Practitioner Course

What is it?

The 4-day Practitioner course introduces the ‘Controls Factory’ as a conceptual model that represents
a system of controls used to protect critical assets, by transforming assets from an unmanaged state to
a managed state. Delegates will have the opportunity to gain an internationally recognised qualification
and apply for CPE, PDU and CEU continuing education credits from PMI, ISACA, CompTIA and other
professional certification bodies.

The Controls Factory Model (CFM) has three focus areas; the engineering centre, the technology
centre and the business centre. The course includes a deep dive of these three areas.

The engineering centre includes threats and vulnerabilities, assets and identities, and the controls
framework.  It uses the Lockheed Martin Cyber Kill Chain© to model threats and examines both
technical and business vulnerabilities to understand potential areas of exposure.

In terms of assets, endpoints, networks, applications, systems, databases and information assets
are considered. In terms of identities, the course considers business and technical identities, roles
and permissions, with NCSF as the central, overarching framework.

The technology centre includes technical controls based on the CIS 20 Critical Security Controls©
and looks at technology implementation through security product solutions and services; Information
Security Continuous Monitoring (ISCM) capability through people, process and technology; and
technical controls testing and assurance based on the Payment Card Industry Data Security Standard
(PCI DSS) standard. The goal here is to understand how to design, build and maintain a technology
focused security system.

The business centre includes the key business / people-oriented controls based on ISO 27002:2013
Code of Practice; implementation (via program, policy and governance); and workforce development,
testing and assurance based on the AICPA Cyber-risk Management Framework. The goal here is to
understand how to build a security governance capability that focuses on employees / contractors,
management and executives.

Finally, the course addresses outcomes which include both a cybersecurity (technology based) and
cyber-risk (business based) scorecard and roadmap.

Key Learning Points:

  • Understand cybersecurity risks and the best approach to design and build a comprehensive
    technology focused cybersecurity program
  • How to build a business focused cyber-risk management program that will minimise risks,
    whilst protecting critical assets.


This course assumes the delegate has successfully taken and passed the NCSF Foundation Certificate
training course and associated exam.

Target Audience

In essence, anyone wanting to further their knowledge of the NCSF and understand how to effectively
and practically implement it:

  • IT and network engineers
  • Operations, business risk, consultants and compliance professionals
  • IT and cybersecurity specialists including developers, pen testers, and auditors
  • Information security managers, cybersecurity managers, CIOs, CISOs

Course Outline

Chapter 1

Course Overview - Reviews at a high level each chapter of the course

Chapter 3

Controls Factory Model – Introduces the concept of the CFM model and the three areas of focus, the Engineering, Technology and Business Centres.

Chapter 5

Assets and Identities – Provides a detailed discussion of asset families, key architecture diagrams, an analysis of business and technical roles, and a discussion of governance and risk assessment.

Chapter 7

Technology Controls - Provides a detailed analysis of the technical controls based on the CIS 20 Critical Security Controls©. This section includes the objective, design, details and a diagram for each control.

Chapter 9

Technical Program Testing and Assurance – Provides a high-level analysis of technology testing capabilities based on the PCI DSS. The testing capabilities include all 12 Requirements of the standard.

Chapter 11

Workforce Development – Provides a review of cybersecurity workforce demands and workforce standards based on the NICE Cybersecurity Workforce Framework (NCWF).

Chapter 13

Cybersecurity Program Assessment – Provides a detailed review of the key steps organisations can use for conducting a cybersecurity programme assessment. Assessment results include a technical scorecard (based on the 20 critical controls), an executive report, a gap analysis and an implementation roadmap.

Chapter 2

Framing the Problem – Establishes the context and rationale for the adoption and adaptation of the NCSF using the CFM.

Chapter 4

Threats and Vulnerabilities – Provides an overview of cyber-attacks (using the Cyber Attack Chain Model) and the most common technical and business vulnerabilities.

Chapter 6

Controls Framework – Provides a practitioner level analysis of the controls framework based on the NCSF.

Chapter 8

Security Operations Centre (SOC) - Provides a detailed analysis of information security continuous monitoring (ISCM) purpose and capabilities and an analysis of people, process, technology, and services provided by a SOC.

Chapter 10

Business Controls - Provides a high-level analysis of the business controls based on ISO 27002:2013 including the controls clauses, objective and implementation overview. The business controls support an information security management system (ISMS).

Chapter 12

The Cyber Risk Program – Provides a review of the AICPA proposed description criteria for cybersecurity risk management covering the 9 description criteria categories and the 31 description criteria.

Chapter 14

Cyber-risk Program Assessment – Provides a review of the Cyber Risk Management Program based on the five core functions of the NCSF.

Exam Format

  • 65 multiple choice questions
  • 120-minute exam
  • Pass mark – 60% (39 marks)
  • Closed book

This NIST Cyber Security Professional (NCSP) Practitioner course is provided in partnership with CySec Professionals Ltd, an APMG-International Accredited Training Organisation