This is a multi-part series to assist the participant in evaluating all the necessary components to conducting a cyber risk assessment. The purpose of a cyber risk assessment lies in the objectives of ensuring:
- Availability
- Confidentiality
- Integrity of data
- Integrity of processing
We utilize the National Institute of Standards and Technology (NIST) cybersecurity framework to walk through various elements that should be considered with a cyber risk assessment. A previous segment delved into the first function outlined by NIST which is the “Identify” concept. This segment will delve into the “protect” function.
We try to protect our information assets and systems against attack. Protection strategies can be the first line of defense, and breaches usually are a failure of protection strategies. Utilizing the concepts of categories and sub-categories an organization can effectively begin to map out their cyber risk process. The sub-categories of the protect function include:
- Awareness control
- Awareness and training
- Data security
- Information protection and procedures
- Maintenance
- Protective technologies
This segment is dedicated to delving into each of these sub-categories and outlining possible considerations for protecting information and cyber assets.
Training for all programs related to cyber security by this trainer are utilizing the framework of the National Institute of Standards and Technology (NIST) as a model. This information is freely available in the public domain. For more detailed information on the framework please refer to NIST.org.
Learning Objectives
- Explore the objectives of a cyber risk management assessment.
- Explore security control designations.
- Explore the concept of baseline controls.
- Identify the requirements of ensuring awareness control within the protect function.
- Identify the requirements of ensuring awareness and training within the protect function.
- Identify the requirements of ensuring data security within the protect function.
- Identify the requirements of ensuring information protection and procedures within the protect function.
- Identify the requirements of ensuring maintenance within the protect function.
- Identify the requirements of ensuring protective technology within the protect function.
Included In Certifications
This course is included in the following Certification Programs:
13 CoursesCorporate Cyber Security Certification
- Cyber Threat – The Modern-Day Fraud: Breaches and Actions
- A Primer on Cyber Security Programs and Roles
- Cyber Risk Frameworks And Concepts
- Cyber Risk Framework - Identify Assets
- Cyber Risk Framework - Prioritize Assets
- Cyber Risk Framework - Protect Assets
- Cyber Risk Framework - Detect Part One
- Cyber Risk Framework - Detect Threats Part Two
- Cyber Risk Framework - Respond
- Cyber Risk Framework - Recover
- Cyber Risk Framework - Utilizing The Tier Approach
- Fraud and Personal Identity Theft
- Fraud and Business Identity Theft
46 Reviews (193 ratings)
Prerequisites
No Advanced Preparation or Prerequisites are needed for this course. However, it is recommended to take the other courses in the series prior to completing this one.