Cybersecurity Foundations and Frameworks
In our volatile digital world, the cyber threats you don’t know about are the most dangerous ones there are. Cybersecurity Foundations and Frameworks teaches you to assess where your organization sits amid the cyber threat landscape and to identify risks, threats and vulnerabilities associated with your industry. Through practical learning scenarios rooted in real-world examples, this cybersecurity course teaches you to prioritize the most effective elements of security frameworks for your organization and to manage cybersecurity frameworks within the context of industry compliance regulations.
Installment payments are now available on all course purchases!
No Mandatory Login Times
4-6 Hours of Work per Module
Your Subject Matter Expert:
Jeffrey Groman, CISSP
"You’re not sure if the hooded hacker goblins actually exist, but you’ve read about too many breaches in recent years to dismiss them entirely. This course will help you separate fact from fiction."
This foundational cybersecurity course is designed to provide you with a breadth of practical knowledge about the cybersecurity risks businesses typically face today and strategies for identifying and mitigating those risks. Learn how to work closely and strategize with the technical members of your team to ensure your company is proactive toward and protected against any threat that may arise.
Module 1: The Threat Landscape
Examine the historical and contemporary evolution of cybersecurity. Differentiate between the types of risks and threats associated with various organizations and industries. Identify the key characteristics of internet of things (IoT) devices and discuss how the scope of risk your business faces is impacted by IoT. Assess the need for increased cybersecurity to protect data and assets and describe how you would respond to a security threat.
Module 2: Types of Attacks and Cybersecurity Risks
Evaluate your existing knowledge regarding the types of cyber attacks. Define how attackers infiltrate and weaken common security systems and technologies. Analyze the risk of attacks in the day-to-day operations of various organizations and industries. Differentiate among different cyber attacks and their characteristics.
Module 3: Countermeasures and Security Functions
Critique poor security measures and the potential consequences of unsecured and unprotected data. List and define the ingredients of strong security measures, including people, processes and technology. Differentiate between the types of security roles and functions and where they live in the IT space. Define and explain how prevention and detection relate to security functions.
Module 4: Identifying Cyber Threats and the Attack Life Cycle
Identify each stage of the attack life cycle. List the key signs and symptoms of a cyber attack using your knowledge of the types of cyber threats. Assess the tactics, techniques and procedures (TTPs) of cyber attackers and threats. Match the different stages of the attack life cycle to attacker behaviors. Discuss how to detect a cyber attack occurrence based on the attack life cycle.
Module 5: Attacker Motivations and the Threats Your Organization Faces
Determine the threat landscape across different organizations and industries. Adopt the mindset of an attacker through a scenario-based role-playing activity. Analyze attacker decisions, goals and challenges in determining victims and attacker methods. Predict which organizational assets are most valuable to attackers.
Module 6: The NIST Cybersecurity Framework
Organize the NIST Cybersecurity Framework and its functions. Discern how the Federal Financial Institutions Examination Council (FFIEC) is built upon NIST. Identify and prioritize functions inside the security framework that are most critical and relevant to your industry. Facilitate improvements or changes to security based on the NIST Cybersecurity Framework. Match the NIST Cybersecurity Framework functions to their requirements and associated components. Apply the NIST Cybersecurity Framework to help strengthen general security infrastructure in a scenario.
Module 7: The Legal and Compliance Aspects of Cybersecurity
Review how confidentiality has been a focus of cybersecurity legal frameworks. Name ways that cybersecurity laws are used to protect individual privacy and national security. List the steps you would take to minimize risks of a breach on private and confidential personal records. Determine which laws apply to security and confidentiality situations. Discuss the legal repercussions for and responsibilities of organizations in the event of a data breach.
Module 8: Cybersecurity and Your Organization
Apply knowledge of your organization to assess security gaps and vulnerabilities. Summarize the main types of risks associated with your industry and the strategies for mitigating them. List defensive measures you can take for responding to a cyber incident. Develop a strategy for inventorying your company's technologies and digital assets. Discuss why organizations should prioritize cybersecurity and measures to prevent and detect threats.
Windows Enterprise Incident Response
What does crime scene investigation look like if the scene is virtual? This Mandiant course teaches the fundamental investigative techniques you need to...
Network Traffic Analysis
This Mandiant course provides hands-on, tactical experience with network protocols, network architecture, intrusion detection systems, network traffic capture and traffic analysis. Reinforce technical...
Cybersecurity Risks and Industry
You might know everything you can about the cyber threat landscape, but do you have a plan of action to utilize that knowledge?...
What cyber threats might your company realistically face today? How will you orchestrate the resources at your disposal to defend against them? Cybersecurity Cases teaches...
Thrown in the deep end of cybersecurity without sufficient training? This Mandiant course introduces students to foundational elements of cybersecurity programs, including security...
Jeffrey Groman, CISSP
Jeffrey Groman, founder of Groman Consulting Group, is dedicated to helping organizations identify and resolve their greatest cybersecurity risks. Mr. Groman has worked in the security field for more than 20 years. As a cybersecurity consultant, he has guided major corporations, including banks, insurance companies and software providers through risk prevention and rapid response to incidents and security breaches.
Mr. Groman is certified in forensic analysis and application security, and previously worked with Mandiant Security Consulting Services and FireEye, providing strategic and incident response consulting to security teams and educating executives through delivery of SOC assessments. In these roles, Mr. Groman led a team of consultants and functional experts in working with a wide range of clients across multiple verticals, including NYC Health and Hospitals, Blue Cross Blue Shield Association, Ameriprise Financial, American Express, Ally, Huntington National Bank, Eaton, Caterpillar, DST Systems, Sprint and TransAmerica.
Mr. Groman is passionate about cybersecurity and partnering with clients to find solutions to complex issues. His book “Avoid These 11 Pitfalls and Minimize the Pain of Your Next Data Breach” is designed to help organizations learn from his decades of real-world experience. He has presented at Information Systems Security Association (ISSA) International, NetSecure, and Infragard conferences; briefed boards of directors; conducted tabletop exercises and workshops; and helped clients build security processes to be better prepared for the inevitable.
Mr. Groman has a BS in Electrical and Computer Engineering from the University of Colorado, Boulder.