Cyber Security addresses cyber threats to an organizations systems, networks, and data by focusing

on critical electronic data processes, signal processing, risk analytics and information system security
engineering. A comprehensive Cyber Security should be included in enterprise strategy to reduce the
risk of attacks and ensure that any loss of business is minimal and short-lived.
This 3-day course provides students with guidance of planning Cyber Security creation based on
Cyber Security Frameworks. After completing this course, students will be able to

=================

Cybersecurity is the body of technologies, processes, and practices

designed to protect networks, computers, and data from attack,
damage, and unauthorized access. Cybersecurity training teaches
professionals to spot vulnerabilities, fend off attacks, and
immediately respond to emergencies.

Cybersecurity addresses both internal and external threats to an organizations digital

information assets by focusing on critical electronic data processes, signal processing,
risk analytics and information system security engineering.

A crisis communications plan should be included in your communications strategy. See the
crisis management page for information and tips on

Cyber Security Framework is a set of industry standards and best practices to protect everything
from systems, networks, and data in cyberspace, and help organizations manage Cyber Security risks.
Organizations that adopt the Cyber Security Framework will be better to determine the appropriate
level of security protections required, ensuring efficient utilization of security budgets.

Here's what your business plan should contain, how long it should be
and what itshould look like.

A comprehensive cybersecurity plan needs to focus on three key areas:

Prevention: Solutions, policies and procedures need to be identified to

reduce the risk of attacks.
Resolution: In the event of a computer security breach, plans and
procedures need to be in place to determine the resources that will be
used to remedy a threat.

Restitution: Companies need to be prepared to address the repercussions

of a security threat with their employees and customers to ensure that any
loss of trust or business is minimal and short-lived.

This planning guide is designed to meet the specific needs of your company, using the FCCs
customizable Small Biz Cyber Planner tool. The tool is designed for businesses that lack the resources
to hire dedicated staff to protect their business, information and customers from cyber threats.

This document provides practical security best practices and controls designed to help an electric
cooperative improve the security posture of its smart grid. There is a large volume of guidance from
organizations such as the National Institute of Standards and Technology (NIST), North American
Electric Reliability Corporation (NERC), Provide PIs and managers of NSF CI Projects with a basic
 understanding of risk--based cybersecurity programs, and guidance on managing their creaJon,
evaluaJon and ongoing maintenance.

This 3-day course provides students with guidance of planning Cyber Security creation based on
Cyber Security Frameworks. After completing this course, students will be able to

The course is ideal for:

Anyone needing a robust introduction to Cyber Security
Anyone planning to work in a position that requires cyber security knowledge
Anyone starting a career in Information / Cyber security
IT professionals wanting to transition their career into Cyber Security
Anyone with information / cyber security responsibilities
Anyone who has learned on the job but who would benefit from a formal presentation to
consolidate their knowledge
Professionals familiar with basic IT and information security concepts and who need to
round out their knowledge
NIST CYBER SECURITY FRAMEWORK
Overview of Cyber Risk Framework Core Cybersecurity Functions Framework Functional Categories Assessment
of Critical Functions Framework Tiers & Profiles Alignment with Other Standards Applying the Framework
Implementation Benefits & Challenges Available Tools
CYBERSECURITY PLAN COMPONENTS
Key Components of a Cyber Security Program Defining Roles and Responsibilities Planning Administrative,
Technical, and Physical Controls Creating Policies and Procedures Performing Regular Risk Assessment
BUILDING A RISK MANAGEMENT PROGRAM
Defining the System Cyber Asset Identification and Classification Identifying Critical Cyber Assets Classifying
Cyber Assets Identifying the Electronic Security Perimeter (ESP) Protecting Cyber Assets Conducting a Vulnerability
Assessment Assessing and Mitigating Risks Assessing Impact and Risk Levels Mitigating Risks with Security
Controls Evaluating and Monitoring Control Effectiveness
ADDRESSING PEOPLE AND POLICY SECURITY RISKS
Security Policy Elements Security-Related Roles and Responsibilities Policy Implementation and Enforcement Policy
Exceptions Security Awareness and Training Due Diligence in Hiring Identity Management and Access Privileges
Information Sharing within the Organization
ADDRESSING PROCESS RISKS
Operational Risks Insecure Software Development Life Cycle (SDLC) Risks Physical Security Risks Third-Party
Relationship Risks Network Risks Platform Risks Application Layer Risks

INCIDENT RESPONSE TEAMS

General Incident Response Preparation Forming an Incident Response (IR) Team Internal IR Team Coordination &
Communications Securing Communications
LOG MANAGEMENT POLICIES AND PROCEDURES
Log Capture Log Retention and Storage Log Protection Log Analysis Tools/Services Attack Motivations Other
Common Incident Alerts