Course Overview
This two-day course provides participants with a practical understanding of cybersecurity risk management principles and the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF 2.0). Participants will learn how to identify, assess, manage, and mitigate cyber risks while aligning cybersecurity activities with organizational objectives. The course combines theory, case studies, and hands-on exercises to help organizations establish a risk-based cybersecurity program.
Learning Objectives
By the end of the course, participants will be able to:
· Understand cybersecurity threats and organizational risks.
· Apply cybersecurity risk management principles.
· Understand the structure and implementation of NIST CSF 2.0.
· Conduct basic cyber risk assessments.
· Develop risk treatment and mitigation strategies.
· Map organizational cybersecurity practices to the NIST CSF.
· Create a roadmap for improving cybersecurity maturity.
Day 1: Cybersecurity Risk Management Fundamentals
Module 1: Cybersecurity Landscape
· Current cyber threat landscape
· Types of cyber attacks
· Emerging cyber risks
· Cybersecurity trends
· Industry case studies
Module 2: Cybersecurity Risk Management
· Information security principles
· Risk concepts and terminology
· Threats, vulnerabilities and impacts
· Risk appetite and tolerance
· Risk governance
Module 3: Risk Assessment Process
· Asset identification
· Threat identification
· Vulnerability assessment
· Risk analysis
· Qualitative vs quantitative risk assessment
· Risk prioritization
Module 4: Risk Treatment
· Risk mitigation
· Risk avoidance
· Risk transfer
· Risk acceptance
· Security controls
Practical Exercise
· Conducting a simple cybersecurity risk assessment
· Identifying risks and proposing mitigation controls
Day 2: NIST Cybersecurity Framework (CSF 2.0)
Module 5: Introduction to NIST CSF
· Background and evolution
· Benefits of NIST CSF
· CSF 2.0 updates
· Framework architecture
· Profiles and Implementation Tiers
Module 6: The Six CSF Functions
Govern
· Cybersecurity governance
· Policies
· Roles and responsibilities
· Risk oversight
Identify
· Asset management
· Business environment
· Risk assessment
· Supply chain risk management
Protect
· Identity and access management
· Awareness and training
· Data security
· Protective technologies
Detect
· Continuous monitoring
· Security monitoring
· Anomaly detection
· Event logging
Respond
· Incident response planning
· Communications
· Analysis
· Containment
· Recovery planning
Recover
· Recovery planning
· Business continuity
· Lessons learned
· Continuous improvement
Module 7: Implementing NIST CSF
· Developing Current and Target Profiles
· Gap analysis
· Prioritizing improvements
· Measuring cybersecurity maturity
· Integrating with enterprise risk management
Case Study & Workshop
· Mapping organizational controls to NIST CSF
· Building a cybersecurity improvement roadmap
Practical Activities
· Cyber risk assessment workshop
· Risk register development
· NIST CSF profile creation
· Cyber incident tabletop exercise
· Group discussions and case studies
Target Audience
· IT Managers
· Information Security Officers
· Risk Managers
· Internal Auditors
· Compliance Professionals
· Government Officials
· Critical Infrastructure Personnel
· Business Continuity Managers
· Senior Executives responsible for cybersecurity governance
Speaker Profile: Sanjay Gore is an experienced GRC professional, consultant, auditor, and corporate trainer with over 20 years of expertise in Information Security, Risk Management, Privacy, Business Continuity, and Artificial Intelligence Governance. He has delivered consulting and training assignments across India, Rwanda, Saudi Arabia, and Qatar, specializing in ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 42001, ISO 31000, NIST frameworks, PCI DSS, GDPR, HIPAA, and AI governance.
He holds globally recognized credentials including CISA, CRISC, CDPSE, CRMA, ISO/IEC 27001 Lead Auditor, and ISO/IEC 42001 Lead Auditor, and is an approved trainer for PECB, Bureau Veritas, TRECCERT, and Alvin Integrated. He has successfully trained professionals across industries in lead auditor programs, implementation courses, internal auditor training, AI governance, privacy management, and certification exam preparation. His programs emphasize practical implementation through real-world case studies, hands-on activities, and interactive workshops, enabling participants to apply concepts immediately within their organizations.


