(Click Category to List Courses)
42 - IT-S Information Technology - Security and Audit
IT-S 410 - NIST Cyber Security Professional (NCSP) 800-53
| Code | Start Date | Duration | Venue | |
|---|---|---|---|---|
| IT-S 410 | 30 October 2023 | 5 Days | Istanbul | Registration Form Link |
| IT-S 410 | 25 December 2023 | 5 Days | Istanbul | Registration Form Link |
Course Description
Business goals may include organizing the company to make it more efficient and profitable, or to redefine our target market to three major areas. One of our key business goals must be to reduce the risk of a data breach, the loss of intellectual property, the compromise of valuable research data, or the protection of employee and customer information. To be successful, we require a business focused cyber-risk management program that includes a complete understanding of business activities and the potential risk to the organization if a bad actor compromises one or more of these activities.
The Security Technical Implementation Guides (STIGs) are the configuration standards created by the Defense Information Systems Agency (DISA) for Department of Defence systems. The STIGs contain technical guidance to lock down information, systems, and software, which might otherwise be vulnerable to a malicious computer attack by limiting account access to a system.
This is a course preparation for certification exam/procedure. The fee doesn't include exam fee. The exam date and application should be done by participant(s) themselves. Please contact us for details and further clarification.
Course Objectives
- Understand and describe how an organization can approach the adoption and adaptation of the NIST-CSF
- Understand and describe how to implement cybersecurity controls using an incremental improvement approach, using the NIST 800-53 Standard as an informative reference
- Understand and describe how to create, protect, and deliver digital business value
- Understand of Security technical implementation guide (STIG)
Who Should Attend?
- IT professionals
- Network Administrators
- Secuiry Analysts
Course Details/Schedule
Day 1
- Understanding Cyber Risks
- Overview of NIST Cyber Security Professional (NCSP) 800-53
- Core Functions, Categories & Subcategories
- The NIST Cybersecurity Framework Fundamentals
- Risk Management and Security Controls
- Risk Identification and Analysis
Day 2
- Security Operations and Incident Response
- Security Control Selection and Implementation
- Security Control Monitoring and Maintenance
- Security Automation and Orchestration
Day 3
- Automating Security Incident Response
- Automating Security Monitoring and Logging
- Automating Security Vulnerability Management
- Profiles and their use of Current
- Implementation Tiers
- Security Governance and Compliance
- Developing Framework Profiles
Day 4
- Understanding of Security technical implementation guide (STIG)
- STIG control profiles selection
- STIG Severity assignment on controls
- Role of security attributes (CIA) controls
- STIG profile control addition and removal
- Control mapping to org policy and implementation on technology
- Control Correlation Identifier (CCI).
- Common Configuration Enumeration (CCE)
- Common weakness enumeration (CWE)
- Extensible Configuration Checklist Description Format (XCCDF)
- Open Checklist Interactive Language (OCIL)
- Open Vulnerability Assessment Language (OVAL)
Day 5
- Role of Control Correlation identifier (CCI) for implementation of Cyber Security policy
- Control implementation and automation.
- Compliance assessment, automation and scoring.
- Correlation between Controls and vulnerability.
- Correlation between vulnerabilities and compliance.
- Correlation between risk management framework (RMF) and STIG
- Open Source tools for automation/implementation of 800-53
- Open Source tools for automation/implementation of STIGs
- SITG demonstration on Open source tool(Open SCAP and ANISABLE)
