numerous governments and intelligence agencies
PAUL C DWYER CEO - BIO
“An eye opening course bringing to life exactly what a CISO is and maybe more importantly what is isn’t. Many lightbulb moments that will help refocus how to better align security with the business, and what it takes to be successful.” Mark Conabeare – CISO Debenhams
{{ 'el_1642173072117_281' | embed }}
“An eye opener giving a global picture backed up with real world examples, Great Knowledge.” Shane O’Reilly – Head of IT – Total Produce

FAQ

{{ 'el_1614708079100_19' | embed }}

How do I get Certified?

{{ 'el_1614774384280_9' | embed }}
Successful certification depends on several factors. The online course includes continual evaluation of your performance and competency.
If you meet all the certification requirements which includes the professional experience prerequisite, adoption of the ICTTF Code of Ethics and successful performance on the required curriculum and competency evaluation, you will be certified and entitled to all of the rights and privileges associated with the designation. You need to re-certify every three years.
Certification is by the board of the ICTTF – International Cyber Threat Task Force.

Will it Help my Career?

{{ 'el_1614774426434_12' | embed }}
There is a Global IT security skills shortages and it has now surpassed four million according to a recent industry survey.
The number of unfilled positions now stands at 4.07 million professionals, up from 2.93 million this time last year. This includes 561,000 in North America and a staggering 2.6 million shortfall in APAC. The shortage of skilled workers in the industry in Europe has soared by more than 100% over the same period, from 142,000 to 291,000.
The global security workforce needs to increase by a staggering 145% to cope with a surge in hiring demand. In Europe, this has come particularly in smaller companies with one-99 employees, as well as those with over 500 employees.
In the report, over half (51%) of cybersecurity professionals said their organization is at moderate or extreme risk due to staff shortages.

Do I need to have a Cyber Security Background?

{{ 'el_1614774468886_13' | embed }}
No. The syllabus has been developed for a non-technical audience. When technical concepts are referenced in any way, they are fully explained.
It is assumed that you have very limited IT technical knowledge. This course is for business leaders and provides them with the knowledge, skill and confidence to liaise with technical subject matter experts by demystifying the jargon and concepts.

How do I Re-certify?

{{ 'el_1614774473104_14' | embed }}
Certification lasts for three years from the date awarded. Form June 2023 a recertification exam will be available online at www.icttf.org
There will be a fee of €500 for the recertification exam or any resits required.
If students elect to re-certify by re-enrolling in the course, they have that option and will receive €500 discount off the cost of the course.

What does this course equip students with?

{{ 'el_1614879164900_153' | embed }}
Establishing and operationalizing a cyber security program based on the NIST CSF

What is the Course Format?

{{ 'el_1614774481454_15' | embed }}
The NCSE (NIST Cyber Security Expert) course is delivered entirely online with recorded videos, downloadable case books and interactive material.

Overview: Introduction outlining the features of the online campus portal. Students get an opportunity to complete their online student profiles. Introductions to key support contacts.
Format: Video, PDF
Each module is comprised of the following materials:
  • Reading Material (Case books and References in PDF Format)
  • Videos (Covering the Module Topic)
  • Online Exam
Each module exam contributes equally towards the continuous evaluation of students and form part of their overall assessment and scoring

What is the Pass Mark and How Does the Scoring Work?

{{ 'el_1614774486872_16' | embed }}
The pass mark for successful certification on the NCSE course is 80% Students are continually evaluated during the course. The scoring criteria is as follows: Each Module Assessment Carries: 10%

What is the Cancellation Policy?

{{ 'el_1614774502892_18' | embed }}
Registration: A booking online reserves your place, this does not guarantee your place. Only *payment in full of the course fees will guarantee your place. You will be sent a registration email to complete your profile once payment in full has been received.
Installment Payment Option: If a student has elected to pay by instalments, they are fully committed and legally obligated to pay ALL instalments outlined.
Course Cancellation: Due to unforeseen circumstances, ICTTF Ltd may be compelled to cancel the course at short notice. In such circumstances, registrants will be entitled to a full refund of their course fee, or the course fee can be credited towards a future course.
Cancellation:

Notice of a registrant’s intention to cancel their registration must be made in writing (sales@ICTTF.org ) to ICTTF Ltd. In such cases, registrants will have the following options:

1) Nominate a replacement to attend in their place. Such notice must be made in writing at least 5 days before the commencement of the course.

2) Defer to a course commencing at a later date. Such notice must be made within 10 days of the commencement of the course and is subject to availability.

Registrants who fail to attend the course will be charged 100% of the full fee.

Substitutions/Replacements:

Where a registrant who has to cancel nominates a suitable replacement to attend in their place, no cancellation penalty will be incurred unless the registrant has already started the course. The suitable replacement must meet the Entry Requirements for the

course.

Fees: Participants wishing to transfer to a later date will be billed a 10% administration fee plus any increase in the price of the course.  

Participants who started the course and wants to nominate a replacement will be billed a 10% administration fee plus any increase in the price of the course.
Changes to Course: ICTTF Ltd. reserves the right to change course content, structure, lecturers and dates.

Where are the Terms and Conditions?

{{ 'el_1614774513042_19' | embed }}
Please follow this link to the Cyber Risk Academy terms and conditions: Terms and Conditions

Where will my Certified Qualification be Recognized?

{{ 'el_1614774520136_20' | embed }}
Our cyber risk certifications are recognized globally. This course has been accredited and benefits from dual certification by the International Compliance Association (ICA) and other respected bodies.

Who are NIST?

{{ 'el_1614940269248_9' | embed }}
NIST are The National Institute of Standards and Technology is a physical sciences laboratory and a non-regulatory agency of the United States Department of Commerce. Its mission is to promote innovation and industrial competitiveness. 
The National Institute of Standards and Framework’s Cybersecurity Framework (CSF) was published in February 2014 in response to Presidential Executive Order 13636, “Improving Critical Infrastructure Cybersecurity,” which called for a standardized security framework for critical infrastructure in the United States.
Further information can be found on their website at: nist.gov
Please note: ICTTF Ltd is an independent organization and is in no way affiliated or associated with the National Institute of Standards and Technology.