By: Braam Broodyk
May 6, 2020
NIST 800-53: Intro to Security and Privacy Controls Course Spotlight
By: Braam Broodyk
May 6, 2020
So you just landed that new gig as a Chief Information Security Officer (CISO) for a new organization, and you need to develop a roadmap to implement security controls, but which controls do you implement, and how do you prioritize? The Cybrary course NIST 800-53: Introduction to Security and Privacy Controls will provide you with an overview of the NIST 800-53 Special Publication that could assist in developing your roadmap to a Cyber resilient organization.
You should not expect to go into too much detail of all the NIST controls as the course is an introduction to NIST; however, it does contain some content that even those familiar with NIST 800-53 might benefit from. Whether you are just starting your InfoSec journey, an Information Security auditor, or an Architect needing to understand how to tie things together, you will almost certainly get some benefit from viewing this course.
In a world where you find the only constant is change, it should be expected that standards and frameworks also adapt to the changing landscape, and in few areas is this truer than in Cyber-space. Your instructor, Philip Kulp, will take you through the progression of NIST 800-53, highlighting which components were added at various revisions.
Philip not only provides an overview of the framework but also clarifies some of the requirements in plain English. He also provides helpful practitioner hints along the way. This is extremely helpful, as sometimes standards and frameworks could almost seem to be written in another language.
Like many other industries, the Cyber/Information Security space has its own set of snake-oil salespeople, trying to sell you that silver bullet that will take care of all your security woes. Without a solid framework or industry guidance, it would be easy to fall into the trap and end up spending your entire budget on that next tool that will take care of all of your worries. Instead, you can look at the guidance that organizations like NIST provide and utilize this to build your enterprise security roadmap.
Philip will provide you with an overview of the framework that you could use to build your roadmap, without going into technical detail. Tackling interesting topics ranging from statements like "Compliance not being InfoSec" (and you could actually say that having InfoSec implemented does not necessarily make you compliant), the ownership of security controls, or common/system/hybrid controls, you can be sure that you will have a broader understanding of security requirements that you would need to look into for your environment.
Packing all of this into a few modules lasting less than two hours means that you gain a solid overview, without having to spend hours or days trawling the web searching for information that could be found in one place.
You are probably aware that Cybrary also created specific career paths that help to identify appropriate courses for specific specialty areas and, should you be interested, it is good to know that the NIST 800-53: Introduction to Security and Privacy Controls course forms part of the Cybrary career path - Become a CISO.
Having a solid understanding of the frameworks and controls available to assist in protecting your environment is critical as a CISO. Therefore, it would be beneficial to utilize this course to provide you with a good understanding of NIST 800-53. In addition, the NIST 800-53 course also complements the other courses that you can expect to see if you decide to enroll in the “Become a CISO” career path as well.