Cybersecurity Risk Management Practicum I

Level: Intermediate

Become a Job-Ready Certified Cybersecurity Risk Management Professional (CCRMP). To prevent the $2.1T in projected cyber breaches, employers need Certified Cybersecurity Risk Management Professionals who have demonstrated they can implement the NIST Risk Management Framework and FedRAMP. The NIST Risk Management Framework (RMF) and the Federal Risk and authorisation Management Program (FedRAMP) are the de facto standards utilised for cloud security risk management in the U.S. today.

To address accelerating cyber staffing shortages, Mission Critical Institute established the CCRMP to provide employers and candidates a performance-based cyber/cloud security certification.

As an authorised training partner, Learning Tree can help you earn the CCRMP through five courses that ensure you acquire hands-on project experience in implementing the NIST RMF and FedRAMP.

This is the third of five courses that help you earn CCRMP certification.

Cybersecurity Risk Management Practicum I

Key Features of this Cybersecurity Risk Management Practicum I:

  • 100% hands-on projects — no exams
  • Validation you are NIST RMF/FedRAMP job-ready
  • Certified NIST RMF/FedRAMP practitioner instructors
  • NIST RMF/FedRAMP project experience employers seek
  • Recognition of curriculum by Department of Homeland Security
  • Produce NIST RMF deliverables Steps 1-3 to demonstrate CCRMP competencies

You Will Learn How To:

  • Categorise information system
  • Select security controls
  • Write a control
  • Develop a compliant System Security Plan (SSP)
  • Analyse and document inherited controls to ensure cloud security posture is maintained
  • Differentiate and document hybrid and system controls
  • Develop Information System Continuous Monitoring (ISCM) strategy
  • Prepare system for assessment

Choose the CCRMP Training Solution That Best Fits Your Individual Needs or Organisational Goals


Team Training

  • Bring this or any training to your organisation
  • Full - scale program development
  • Delivered when, where, and how you want it
  • Blended learning models
  • Tailored content
  • Expert team coaching
View Details ›

Customize Your Team Training Experience


Save More on Training with Learning Tree Training Vouchers!

Our flexible, easy-to-redeem training vouchers are available to any employee within your organisation. For details, please call 0800 282 353 or chat live.

Team Training

Cybersecurity Risk Management Practicum I Information

  • Cloud Security Risk Management Practicum I Course Description

    In this virtual practicum, students utilise the NIST Risk Management Framework/ FedRAMP for risk management of the integrated enterprise/cloud system. Students demonstrate the capability to evaluate a test system, develop a System Security Plan (SSP), select, edit and write appropriate security controls and document results.

  • Course Deliverables

    • On-premise SSP
    • Integration of FedRAMP SSP
    • FIPS 199 System Categorization
    • NIST Security Control Selection
    • Privacy Threshold Analysis (PTA) worksheet/template
    • Privacy Impact Assessment (PIA) worksheet/template
    • Edit and/or write security controls
  • Prerequisites

    Attendees must take the five courses in the CCRMP certification course series in order. Before attending this course, attendees must first successfully complete the following courses:

  • Course Schedule

    The flexible, online 8-week course schedule enables you to collaborate with your instructor and fellow students to acquire the cloud security risk management expertise employers seek.

    Asynchronous Threaded Discussions
    Each week’s discussion threads focus on a specific cloud security risk management concept. You can participate in these discussions anytime, anywhere as you interact with your instructor and fellow students online.

    Four Live Virtual Seminars
    In weeks 1, 3, 5 & 7 you will participate in live-online interactive sessions led by your expert, practitioner instructor. Recordings of each session will be available to you if you are unable to attend.

    Virtual Office Hours
    To further enhance your learning experience, you may communicate with your instructor during weekly virtual office hours held in weeks 2, 4, 6 & 8.

  • Course Materials

    • James Broad, Mastering the Risk Management Framework, 1st Edition, ISBN#:?9781723760358. Required chapters are included in the electronic course materials. 
    • The course also contains links to a Course Webliography for required readings.
  • Coursework

    Students will work with their NIST RMF/FedRAMP practitioner instructor to produce NIST RMF/FedRAMP projects by participating in weekly virtual discussions, as well as completing weekly assignments and project reports. They will attend bi-weekly, live virtual seminars led by their instructor.

  • Software/Hardware Required

    • Access to Microsoft Office, including Word, Excel, and a PDF reader.
    • Access to high-speed internet connection.
    • A headset with microphone is recommended; using built-in speakers/microphone causes echo issues. Headsets give participants complete interaction with the instructor and other students.

Cybersecurity Risk Management Practicum I Course Outline

  • Categorise Information System Based on NIST RMF Guidelines

    • Evaluate information system documentation
    • Analyse information system documentation to produce FIPS 199 Worksheet
    • Finalise System Registration Form
  • Select Security Controls Based on NIST RMF and FedRAMP Guidelines

    • Analyse Security Controls Traceability Matrix (SCTM)
    • Validate Security Controls Traceability Matrix (SCTM)
  • Write a System Security Control in Alignment with NIST RMF and FedRAMP Guidelines

    • Develop a System Security Plan (SSP) control-based on scenario
    • Analyse scenario for implementation parameters
    • Document the implementation of assigned security control following best practises
  • Develop a Compliant System Security Plan (SSP) using NIST RMF and FedRAMP

  • Analyse and Document Inherited Controls to Ensure Cloud Security Posture is Maintained

  • Differentiate and Document Hybrid and System Controls in Alignment with NIST RMF and FedRAMP

    • Analyse system owner communication to update information system documentation
    • Evaluate Common Control Provider (CCP) controls to ensure that they meet security requirements of the system
  • Develop Information Security Continuous Monitoring (ISCM) Strategy Based on NIST RMF Best Practises

    • Analyse enterprise level ISCM strategy
    • Synthesize and document system level ISCM strategy supporting enterprise level ISCM strategy
  • Prepare System for Security Risk Assessment

    • Evaluate all system documentation, including (SSP, SCTM, ISCM)
    • Develop communication notifying key stakeholders of pending systems assessment
  • Conduct Research and Make Recommendations to Address Organisational Risk Management Issues

  • Analyse Existing Research and Resources to Improve Risk Management Processes

Cybersecurity Risk Management Practicum I FAQs

  • Who should become a CCRMP?

    Individuals seeking to advance in cybersecurity risk management to positions in which the NIST RMF/FedRAMP is utilised to secure integrated cloud and on-premise systems in the following sectors:

    • Systems Integrators
    • Federal Civilian, DoD, and Intelligence Communities
    • Critical Infrastructure Protection
    • Financial Services
    • HIPAA
    • And More
  • What are the eligibility requirements for CCRMP certification?

    Eligibility for the CCRMP Certification
    To receive the CCRMP certification, applicants must:

    • Demonstrate competency with the CCRMP Common Body of Practise by producing specified NIST RMF/FedRAMP deliverables.
    • Have five years of relevant technical experience or substitute a bachelor's degree for two years of relevant experience.

    Demonstration of CCRMP CBP Competencies
    To demonstrate mastery of the CCRMP CBP, applicants produce the deliverables by:

    • Satisfactorily completing an Mission Critical Institute approved cybersecurity/cloud security risk management curriculum, offered through an Mission Critical Institute academic partner.
    • Submitting a portfolio of project deliverables that demonstrates the mastery of CBP competencies.

      For details, please review the CCRMP Policies and Procedures ›
  • Which courses can help me earn CCRMP certification?

    Mission Critical Institute offers a five-course learning pathway to help you earn your CCRMP certification. The courses must be take in this order:

  • What is the Mission Critical Institute?

    The Mission Critical Institute advances cybersecurity careers and thought leadership by developing career-focused cybersecurity education and training programs for use by universities and cybersecurity employers. In addition, Mission Critical Institute provides strategic cybersecurity consulting services to employers and higher education institutions.

  • What is the NIST RMP and FedRAMP?

    The NIST Risk Management Framework (RMF) and the Federal Risk and Authorisation Management Program (FedRAMP) are the de facto standards utilised for cloud security risk management in the U.S. today. To address accelerating cyber staffing shortages, Mission Critical Institute established the CCRMP to provide employers and candidates a performance-based cloud security certification.

  • Are there any extra costs associated with this course?

    There is a $150 Lab Manual fee associated with this course.

  • Is this a self-paced course?

    No, it is not 100% self-paced. In weeks 1, 3, 5 and 7 students must attend a 1 hour live virtual seminar which includes content and Q&A. This course is in 8 modules, one module per week. Assignments are due at the end of each module – so this is not self-paced, although it is online, and therefore allows for flexibility with the learner’s schedule.

  • Is pre-payment required?

    Yes. Additionally, there are no refunds once the course begins.

  • Is there an application process students need to go through to qualify for the certification?

    Yes there is an application required. The application fee is waived for students who successfully complete the 5 courses through Learning Tree.

  • What is the cancellation policy?

    You must cancel 2 weeks prior to class to receive a refund. After that, students who cannot attend this course, can attend a future scheduled same course.

call 0800 282 353
chat Live Chat

Preferred method of contact:

Please Choose a Language

Canada - English

Canada - Français