Formation NIST CyberSecurity Framework 2.0

Module 1: Understanding Cybersecurity Challenges

Explore cyber risks and contemporary responses.

Recognize major international cybersecurity players.

Assess your organization's target maturity level.

Conduct audits based on the NIST CSF framework.

Describe alignment between NIST CSF and other frameworks.
 

Module 2: NIST – CSF Framework

Delve into cybersecurity challenges for vital US organizations.

Examine the legal framework, including the Cybersecurity Enhancement Act of 2014.

Understand the role of the National Institute of Standards and Technology (NIST).

Propose a comprehensive governance framework.

Explore key cybersecurity objectives of the NIST CSF.

Gain insights into digital risk management requirements and a risk governance approach.

Learn about NIST CSF certification and the involved stakeholders.
 

Module 3: Governance Approach to Cybersecurity

Build a robust cybersecurity strategy by analyzing cyber risks.

Effectively communicate cybersecurity aspects within your ecosystem.

Define clear cybersecurity postures and objectives.

Evaluate and audit the effectiveness of existing cybersecurity measures.

Identify and prioritize improvement opportunities in a continuous and reproducible process.

Appreciate improvements toward set security objectives, mastering residual risks.

Raise staff awareness and contribute to a cyber risk-aware culture.

Module 4: Framework Structure

Understand the core framework with its set of security activities and functions.

Explore framework implementation levels, grading security based on goals and activity criticality.

Integrate agility and responsiveness from Levels 1 to 4.

Define a framework profile expressing security needs and responses through practices and standards.

Implement metrics and self-assessment tools.

Explore available documentation structure in English and French, including sections and Annex A.

Module 5: The Five Core Functions of NIST CSF

Identify (Risk Approach to Governance):

Asset Management

Business Environment

Governance

Risk Assessment

Risk Management

Security Culture

Protect (Risk Mitigation by Preventive Measures):

Access Control

Awareness Training

Data Security

Information Protection

Maintenance

Protective Technology

Detect (Detection of Cyber Incidents and Flaws):

Anomalies and Events

Continuous Monitoring

Detection Processes

Respond (Residual Risk Treatment and Corrective Measures):

Response Planning

Communications

Analysis

Mitigation

Improvements

Recover (Resilience and Restoration of Altered Assets):

Recovery Planning

Improvements

Communications

Module 6: Maturity Rules of NIST CSF Implementation

Explore a maturity model similar to CMM.

Choose the target maturity level based on appetite, risk preference, and stakeholder expectations.

Progress from Level 1 (partial) to Level 2 (informed) and Level 3 (repeatable).

Achieve Level 4 (adaptive) with continuous improvement and strong interactions with the ecosystem.

Establish the relationship between core processes and the target maturity level through self-assessment and audit.

Implement the necessary organization, functions, and responsibilities to achieve set objectives.

Identify and coordinate decision-making levels (Senior Executive, Business/Process, Implementation/Operations).

Module 7: NIST CSF in the French/European Cyber Ecosystem

Implement the framework in ACPR controls, Bank of France, BCE.

Integrate NIST CSF for industrial SI risk management (NIST-800-82).

Develop Security Assurance Plans based on NIST questionnaires.

Evaluate suppliers and conduct audits based on the NIST CSF framework.

Explore the use of other NIST frameworks (800-53, …).

Module 8: Implementation and Deployment of NIST CSF

Assess the NIST maturity of your organization.

Create a criteria grid for easy NIST maturity evaluation.

Analyze existing security based on the NIST model.

Determine target maturity levels and the roadmap to achieve them.

Compare NIST CSF with ISO 27001, ISO 27002:2022, ISO 27110:2021, and SOC 2.

Evaluate the effectiveness of NIST CSF as the best security framework.

Conclude with a decision on NIST-CSF adoption.