Infosec

NIST CSF

6,494 already enrolled

Gain insight into a topic and learn the fundamentals.
4.2

(104 reviews)

3 hours to complete
3 weeks at 1 hour a week
Flexible schedule
Learn at your own pace
Gain insight into a topic and learn the fundamentals.
4.2

(104 reviews)

3 hours to complete
3 weeks at 1 hour a week
Flexible schedule
Learn at your own pace

Details to know

Shareable certificate

Add to your LinkedIn profile

Assessments

1 quiz

Taught in English

See how employees at top companies are mastering in-demand skills

Placeholder

Build your subject-matter expertise

This course is part of the Cybersecurity Risk Management Framework Specialization
When you enroll in this course, you'll also be enrolled in this Specialization.
  • Learn new concepts from industry experts
  • Gain a foundational understanding of a subject or tool
  • Develop job-relevant skills with hands-on projects
  • Earn a shareable career certificate
Placeholder
Placeholder

Earn a career certificate

Add this credential to your LinkedIn profile, resume, or CV

Share it on social media and in your performance review

Placeholder

There are 10 modules in this course

This video introduces the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) 2.0 for improving critical infrastructure cybersecurity.

What's included

1 video

The NIST CSF contains terminology and concepts that may be expressed in specific ways to include perspectives and usages that may be unique to the framework implementation and different from what you are used to dealing with in your normal operations. You must have a basic understanding of security fundamentals used throughout the industry. For instance, the familiar CIA triad will be mentioned extensively throughout our courses. Additionally, there are some aspects of the framework that are contained throughout all discussion of the topics in this course. We’re introducing them here, they include: Cybersecurity & Information Security, Drivers of Business & Environments, and Cybersecurity Fundamentals. These concepts will be included in various discussions throughout all modules of this course, and you should become familiar with them.

What's included

4 videos

The NIST CSF, because it is a risk-based approach for managing cybersecurity risk, is composed of three parts: the Framework Core with its four areas and five processes, the four Framework Implementation Tiers and its programs and processes, and the Framework Profiles, goals, types and levels. Each Framework component reinforces the connection between business and mission drivers and cybersecurity activities.

What's included

1 video

The NIST CSF provides a common language to communicate requirements among interdependent stakeholders responsible for the delivery of essential critical infrastructure products and services. For example, an organization may use a target profile to express cybersecurity risk management requirements to an external service provider (e.g., a cloud provider to which it is exporting data). In addition, an organization may express its cybersecurity state through a current profile to report results or to compare with acquisition requirements, we will cover more examples in the course.

What's included

1 video

Risk management is the ongoing process of identifying, assessing, and responding to risk. To manage risk, organizations should understand the likelihood that an event will occur and the potential resulting impacts. With this information, organizations can determine the acceptable level of risk for achieving their organizational objectives and can express this as their risk tolerance. Risks affecting organizations can have consequences from economic performance impacts to professional reputation. In this course we discuss the RMF process which provides a disciplined, structured, and flexible process for managing security and privacy risk which includes information security categorization; control selection, implementation, and assessment; system and common control authorizations; and continuous monitoring. We also discuss how managing risk by identifying, assessing, and responding to risk helps organizations perform better in an environment full of uncertainty.

What's included

1 video

Cyber SCRM is the set of activities necessary to manage cybersecurity risk associated with external parties. More specifically, cyber SCRM addresses both the cybersecurity effect an organization has on external parties and the cybersecurity effect external parties have on an organization.

What's included

1 video

The core functions are a listing of categories, subcategories and informative references that describe specific cybersecurity activities common across all critical infrastructure sectors. They are not intended to form a serial path or lead to a static desired end state. Rather, the functions should be performed concurrently and continuously to form an operational culture that addresses the dynamic cybersecurity risk. This course describes the six framework core functions (Govern, Identify, Protect, Detect, Respond and Recover) and includes descriptions of categories, subcategories and informative references.

What's included

1 video

The CSF is designed to complement existing business and cybersecurity operations. It can serve as the foundation for a new cybersecurity program or a mechanism for improving an existing program. It provides a means of expressing cybersecurity requirements to business partners and customers. Additionally, it can help identify gaps in an organization’s cybersecurity practices. The course outlines the steps an organization can use to compare their current cybersecurity activities with those outlined in the CSF core through the creation of profiles to determine if it has opportunities to or needs to improve.

What's included

1 video

The CSF is designed to reduce risk by improving the management of cybersecurity risk to organizational objectives. Ideally, organizations using the Framework will be able to measure and assign values to their risk along with the cost and benefits of steps taken to reduce risk to acceptable levels. This course describes the importance of having a clear understanding of the organizational objectives, the relationship between those objectives and supportive cybersecurity outcomes, and how those discrete cybersecurity outcomes are implemented and managed to assist the organization in predicting whether a cybersecurity risk may occur, and the impact it might have.

What's included

1 video

What's included

1 video1 quiz

Instructor

Instructor ratings
3.6 (38 ratings)
Ross Casanova
Infosec
3 Courses8,580 learners

Offered by

Infosec

Recommended if you're interested in Security

Why people choose Coursera for their career

Felipe M.
Learner since 2018
"To be able to take courses at my own pace and rhythm has been an amazing experience. I can learn whenever it fits my schedule and mood."
Jennifer J.
Learner since 2020
"I directly applied the concepts and skills I learned from my courses to an exciting new project at work."
Larry W.
Learner since 2021
"When I need courses on topics that my university doesn't offer, Coursera is one of the best places to go."
Chaitanya A.
"Learning isn't just about being better at your job: it's so much more than that. Coursera allows me to learn without limits."

Learner reviews

Showing 3 of 104

4.2

104 reviews

  • 5 stars

    59.82%

  • 4 stars

    24.10%

  • 3 stars

    3.57%

  • 2 stars

    2.67%

  • 1 star

    9.82%

JS
4

Reviewed on May 4, 2022

EO
4

Reviewed on Nov 13, 2023

RN
5

Reviewed on Mar 22, 2024

New to Security? Start here.

Placeholder

Open new doors with Coursera Plus

Unlimited access to 7,000+ world-class courses, hands-on projects, and job-ready certificate programs - all included in your subscription

Advance your career with an online degree

Earn a degree from world-class universities - 100% online

Join over 3,400 global companies that choose Coursera for Business

Upskill your employees to excel in the digital economy

Frequently asked questions