This course will help you to build a basic understanding of NIST cybersecurity fundamentals. You will learn about the RMF process and managing risk by identifying, assessing and responding to risk. Additionally, you will learn how to use the framework to assess an organization's cybersecurity risk and the steps to implement or improve a cybersecurity program. The Cybersecurity Framework skill path introduces the framework for improving infrastructure cybersecurity.
NIST CSF
This course is part of Cybersecurity Risk Management Framework Specialization
6,494 already enrolled
(104 reviews)
Details to know
Add to your LinkedIn profile
1 quiz
See how employees at top companies are mastering in-demand skills
Build your subject-matter expertise
- Learn new concepts from industry experts
- Gain a foundational understanding of a subject or tool
- Develop job-relevant skills with hands-on projects
- Earn a shareable career certificate
Earn a career certificate
Add this credential to your LinkedIn profile, resume, or CV
Share it on social media and in your performance review
There are 10 modules in this course
This video introduces the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) 2.0 for improving critical infrastructure cybersecurity.
What's included
1 video
The NIST CSF contains terminology and concepts that may be expressed in specific ways to include perspectives and usages that may be unique to the framework implementation and different from what you are used to dealing with in your normal operations. You must have a basic understanding of security fundamentals used throughout the industry. For instance, the familiar CIA triad will be mentioned extensively throughout our courses. Additionally, there are some aspects of the framework that are contained throughout all discussion of the topics in this course. We’re introducing them here, they include: Cybersecurity & Information Security, Drivers of Business & Environments, and Cybersecurity Fundamentals. These concepts will be included in various discussions throughout all modules of this course, and you should become familiar with them.
What's included
4 videos
The NIST CSF, because it is a risk-based approach for managing cybersecurity risk, is composed of three parts: the Framework Core with its four areas and five processes, the four Framework Implementation Tiers and its programs and processes, and the Framework Profiles, goals, types and levels. Each Framework component reinforces the connection between business and mission drivers and cybersecurity activities.
What's included
1 video
The NIST CSF provides a common language to communicate requirements among interdependent stakeholders responsible for the delivery of essential critical infrastructure products and services. For example, an organization may use a target profile to express cybersecurity risk management requirements to an external service provider (e.g., a cloud provider to which it is exporting data). In addition, an organization may express its cybersecurity state through a current profile to report results or to compare with acquisition requirements, we will cover more examples in the course.
What's included
1 video
Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the potential resulting impacts. With this information, organizations can determine the acceptable level of risk for achieving their organizational objectives and can express this as their risk tolerance. Risks affecting organizations can have consequences from economic performance impacts to professional reputation. In this course we discuss the RMF process which provides a disciplined, structured, and flexible process for managing security and privacy risk which includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. We also discuss how managing risk by identifying, assessing, and responding to risk helps organizations perform better in an environment full of uncertainty.
What's included
1 video
Cyber SCRM is the set of activities necessary to manage cybersecurity risk associated with external parties. More specifically, cyber SCRM addresses both the cybersecurity effect an organization has on external parties and the cybersecurity effect external parties have on an organization.
What's included
1 video
The core functions are a listing of categories, subcategories and informative references that describe specific cybersecurity activities common across all critical infrastructure sectors. They are not intended to form a serial path or lead to a static desired end state. Rather, the functions should be performed concurrently and continuously to form an operational culture that addresses the dynamic cybersecurity risk. This course describes the six framework core functions (Govern, Identify, Protect, Detect, Respond and Recover) and includes descriptions of categories, subcategories and informative references.
What's included
1 video
The CSF is designed to complement existing business and cybersecurity operations. It can serve as the foundation for a new cybersecurity program or a mechanism for improving an existing program. It provides a means of expressing cybersecurity requirements to business partners and customers. Additionally, it can help identify gaps in an organization’s cybersecurity practices. The course outlines the steps an organization can use to compare their current cybersecurity activities with those outlined in the CSF core through the creation of profiles to determine if it has opportunities to or needs to improve.
What's included
1 video
The CSF is designed to reduce risk by improving the management of cybersecurity risk to organizational objectives. Ideally, organizations using the Framework will be able to measure and assign values to their risk along with the cost and benefits of steps taken to reduce risk to acceptable levels. This course describes the importance of having a clear understanding of the organizational objectives, the relationship between those objectives and supportive cybersecurity outcomes, and how those discrete cybersecurity outcomes are implemented and managed to assist the organization in predicting whether a cybersecurity risk may occur, and the impact it might have.
What's included
1 video
What's included
1 video1 quiz
Instructor
Offered by
Recommended if you're interested in Security
Infosec
Infosec
Google Cloud
Why people choose Coursera for their career
Learner reviews
Showing 3 of 104
104 reviews
- 5 stars
59.82%
- 4 stars
24.10%
- 3 stars
3.57%
- 2 stars
2.67%
- 1 star
9.82%
New to Security? Start here.
Open new doors with Coursera Plus
Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription
Advance your career with an online degree
Earn a degree from world-class universities - 100% online
Join over 3,400 global companies that choose Coursera for Business
Upskill your employees to excel in the digital economy
Frequently asked questions
Access to lectures and assignments depends on your type of enrollment. If you take a course in audit mode, you will be able to see most course materials for free. To access graded assignments and to earn a Certificate, you will need to purchase the Certificate experience, during or after your audit. If you don't see the audit option:
The course may not offer an audit option. You can try a Free Trial instead, or apply for Financial Aid.
The course may offer 'Full Course, No Certificate' instead. This option lets you see all course materials, submit required assessments, and get a final grade. This also means that you will not be able to purchase a Certificate experience.
When you enroll in the course, you get access to all of the courses in the Specialization, and you earn a certificate when you complete the work. Your electronic Certificate will be added to your Accomplishments page - from there, you can print your Certificate or add it to your LinkedIn profile. If you only want to read and view the course content, you can audit the course for free.
If you subscribed, you get a 7-day free trial during which you can cancel at no penalty. After that, we don’t give refunds, but you can cancel your subscription at any time. See our full refund policy.