Who should attend?

The Cybersecurity Framework (CSF) full training program is suitable for government employees, contractors, and those employed in private industry who may have job roles which are not focused on Government. The nature of CSF as a voluntary and flexible framework with a goal of being cost-effective in promoting the protection and resilience of critical infrastructure and other sectors of the economy make it useful for an extremely broad audience.

Cybersecurity Fundamentals (CSF) – Fundamentals (Day 1)

CSF Fundamentals (One Day) provides a high-level view of CSF. Discussion is centered on identifying the primary drivers (policy and guidance) and differentiating amongst the Cybersecurity Framework Core (including functions, categories, subcategories and information references). Students will also learn to identify the various frameworks in the CSF references and describe the Framework profile as it relates to implementation tiers. Additional focus is placed upon the CSF self-assessment process as well as sector-specific guidance.

Cybersecurity Framework (CSF) – In Depth (Days 2-4)

CSF Full Program (Four Day) The Cybersecurity Framework (CSF) full program provides a CSF fundamentals overview and then expands on the central tenet of the Framework, which is effective risk management. In this course, participants will have the opportunity to apply the Cybersecurity Framework Core functions, categories, subcategories and information references, and to select controls among the information references. Training includes an overview of information security and risk management with Cybersecurity Framework policies and relevant publications. The program addresses the CSF life cycle which involves the following steps:

  • Step 1: Prioritize and Scope
  • Step 2: Orient
  • Step 3: Create a current profile
  • Step 4: Conduct a risk assessment
  • Step 5: Create a target profile
  • Step 6: Determine, analyze and prioritize gaps
  • Step 7: Implement action plan

Additional attention will be given to key topics such as supply chain risk management (SCRM) and primary Cybersecurity Framework related guidance.