CYB-450

Introduction

Understanding Cybersecurity Policy and Governance

• Information Security vs. Cybersecurity Policies
• Looking at Policy Through the Ages
• Cybersecurity Policy
• Cybersecurity Policy Life Cycle
• Summary

Cybersecurity Policy Organization, Format, and Styles

• Policy Hierarchy
• Writing Style and Technique
• Policy Format
• Summary

Cybersecurity Framework

• Confidentiality, Integrity, and Availability
• NIST's Cybersecurity Framework
• Summary

Governance and Risk Management

• Understanding Cybersecurity Policies
• Cybersecurity Risk
• Summary

Asset Management and Data Loss Prevention

• Information Assets and Systems
• Information Classification
• Labeling and Handling Standards
• Information Systems Inventory
• Understanding Data Loss Prevention Technologies
• Summary

Human Resources Security

• The Employee Life Cycle
• The Importance of Employee Agreements
• The Importance of Security Education and Training
• Summary

Physical and Environmental Security

• Understanding the Secure Facility Layered Defense Model
• Protecting Equipment
• Summary

Communications and Operations Security

• Standard Operating Procedures
• Operational Change Control
• Malware Protection
• Data Replication
• Secure Messaging
• Activity Monitoring and Log Analysis
• Service Provider Oversight
• Threat Intelligence and Information Sharing
• Summary

Access Control Management

• Access Control Fundamentals
• Infrastructure Access Controls
• User Access Controls
• Summary

Information Systems Acquisition, Development, and Maintenance

• System Security Requirements
• Secure Code
• Cryptography
• Summary

Cybersecurity Incident Response

• Incident Response
• What Happened? Investigation and Evidence Handling
• Data Breach Notification Requirements
• Summary

Business Continuity Management

• Emergency Preparedness
• Business Continuity Risk Management
• The Business Continuity Plan
• Plan Testing and Maintenance
• Summary

Regulatory Compliance for Financial Institutions

• The Gramm-Leach-Bliley Act
• New York's Department of Financial Services Cybersecurity Regulation (23 NYCRR Part 500)
• What Is a Regulatory Examination?
• Personal and Corporate Identity Theft
• Summary

Regulatory Compliance for the Health-Care Sector

• The HIPAA Security Rule
• The HITECH Act and the Omnibus Rule
• Understanding the HIPAA Compliance Enforcement Process
• Summary

PCI Compliance for Merchants

• Protecting Cardholder Data
• PCI Compliance
• Summary

NIST Cybersecurity Framework

• Introducing the NIST Cybersecurity Framework Components
• The Framework Core
• Framework Implementation Tiers ("Tiers")
• NIST's Recommended Steps to Establish or Improve a Cybersecurity Program
• NIST's Cybersecurity Framework Reference Tool
• Adopting the NIST Cybersecurity Framework in Real Life
• Summary

Appendix A: Cybersecurity Program Resources