In this course, you will understand the context and nature of cybersecurity risks and how to manage these risks using the NIST Cybersecurity Framework together with COBIT 5. ISO/IEC 27000 is also covered in this course. So if you are already using that standard or interested in applying it as an overall IT Security Management System, this course will be relevant as well.

Target Audience

This course and exam is aimed at individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for outside organizations or their own.

Certification: Yes

Duration: 2 Days

Domain: IT Governance and Strategy

Delivery Method: Blended, Classroom, Virtual Classroom

Accreditor: APMG

Available Languages: English

Purchase Options: Pay Per Use Courseware

This course and exam is aimed at individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for outside organizations or their own.

At the end of this course, participants will be able to:

• Understand the course objectives and content, exam requirements and learning approach.
• Understand the context of cybersecurity: the risks, the challenges in managing these risks, and the benefits of aligning the NIST Framework, ISO/IEC 27000 and COBIT 5.
• Understand an overview of the NIST Cybersecurity Framework, COBIT 5, and ISO/IEC 27000.
• Understand the objectives and scope of the ISACA Guide and how to use it to implement Step 1 – Prioritise and Scope.
• Understand how to use the ISACA Guide and to implement Step 2 – Orient and Step 3 – Create a Current Profile.
• Understand how to use the ISACA Guide and to implement Step 4 – Conduct a Risk Assessment and Step 5 – Create a Target Profile.
• Understand how to use the ISACA Guide and to implement Step 6 – Determine, Analyse and Prioritise Gaps.
• Understand how to use the ISACA Guide and to implement Step 7 – Implementation Plan.
• Understand how to use the ISACA Guide and to implement an Action Plan Review and Manage the Lifecycle.

Course Introduction

• Introductions
• Course Objectives
• Agenda
• Learning Approach

Cybersecurity Challenges

• What is cybersecurity?
• What are the risks?
• What are the challenges?
• What are the benefits:
  • NIST Framework
  • COBIT 5
  • ISO27000

Introducing the Frameworks

• NIST Core, Tier and Profiles Facts and Concepts
• How to apply these concepts to a scenario

Step 1: Prioritize and Scope

• The CSF Goals and implementation steps
• How the CSF relates to the NIST Framework
• What are the drivers?
• Implementation Considerations
• Relevant COBIT 5 Practices

Steps 2 and 3: Orient and Create a Current Profile

• Where are we now?
• Implementation Considerations
• Relevant COBIT 5 Practices

Step 4 and Step 5: Conduct a Risk Assessment and Create a Target Profile

• Where do we want to be?
• Implementation Considerations
• Relevant COBIT 5 Practices

Step 6: Determine, Analyze, and Prioritize Gaps

• What needs to be done?
• Implementation Considerations
• Relevant COBIT 5 Practice

Step 7: Implement Action Plan

• How do we get there?
• Implementation Considerations
• Relevant COBIT 5 Practice

CSF Action Plan Review and CSF Life Cycle Management

• Did we Get There
• Implementation Considerations
• Relevant COBIT 5 Practices
• How do we Keep the Momentum Going
• Implementation Considerations
• Relevant COBIT 5 Practices