Getting Started
In this course, you will learn the process of building a cybersecurity program while building a program from the ground up in the real world. It includes practical examples and exercises to help you understand the process.
Note
We will not cover the basics of cybersecurity in this course. See the Fundamentals of Cybersecurity course if you want to start from the beginning.Audience
This course is best suited to those who have a basic understanding of cybersecurity and want to learn how to build a cybersecurity program from the ground up for their organization. The examples provided are focused in startups, but the principles can be applied to any organization.
Roles who may benefit from this course include:
- Cybersecurity professionals
- Risk managers
- Business and executive leaders
- IT professionals
- Compliance officers
- Security professionals
- Privacy professionals
Prerequisites
It is suggested that you have a basic understanding of cybersecurity and risk management before taking this course.
Need the learn the fundementals?
The Fundamentals of Cybersecurity course is a good place to start if you are starting from zero.What You Will Learn
This course follows the NIST Cybersecurity Framework 2.0 structure with practical implementation guidance:
Phase 1: Foundations
- Why Cybersecurity Matters for Startups
- Building Your Security Team & Culture
- Governance & Strategy Fundamentals
Phase 2: NIST CSF 2.0 Implementation
GOVERN Function
- Organizational Context (GV.OC)
- Risk Management Strategy (GV.RM)
- Supply Chain Risk Management (GV.SC)
- Roles, Responsibilities & Authorities (GV.RR)
- Policy (GV.PO)
IDENTIFY Function
- Asset Management (ID.AM)
- Business Environment (ID.BE)
- Governance (ID.GV)
- Risk Assessment (ID.RA)
- Risk Management Strategy (ID.RM)
- Improvement (ID.IM)
PROTECT Function
- Identity Management & Access Control (PR.AA)
- Awareness & Training (PR.AT)
- Data Security (PR.DS)
- Information Protection Processes (PR.IP)
- Maintenance (PR.MA)
- Protective Technology (PR.PT)
DETECT Function
- Anomalies & Events (DE.AE)
- Continuous Monitoring (DE.CM)
- Detection Processes (DE.DP)
RESPOND Function
- Response Planning (RS.RP)
- Communications (RS.CO)
- Analysis, Mitigation & Improvements (RS.AN)
RECOVER Function
- Recovery Planning & Implementation (RC.RP)
- Communications (RC.CO)
Assessment & Conclusion
- NIST CSF 2.0 Implementation Quiz
- Course Conclusion & Next Steps
How to Use This Course
Self-Paced Learning: This course is designed to be a self-paced learning experience. You can take the course in any order you want. However, we recommend that you follow the order of the sections as the content is designed to build on itself. This is a comprehensive course and it is likely that you will not be able to complete the course in one session. You will likely need to come back multiple times to complete the course and return to fully understand the content.
Exercises: Throughout the course, you will find exercises to help you understand the content. These exercises are required to complete the course as you will build out your own cybersecurity program by following the steps outlined in the course. Each exercise results in a component of your program, and these components work together to establish capability, traceability, reporting, and improvement.
Quizzes: At the end of each section, you will find a quiz to test your knowledge. The quiz is optional and is not required to complete the course, however it is recommended to complete the quiz to ensure you have a good understanding of the content.
Let’s get started!
