1 – DIGITAL TRANSFORMATION

• Explores what the Practitioner needs to know about the relationship between digital transformation and cybersecurity
• Explain how to determine the impact of cybersecurity on DX.
• Explain the relationships between culture and digital transformation from the perspective of a practitioner.
• Explain the delivery of value to stakeholders in a DX & cybersecurity environment.
• Illustrate the interdependent relationship between cybersecurity and DX.

2 – THREAT LANDSCAPE

• The Practitioner needs to understand what threat actors do and their capabilities.
• Compare the evolving attack type impact to the threat environment.
• Apply knowledge about the threat landscape to maintain a readiness to respond.
• Develop a risk profile based on business impact analysis
• Establish the relationship between awareness and training in the continual improvement of cybersecurity posture.
• Develop and treat training & awareness as a critical aspect of deterrence
• Use knowledge about the threat landscape as a predicate to the adoption and adaptation of your cybersecurity posture.

3 – THE CONTROLS

• This chapter provides a sample set of controls based on an informative reference.
• Understand the purpose goals & objectives for each control.
• Characterize & explain the informative reference controls
• Discover how to apply the controls in an organizational context.

4 – ADOPT & ADAPT

• Adopt is a decision about governance; adapt is the set of management decisions that result from the decision to adopt.
• Distinguish Adopt, Adapt, Management & Governance.
• Develop an approach to adoption & adaptation.
• Distinguish & demonstrate the impact of organizational culture on developing cybersecurity as a capability.
• Develop an assessment approach to define current state.

5 – ADAPTIVE WAY OF WORKING

• Threat actors are agile and highly adaptive. The cybersecurity Practitioner must develop the same capabilities
• Break down what constitutes an adaptive approach.
• Characterize & apply the need for crossfunctional teams.
• Recognize and prioritize the first steps (get started).
• Demonstrate & establish cybersecurity phases.
• Break down the impact of the flows.

6 – RAPID ADOPTION & RAPID ADAPTATION FASTTRACK

• FastTrack™ is an approach to allow organizations to learn to adapt to an evolving threat landscape rapidly.
• Approach: Establish what it takes to adopt CS.
• Determine how that impacts management adaptation of CS.
• Determine how that impacts the capability to assess.
• CS Capability: Determine the gap between existing & needed capabilities.
• Establish what must be developed.
• Develop appropriate risk management profile.
• Discover how cybersecurity impacts people, practice & technology impacts organization.
• Differentiate CIS Implementation groups.
• Determine appropriate implementation group & approach.
• Develop appropriate phase approaches.

7 – CIIS PRACTICE

• Cybersecurity is an ongoing game of cat and mouse. Organizations must learn how to inculcate cybersecurity improvement into their DNA.
• Break down & develop mechanisms for ongoing cybersecurity improvement that includes developing a learning organization.
• Illustrate an improvement plan based on the NIST 7-Step Approach.
• Illustrate an improvement plan based on the Improvement GPS
• Demonstrate understanding of Cybersecurity Maturity Model Certification
• Break down the balancing loop & how it fits into the escalation archetype
• Use the Fast Track™ (improvement & implementation) cycles.