top of page

NIST Cybersecurity Professional (NCSP) 800-30 Foundation Certificate

NIST Cybersecurity Professional 800-30 Foundation

Course Outline

NIST SP 800-30 equips organisations with a methodological framework to identify, analyse, and respond to risks in their information security environment.

This 2-day instructor led Foundation level course introduces participants to fundamental concepts and importance of risk assessment in the digital workplace, the structure and purpose of NIST SP 800-30 and practicalities for implementation.

This course aims to give participants both theoretical knowledge and practical skills in conducting risk assessments according to NIST SP 800-30 guidelines.

Course Modules

Day 1

Welcome & Course Introduction

  • Objectives of the course

  • Importance of risk assessment in cybersecurity

Introduction to NIST SP 800-30

  • Background and purpose of NIST SP 800-30

  • Overview of NIST SP 800-30 structure and key updates

Understanding Risk Assessment Concepts

  • Fundamental Concepts

    • Definitions: Risk, Threat, Vulnerability, Impact, Likelihood

    • Risk Assessment vs. Risk Management

  • The Risk Assessment Process

    • Overview of the three steps:

      • Step 1 - Prepare for Assessment

      • Step 2 - Conduct Assessment

      • Step 3 - Communicate Results

 

Day 1 Summary and Close

Day 2

Step 1: Prepare for Assessment

  • Preparation Activities

    • Identifying the scope, purpose, and objectives of the risk assessment

    • Determining risk model, approach, and methodology

    • Importance of information gathering (system characterisation, threat sources)

​​

Step 2: Conduct Assessment

  • Threat Identification

    • Sources of threats, threat events

  • Vulnerability Identification

    • Common methods to identify vulnerabilities

  • Determining Likelihood and Impact

    • How to assess likelihood of threat occurrence and potential impact

    • Using qualitative vs. quantitative analysis

  • Risk Determination

    • Calculating or evaluating risk levels

 

Step 3: Communicate Results

  • Documentation and Reporting

    • How to document findings

    • Preparing a risk assessment report

  • Risk Communication

    • Strategies for communicating risk to stakeholders

    • Tailoring risk information to different audiences

 

Integration with Other Frameworks

  • How NIST SP 800-30 fits with other NIST publications (e.g. SP 800-53)

    • Crosswalk to UK NCSC Risk Management Framework

    • Crosswalk to ISO 31000 Risk Management Guidance

  • Continuous Improvement

Course Summary and Close

Learning Outcomes

On completion of the NIST Cybersecurity Professional® (NCSP®) 800-30 Foundation Certificate participants will be able to:

  • Understand the principles of risk assessment based on NIST SP 800-30

  • Explain the steps involved in the NIST SP 800-30 approach

  • Understand how RA integrates with with organisational processes and improves decision making

  • Apply the NIST SP 800-30 RA approach in real-world scenarios for enhancing system security and privacy

Target Audience and Pre-requisites

This course would be particularly beneficial for those who are or will be directly involved in the implementation, assessment, or authorisation of information systems, those who need to ensure that their organisation's practices align with best practice for security and privacy and those with a stake in cybersecurity, privacy, governance, and compliance.

 

There are no prerequisites for this Foundation level course. The course is suitable for all employees at all levels.

 

Participants are provided with:

  • NIST Cybersecurity Professional® (NCSP®) 800-30 Foundation Certificate courseware including links to further reading and resources

  • NIST Cybersecurity Professional® (NCSP®) 800-30 Foundation Certificate Certificate of Completion

  • NIST Cybersecurity Professional® (NCSP®) 800-30 Foundation Certificate digital badge

Further reading

NIST SP 800-30, - Guide for Conducting Risk Assessments

bottom of page