1 – Background & Introduction
2 – Framing the Problem
- Cybersecurity Risks & Controls
- Cyber-Risks to Critical Infrastructure
- Mitigating Cyber-Risks: Steps 2 – 5
3 – The Controls Factory Model
- Cybersecurity Controls Model
- The Engineering Center
- The Technical Center
- The Business Center
4 – Cyber Threats & Vulnerabilities
- Cyber Kill Chain® Model
- The Cyber Threat Landscape
- Vulnerabilities & Control Deficiencies
5 – Digital Assets, Identities & Business Impact
- Securing our Digital Assets
- Asset Management
- Business Applications
- Security Practices
- Business Environment
- Governance & Risk Assessment
- Risk Management & Supply Chain
6 – NIST Cybersecurity Framework – Design & Build
- NIST CSF: Core Function Mapping
7 – Technology Program – Design & Build
- The Technology Program
- Critical Security Control 01 – 20
8 – Security Operations Center (SOC)
- Security Operations Overview
- SOC Technology
- SOC People
- SOC Process/Procedures
- SOC Services
- SOC Options
9 – Technology Program Test & Assurance
- PCI=DSS Overview & Mapping
- Build & Maintain a Secure Network & Systems
- Protect Cardholder Data
- Maintain a Vulnerability Management Program
- Implement Strong Access Control Measures
- Regularly Monitor & Test Networks
- Maintain an Information Security Policy
10 – Business Center Design & Build
- Controls Factory Model – Business Center
- ISO 27002 Control Clause A.5 to A.18
11 – Cyber Workforce Skills Development
- The Controls Factory Model – Cyber Workforce Development
- Lesson the NICE Workforce Framework (NCWF)
- Securely Provision
- Operate & Maintain
- Oversee & Govern
- Protect & Defend
- Analyze
- Collect & Operate
- Investigate
12 – Cyber Risk Program Design & Build
- Controls Factory Model – Cyber Risk Program
- AICPA Description Criteria Categories: 1 to 19
13 – Cybersecurity Program Assessment
- Sample Assessment
- Cybersecurity Program Summary Design
14 – The Risk Management Framework
- AICPA Cyber Risk Categories
- FTC Compliance with the Framework
