UMass Lowell’s Cybersecurity Program Builds on CIS Controls

This course builds on the NIST Framework Basics course by providing students with the knowledge, skills, and ability to design, build and manage a NIST-compliant corporate cybersecurity program. Topics covered include:

• Basic cyber threat landscape
• Cyberattack chains
• Common vulnerabilities
• Risk and control frameworks
• Enterprise assets and identities
• Technical and business controls
• Testing and assurance
• Security technologies and operations
• Business management
• Security policies and risk management principles

Who it’s for? If you are ready to design a cybersecurity program for your organization based on the NIST Cybersecurity Framework or CIS Controls, this course is for you.

Alignment with the CIS Controls: The NIST Cyber Factory course includes two lessons that focus on the CIS Controls (V7). The first lesson includes a detailed description of the 20 CIS Controls and Sub-Controls. The second lesson includes a blueprint for applying the CIS Controls to a corporate cybersecurity program, a method for conducting a risk assessment, developing an executive scorecard, and building a program roadmap.

3. NIST Cyber Labs – Advanced

This lab- and exercise-based course provides participants with real-world solutions they can put into practice today in a production environment. The labs are designed, built and delivered in an easily consumable, practical and relevant format, providing lessons which can be applied to a working Information Technology (IT) and/or Operational Technology (OT) environment. The goal of each lab is to improve an organization’s cybersecurity profile in a measurable way. Each lab is aligned with the NIST Cybersecurity Framework as well as common security controls and industry best practices.

Who it for? If you are ready to explore how the NIST Framework will operate in a synthetic environment, this course is for you. Participants can choose one of three specific career areas: engineering, technology or business.

Alignment with the CIS Controls: Each UMass Lowell Cyber Lab is aligned with the NIST Cybersecurity Framework as well as common security controls and industry best practices including the CIS Controls.

Education for the Future

Through various courses, UMass Lowell helps organizations establish a high-level strategy and approach for developing and implementing a cybersecurity program. The course describes the components and functional requirements of the NIST Cybersecurity Framework. Students will learn engineering, technical and management capabilities for designing, implementing, operating, maintaining and managing a NIST-compliant cybersecurity program. Combined with education on the CIS Controls best practices, students can walk away prepared to protect systems and data against cyber attacks.

About the Author

Larry Wilson, the developer of the three courses, is a cybersecurity professional with 15+ years in cybersecurity engineering, design, technology, operations, program development, and management. His primary expertise relates to helping organizations design and build a comprehensive cybersecurity program based on the NIST Cybersecurity Framework. As the former Chief Information Security Officer (CISO) in the University of Massachusetts President’s Office, Larry was responsible for developing, implementing and managing the University of Massachusetts Information Security Policy and Written Information Security Program (WISP). The University’s program is based on an “NCSF Controls Factory™” approach that Larry created to help organizations operationalize the NIST Cybersecurity Framework and industry best practices (ISO 27001, CIS Controls, etc.) across an enterprise and its supply chain. This approach has been implemented consistently across all five UMass campuses, as well as at six other universities in Massachusetts.