In 2013, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which called for the development of a voluntary risk-based cybersecurity framework (CSF) that is “prioritized, flexible, repeatable, performance-based, and cost-effective.” The CSF was developed through an international partnership of small and large organizations, including owners and operators of the nation’s critical infrastructure, with leadership by the National Institute of Standards and Technology (NIST). In this session we will discover how the framework works, how to implement it, and what the proposed changes are as framework moves to version 1.1. This session will be an overview of what the frame work is, who needs to follow it, why your company may decide this framework is a good solution for your company to use. We also demo a free tool to help you understand where you current weaknesses are and how you can improve your compliance to the framework.
There are no prerequisites for this course.
4 Days/Lecture & Lab
This course is designed for those wanting to learn how the risk management framework works, how to implement it, and what the proposed changes are as the framework moves to version 1.1
- Cybersecurity Policy Regulations and Framework
- RMF Roles and Responsibilities
- Risk Analysis Process
- Step 1: Categorize
- Step 2: Select
- Step 3: Implement
- Step 4: Assess
- Step 5: Authorize
- Step 6: Monitor