Foundation Course

What is it?

The Foundation Course is a 1 day course. It will provide attendees with the knowledge and ability to take the associated exam and gain an internationally recognised qualification in identifying, assessing and managing security threats in organisations of every level.

Key Learning Points:

  • How an organisation can use the Framework as a key part of its systematic process for identifying,
    assessing and managing cybersecurity risk
  • Understand the cybersecurity Controls Factory™ Model (CFM)
  • The 3 parts which make up the Framework i.e. the Core, the Implementation Tiers and the Profiles.


There are no prerequisites for the NIST training. The Foundation course aims to provide an introductory overview of the NCSF and is suitable for delegates of all levels.

Target Audience

The NIST Certificate at foundation level is most suitable for:

  • Delegates looking to start a career in cybersecurity
  • IT and network engineers interested in understanding the basics of implementing a framework in line
    with best practice
  • Operations, business risk and compliance professionals seeking a better understanding of the context of cybersecurity issues and the various influencing factors
  • IT and cybersecurity specialists looking for a wider understanding of the industry and how best to align
    with the established best practice framework
  • Business professionals looking to gain a greater understanding of how to implement cyber security
    practices across their organisation.

Course Outline

The Foundation Course introduces the 3 main parts of the NCSF; the Framework Core, the Framework Implementation Tiers and the Framework Profiles and is comprised a series of sections as follows:

Course Introduction: Information on the course and content, including information on the nature and scope of the exam.

Doing Business in the Danger Zone: Contextualises the cybersecurity landscape, identifying common threats and how organisations can start to address the question, ‘Are we secure?’.

Risk-based Assessment: Discussion on the process of identifying assessing and tackling risks. Managing risks involves identifying the likelihood of events occurring and planning responses to the resulting business impact. Understanding how to carry out risk assessment enables organisations to identify an acceptable level of risk tolerance.

The NCSF Fundamentals: A deeper analysis of each of the three parts of the Framework; the Core, the Implementation Tiers and the Profiles. Delegates will learn how these sections demonstrate the relationship between business drivers and cybersecurity processes.

Cybersecurity Controls Factory Model: An examination of the Centre for Internet Security (CIS) 20 Critical Security Controls© established in the Controls Factory Model (CFM) as they relate to the NCSF.

Cybersecurity Improvement: The final module provides a 7-step approach for the implementation and improvement of the NCSF for any organisation.

Attendees who undertake and complete the training will be able to apply for the relevant NCSF Certification exam.

Exam Format

  • 40 multiple-choice questions
  • 60-minute exam
  • Pass mark: 60% (24 marks)
  • Closed book

This NIST Cyber Security Professional (NCSP) Foundation course is provided in partnership with CySec Professionals Ltd, an APMG-International Accredited Training Organisation