Hello all!

Are you easily bored? I have to tell you, doing the same thing, over and over again (unless it’s eating yummy Mexican food) is not much fun to me. And frankly, it doesn’t serve one of my main goals in life, which is to learn and grow. It’s interesting that I am weirdly obsessed with change. Most people seem to abhor change. Not me, I’m a freak. Bring on the new stuff baby!

This is good for you!

One of the benefits of my obsession with change is that it positively impacts my work as a NIST cybersecurity framework course author. In case you don’t know, at LRS Education Services we create the courseware we provide in our NIST framework training classes, and we therefore get to change it as necessary. Or maybe we change it because I’m bored with the old stuff.

You know something we’ve done recently to support you and alleviate boredom? We revamped our NIST framework courses to Version 3. Version 3 for 2023! (It rhymes and that was totally not on purpose. That makes me smile. It’s the little things y’all.)

Ready for Some Details?

LRS Education Services would like to officially announce the release of Version 3 of our NIST Cybersecurity Framework courses. We’ve spent the last few months updating the content, with the primary purpose being to make the courses more valuable for you, our students and potential students!

A quick reminder that our LRS NIST CSF Bootcamp course is just our Foundation and Practitioner courses taken over a single three-day period. The Foundation course has no significant changes, and that’s completely on purpose. The Foundation course is all about building the foundation (pun intended) for understanding the basics of cybersecurity and the purpose, benefits, and design of the NIST CSF. The NIST CSF has not changed, so the Foundation course continues to reflect it as is. However, NIST is right now working through the update process, and we’re VERY excited for that to happen. More to come on NIST CSF 2.0 as information becomes available!

Ok, let’s get back to the main reason for this blog post.

Here is an overview of the relevant changes in our LRS NIST cybersecurity training Bootcamp and Practitioner courses:

Module 1

• Multiple changes to module names to reflect the new/updated modules.
• Exam descriptions have been modified to reflect the new content on the exams.
• Not specifically in Module 1, but of course our exams have also been updated for all the new content! We didn’t make them any easier, but they are more relevant.

Module 2 from the previous versions of the Practitioner course was by far the longest of the three days. It was sooooooooo long. It literally took almost half a day of the two days. We took that module and split it in two, tossed out some content that wasn’t as valuable and added in some more good stuff!

Module 2

• Old name: The Components of the NIST Cybersecurity Framework. New name: Applying NIST CSF Tiers and Profiles.
• We cut WAY back on the amount of review content on the NIST CSF components. This aligns with the prerequisite that students taking Practitioner/Bootcamp courses should have already taken Foundation or have significant experience with the NIST CSF. With this change we give more time back to the students who meet the prerequisites. Warning: Don’t be taking Practitioner unless you’re up to speed.
• We’ve updated the sections that show practical application of Tiers and Profiles to make it even easier to see how they can be applied for any subcategory in your organizations. We also now provide another piece of valuable extra content, LRS NIST Cybersecurity Tiers in Clear Terms. You’re welcome.

Module 3

• Old name: Risk Management in the NIST CSF and NIST RMF – this has been moved to Module 4 in the updated course. New name for Module 3: An Exploration of Informative References.
• We removed several slides that were not adding value to the live class but left the relevant details in the book for you to review as you see a need to do so.
• The focus was tightened to the three major informative references that best serve organizations in their efforts to reduce risk and improve cyber security.
• We updated the content on ISO/IEC 27001:2013.
• We added content related to NIST SP800-53 Rev. 5 along with a bit on NIST SP 800-53B.

Module 4

• Module 4 (Risk Management in the NIST CSF and NIST RMF) in version 3 of the course is the same as Module 3 in the previous versions. It was moved due to the additional content and splitting of the old Module 2.

Module 5

• Modules 4 and 5 from the previous version of the class (old names: Real World Attacks and Defense in Depth and the NIST Cybersecurity Framework) were combined and updated. New name: Understanding and Defending Against Real World Attacks.
• Some attacks were removed due to low student interest and desire for more relevant content. Even if you’re remote, we can tell when you’re bored too. 😊
• The 2022 Uber attack was added, and the 2017 Equifax data breach was expanded into a detailed case study for an in-depth understanding. This is a HUGE deal!
• Content on general cyber-attack kill chains was removed because it was too high level. Instead that section is now much more relevant to real life defenses by expanding the focus on the MITRE ATT&CK matrices. This makes learning how to defend against attacks VERY applicable!
• The section on Security Operations Centers (SOCs) was modified for greater clarity.

We didn’t see a need to make significant changes to Modules 6-9, although we do now also provide another extra resource, a complete WISP (Written Information Security Program) Template that is fully editable for you to use in your organizations to create your own WISP.

We hope this information is valuable to you, please reach out to us at GetSMart@LRS.com if you have further questions about our Version 3 updates. We’d love to have you join us in 2023 for one or more of our NIST cybersecurity framework training version 3 courses!

Troy Stoneking
Certified NIST Cybersecurity Framework Professional Trainer and Cybersecurity Assessor