This course focuses on industry frameworks and best practices for building a comprehensive cybersecurity program to protect critical infrastructure, industrial controls, and private and public utilities. The course is divided into these three sessions:
How organizations use the NIST Risk Management Framework and NIST Cybersecurity Framework to build and report on a Cybersecurity Risk Management Program to protect critical infrastructure. In addition, the BSA Framework for Secure Software is included to evaluate best practices to secure software applications. Deliverables include a Cybersecurity Strategy, Cybersecurity Policies, and Cybersecurity Risk Report.
How organizations use the DHS Continuous Diagnostics and Mitigation Architecture (Volume 1) and Continuous Diagnostics and Mitigation Technical Capabilities (Volume 2) to build and report on a Cybersecurity Engineering Program. The CDM Program includes engineering and design of both critical infrastructure security as well as securing software applications. Deliverables include a Cybersecurity Architecture, Cybersecurity Workloads, and a Cybersecurity Dashboard
How organizations use Security and Privacy Controls for to secure and resilient infrastructure based on industry best practices. The focus is on NIST 800-53, CIS Critical Controls, ISO 27002 Code of Practice, etc., for Infrastructure security. For an added bonus, we cover how organizations will need to tie in compliance with the CMMC in order to fulfill work for the Federal sector. Deliverables include a System Security Plan, Risk Assessment and Plan of Action and Milestones (POA&M).
At the conclusion of the class, attendees will understand the key frameworks and outcomes that organizations should follow in developing a comprehensive / standards-based cybersecurity program to protect critical infrastructure.