The course assumes successful completion of the COBIT 5 Foundation Exam together with a basic knowledge of security concepts.
Individuals who have a basic understanding of both COBIT5 and security concepts, and who are involved in improving the cybersecurity program for outside organisations or their own organisation.
The NIST Framework for Improving Critical Infrastructure Cybersecurity (CSF) has become a reference for executives and upper management in many critical infrastructure sectors, creating a lexicon to frame the discussion of risk management. However, even with this reference, many organisations struggle to close the gap among risk tolerance, business objectives and cybersecurity efforts.
This new course on Implementing NIST Cybersecurity Framework Using COBIT 5 course will equip managers with the skills to frame real-world, technical cybersecurity projects in risk management terms that executives can understand and use to make and justify business decisions. Based on a guidance developed by ISACA, the course is focused on the Cybersecurity Framework (CSF), its goals, the implementation steps and the ability to apply this information. The course and exam are for individuals who have a basic understanding of both COBIT 5 and security concepts, and who are involved in improving the cybersecurity program for their enterprises.
Background</>
In 2013, US President Obama issued Executive Order (EO) 13636, Improving Critical Infrastructure Cybersecurity, which called for the development of a voluntary risk-based cybersecurity framework that is “prioritized, flexible, repeatable, performance-based, and cost-effective.”
The Cybersecurity Framework (CSF) was developed through an international partnership of small and large organisations, including owners and operators of the nation’s critical infrastructure, with leadership by the National Institute of Standards and Technology (NIST). ISACA participated in the CSF’s development and helped embed key principles from the COBIT framework into the industry-led effort. As part of the knowledge, tools and guidance provided through its Cybersecurity Nexus (CSX)™ program, ISACA has developed a guide on Implementing NIST Cybersecurity Framework Using COBIT 5. This course is based on this guidance.
A good appreciation of the technical aspects of ICT. Students who have taken and passed the Certificate in Information Security Management Principles (ClSMP} are best placed to being on the security architecture track, especially if they have at least one year’s experience in an active security management role.
At the end of each module an assessment is undertaken to determine understanding of the information covered in that module. At the end of the course an on-line examination enables the student to obtain the CASA qualification (Certificate in Advanced Security Architecture}.
This module covers similar material to Module 2 of the SASP (Solution Architecture Security Practitioner) course. Key topics covered include the role of the Security Architect, Security Design Principles, and Conceptual Architectures. The module addresses the skills, especially the soft skills, an SA must possess.
This module builds on the Module 1, laying down the next level of detail for a variety of architectural concepts. It starts by describing security mechanisms such as cryptographic mechanisms. It then goes on to describe a wide range of security services. Finally the module describes how the security services can be applied within a system and how design patterns are an important tool for a SA.
This module goes into the various methodologies and techniques that can be used to assure the implementation of a system or a product. This includes the purpose of vulnerability and penetration testing.
This module explains how security can drive change and improve business functions when done properly. Different business scenarios and sectors can drive a wide variety of security architecture innovations and changes and it’s important that the accomplished security architect has a good understanding of business practices, such as mergers, outsourcing and SaaS solutions.
Key topics covered include:
This final module introduces the Security Architect to the various security concerns and considerations when embarking on a new development project all the way to in-service support. It pulls together many of the previous points in the course. This module looks at auditing and traceability of solutions, building systems using COTS or bespoke code (and the complications of each choice), some aspects related to the business matters needing consideration when embarking on a secure development programme, and how systems are accepted as fit for purpose and put into an operational capacity.
This final module will prepare the student for the PCiIAA or the CrTSA examinations conducted by BCS or CrEST.
This is the first course of its kind that covers the essential knowledge and skills needed to design, build and implement a secure system. It also leads to an internationally recognised professional certificate in Information Assurance Architecture governed by the British Computer Society (BCS).