2 CPE This is a multi-part series to assist the participant in evaluating all the necessary components to conducting a cyber risk assessment. The purpose of a cyber risk assessment lies in the objectives of ensuring:
- Availability
- Confidentiality
- Integrity of data
- Integrity of processing
We utilize the National Institute of Standards and Technology (NIST) cybersecurity framework to walk through various elements that should be considered with a cyber risk assessment. A previous segment delved into the first function outlined by NIST which is the “Identify” concept. This segment will delve into the “protect” function.
We try to protect our information assets and systems against attack. Protection strategies can be the first line of defense, and breaches usually are a failure of protection strategies. Utilizing the concepts of categories and sub-categories an organization can effectively begin to map out their cyber risk process. The sub-categories of the protect function include:
- Awareness control
- Awareness and training
- Data security
- Information protection and procedures
- Maintenance
- Protective technologies
This segment is dedicated to delving into each of these sub-categories and outlining possible considerations for protecting information and cyber assets.
Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.
Learning Objectives
- Explore the objectives of a cyber risk management assessment.
- Explore security control designations.
- Explore the concept of baseline controls.
- Identify the requirements of ensuring awareness control within the protect function.
- Identify the requirements of ensuring awareness and training within the protect function.
- Identify the requirements of ensuring data security within the protect function.
- Identify the requirements of ensuring information protection and procedures within the protect function.
- Identify the requirements of ensuring maintenance within the protect function.
- Identify the requirements of ensuring protective technology within the protect function.
Last updated/reviewed: March 24, 2024
Included In Certifications
This course is included in the following Certification Programs:
13 CoursesCorporate Cyber Security Certification
- Cyber Threat – The Modern-Day Fraud: Breaches and Actions
- A Primer on Cyber Security Programs and Roles
- Cyber Risk Frameworks And Concepts
- Cyber Risk Framework - Identify Assets
- Cyber Risk Framework - Prioritize Assets
- Cyber Risk Framework - Protect Assets
- Cyber Risk Framework - Detect Part One
- Cyber Risk Framework - Detect Threats Part Two
- Cyber Risk Framework - Respond
- Cyber Risk Framework - Recover
- Cyber Risk Framework - Utilizing The Tier Approach
- Fraud and Personal Identity Theft
- Fraud and Business Identity Theft
44 Reviews (189 ratings)
Reviews
Anonymous
(Sr. Director of Cost Management and Comp..)
Excellent overview of the NIST Protection framework for protection of assets from cyber threats. Very comprehensive discussion that covers a wide spectrum of IT controls and systems practices to help ensure mitigation of risks from cyber threats.
Dale Rapp
(Sr Internal Auditor – IT (PCI) at Charter Communications)
Lynn did a great job walking through the material and objectives. The course was divided into organized sections in whhich Lynn talked about the importance of the various security controls to meet the objective of the overall security function.
Sergey Bulychev
(internal auditor at Transneft Finance LLC)
Очень сложно разбираться в одних голых терминах на английском языке. Курс надо увеличить с подробными примерами из практики
Anonymous
(Controller)
There are no trick questions on the exam. I appreciate that given that a cyber risk framework is pretty wordy and you can interpret words in so many ways (unlike numbers!)
RICARDO CAMPOLINA DE TOLEDO
( at WPP)
Great summary / view of the Cyber Risk Assessment: Protect from NIST framework. Good for those who are not experts but are interested to know more about the topic.
Anonymous
(Finance and IT Consultant)
Lynn has provided a good understanding of one of the core areas that needs attention and action based on the NIST framework on cyber security. Well done!!!
Christopher Hole
(Director of Internal Audit at Roseburg Forest Products)
This is a fairly detailed summary of the Protect function of the NIST framework, but is presented in a fairly straightforward, easy to understand manner.
Anonymous
(IT Risk Associate)
Great concise course over protection techniques / controls for Cyber relate risks. I would recommend this course to an entry level IT Audit associate.
Anonymous
(Assistant Internal Audit Manager)
The course provides a good understanding for Protection function of NIST framework. The instructor made it easy for beginners to capture the knowledge
Anonymous
()
.................................................................................................................................................
Anonymous
()
This course provides an good understanding of the types of cyber controls, why they are important, and examples of cyber control procedures.
Anonymous
()
The categories and sub-categories were well defined and explained. Procedures to ensure the Protect function was explained in detail.
Anonymous
()
Course covered the topics stated. Was nice that it is broken down into a multi-part series so it is not too much info at one time.
Martin Smith
(owner at M. Ward Smith, Inc.)
Not sure but it seems like protect was a subcategory of itself. The structure of all these items gets very difficult to follow.
Anonymous
(Senior IT Auditor)
I find the course very useful in a sense that it provides a comprehensive review of cyber risk framework over assets protection.
Anonymous
()
Very good course which helped me to understand the process of creating a cyber risk assessment. Instructor was also very good.
Rose Gingrich
(State Report at GCCS)
This a great course, I really enjoyed and learn new things.
The instructor is excellent in her presentation and explanations
Anonymous
()
This course provided a detailed understanding of the protect funtion of the framework, and was explained well and in detail.
Anonymous
(Consultant - Process Specialist)
Great course for aspiring IT auditors. Should have basic knowledge of ITGCs and Application controls would be helpful
Anonymous
(Manager)
Great break-down of Cyber Risks and creating the baselines needed to start reporting on organizational controls.
Michael Savino
(COO-Owner at ITSco.com)
Another additional improvement would be to provide detailed explanations of incorrect answers on quiz and final
Anonymous
(-)
Nice overview of cyber risk framework for protecting assets - gonna keep an eye out on our internal processes.
Anonymous
()
NIST can be intimidating. This series is a good breakdown of the components to make it understandable.
Anonymous
(IT Advisory Snr. Associate)
The course is refreshing. Nothing surprised me. This will be highly beneficial to non-IT professionals.
Anonymous
(Audit Manager)
Excellent course in the cyber risk assessment series. This course covers the Protect portion in NIST.
Anonymous
(Senior Associate IA)
I think the instructor does a great job explaining the information and providing good examples.
Anonymous
()
Program materials were relevant and contributed to the achievement of the learning objectives
Anonymous
(Head of Global Business Assurance)
This cyber risk assessment overview was on point for understanding baselines, well done.
Anonymous
(Accountant)
Good course on the cyber risk framework, very well put together and easy to follow!
Craig Campbell
( at National Reconnaisance Office)
Course is comprehensive and well presented, especially for novices in this arena.
Anonymous
(Retired)
Great course. Provides valuable information on protecting assets from threats.
Anonymous
()
Very good course of cyber risk framework - Protect Assets which add value to me
Anonymous
()
Great overview of cybersecurity. Linkage to NIST was clear. Slides were clear.
Anonymous
(MANAGER, ENERGY COST MGMT)
i am grateful to expanding my learning in this area. thank you very much
Anonymous
(-)
The definitions were clear enabling future application of the concepts.
Anonymous
(Senior Internal Auditor)
The course was useful and provided insight into protection strategies.
Peter Addison
(Security Consultant at Capgemini)
Provided an excellent insight to the Protect category of controls.
Steve Stein
(Director, Tech Audit at Google)
Good overview, well organized and presented, good for beginners.
Elizabeth Martin
( at Self)
The details of Categories and sub-categories are well explained.
Anonymous
(Sr. IA Manager)
Good course, easy to follow, topics are current and relatable.
Abraham Minto
( at Abraham Minto LLC)
Lynn’s course on the Cyber Risk Framework was well presented
Anonymous
()
Cyber Risk Framework - Protect Assets is an excellent course.
Anonymous
(Sole Practitioner)
well thought out and acceptable for cpe review purposes
Anonymous
(Head of Internal Audit)
Crucial topic for audit function to master and perform
Prerequisites
Course Complexity: Intermediate
No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.
Education Provider Information
Company:
Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA
95113
Contact:
For more information regarding this course, including complaint and
cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to
.
Lynn FountainCPA, CGMA, CRMA, MBA, cPIA, Consultant, Author, Trainer
About Illumeo
Platform
Resources
Contact Us
- Email: info@illumeo.com
- Phone: 408-400-3993
- Adress: 1608 W Campbell
- Av #221, Campbell, CA 95008
© 2024 Illumeo, Inc.