This course develops practical expertise to apply key NIST publications and frameworks to assess security controls, manage risk, and build a cybersecurity program aligned with organizational objectives and security needs.
Upcoming dates you can join soon.
This course runs multiple times per year, onsite and online.
Explain fundamental cybersecurity concepts and how NIST guidance structures them
Support compliance with NIST SP 800-12, SP 800-53, RMF, SP 800-171, and the NIST CSF
Select and evaluate security controls aligned with organizational risk and objectives
Establish risk and incident management approaches supported by evidence and metrics
Design and optimize a cybersecurity program with monitoring and continual improvement
“Henri perfectly filled in the gaps in our knowledge and tailored the course contents to our difficult schedules, many thanks !”
Simon Baynes
BCMS manager
MSC MEDITERRANEAN SHIPPING COMPANY SA
“Henri and Alexis conducted a focused, intensive four-day ISO/IEC 27001 Lead Implementer Course of immediate relevance to The Global Fund. Participants representing both IT and Risk are now better prepared to design and operationise a corporate ISMS.”
Andreas Tamberg
Senior advisors enterprise risk management
The Global Fund
“Overall enjoyable training. To the point end trainer kept clear focused.”
Stephane Di Bari
Service operations manager
UNICC
Get instant answers to common questions about this course from our expert trainers.
In practice, the NIST CSF helps structure outcomes, the RMF guides the risk-based process, and SP 800-53 provides a catalog of controls to implement and assess.
“Framework outcomes, risk process, and controls form one system.”
Expert Trainer
Non-security leaders and technical owners should take it when they must oversee risk, controls, and compliance expectations tied to NIST-aligned requirements.
“You don't need a security title to own security outcomes.”
Expert Trainer
It means evaluating whether selected controls are appropriate, implemented as intended, and effective for the system's risk and operational context.
“A control exists only if you can show it works.”
Expert Trainer
Treat supply chain risk as part of system risk by identifying dependencies, setting requirements for suppliers, and monitoring ongoing exposure.
“Your security boundary includes your dependencies.”
Expert Trainer
A practical approach defines roles, detection and escalation paths, response procedures, and post-incident learning backed by testing and metrics.
“Incidents are handled best when the work is rehearsed.”
Expert Trainer
Browse every upcoming session for this course.
Quick navigation to course sections
Necessary cookies are always active. You can accept, reject non-essential cookies, or customize your preferences.