How long is the NCSP 800-30 Foundation course?

The course is delivered over 2 days.

Who should attend this risk assessment course?

It is suitable for cybersecurity, risk, audit, and compliance professionals.

Are there prerequisites for this course?

No prerequisites are required for this Foundation-level course.

Do participants receive certification?

Yes, all attendees receive the NCSP 800-30 Foundation Certificate and digital badge.

NIST Cybersecurity Professional®
NCSP® 800-30 Foundation Certificate

Strengthen Organisational Risk Assessment Capability with NIST SP 800‑30

NIST Cybersecurity Professional®

NCSP® 800-30 Foundation Certificate

Course Description

Effective cybersecurity depends on the ability to identify, analyse, and prioritise risks before they impact operations. NIST SP 800‑30 provides authoritative guidance for conducting risk assessments across information systems, business processes, and organisational environments.

The NCSP® 800‑30 Foundation Certificate is a 2‑day, instructor‑led course introducing participants to the principles, methods, and analytical techniques used to perform NIST‑aligned risk assessments. This course explains how to apply NIST SP 800‑30 within enterprise risk management programmes and how risk assessments support the NIST Cybersecurity Framework (CSF) 2.0 and the NIST Risk Management Framework (RMF).

Participants learn how to identify threats, vulnerabilities, likelihood, and impact; how to evaluate risk scenarios; and how to produce actionable risk assessment outputs that support decision‑making, prioritisation, and organisational resilience.

What You Will Learn

Participants gain foundational knowledge required to conduct NIST‑aligned risk assessments. You will learn:

How NIST SP 800‑30 supports the NIST CSF 2.0 and the NIST RMF.
The structure, purpose, and scope of NIST SP 800‑30 Rev. 1.
How to identify threats, vulnerabilities, predisposing conditions, and potential impacts.
How to analyse likelihood and risk using NIST‑aligned methods.
How to develop risk scenarios and evaluate organisational exposure.
How to document, communicate, and prioritise risk assessment results.
How to integrate risk assessments into enterprise governance and continuous improvement.

Course Agenda

Day 1: Risk Assessment Foundations, Concepts & Preparation

Module 1: Introduction to NIST SP 800‑30 Rev. 1

Understanding the purpose of NIST’s risk assessment guidance, its role within the NIST RMF, and how it supports enterprise risk‑based decision‑making.

Module 2: Core Concepts of Risk Assessment

Exploring threats, vulnerabilities, likelihood, impact, predisposing conditions, and organisational risk tolerance.

Module 3: Preparing for a Risk Assessment

Defining scope, system boundaries, assessment objectives, assumptions, constraints, and required resources.

Module 4: Identifying Threat Sources & Events

Understanding threat categories, adversarial and non‑adversarial events, and methods for identifying relevant threat scenarios.

Module 5: Identifying Vulnerabilities & Predisposing Conditions

Analysing weaknesses, environmental factors, and organisational conditions that influence risk exposure.

Day 2: Risk Analysis, Evaluation, Documentation & Integration

Module 6: Determining Likelihood

Applying NIST likelihood models, evaluating threat capability, intent, and system susceptibility.

Module 7: Determining Impact

Assessing potential consequences across confidentiality, integrity, availability, mission, operations, and organisational objectives.

Module 8: Assessing & Prioritising Risk

Combining likelihood and impact to determine risk levels, prioritising scenarios, and supporting decision‑making.

Module 9: Communicating & Documenting Risk Assessment Results

Producing risk assessment reports, communicating findings to stakeholders, and supporting governance processes.

Module 10: Integrating Risk Assessment into Organisational Processes

Applying risk assessment outputs to the NIST CSF 2.0, NIST RMF, continuous monitoring, and enterprise risk management.

Learning Outcomes

Participants will be able to:

Explain how NIST SP 800‑30 supports the NIST Cybersecurity Framework 2.0 and the NIST RMF.
Identify and describe threats, vulnerabilities, likelihood, and impact.
Conduct NIST‑aligned risk assessments using structured, repeatable methods.
Develop and analyse risk scenarios to support organisational decision‑making.
Document and communicate risk assessment results effectively.
Integrate risk assessment practices into enterprise governance and continuous improvement.

Who Should Attend?

This course is designed for professionals involved in cybersecurity, risk management, and system governance, including:

Cybersecurity & Risk Management Professionals
Governance, Risk & Compliance (GRC) Teams
System Owners & ISSOs
IT & Security Managers
Business Continuity & Resilience Teams
Audit & Assurance Professionals
Programme & Project Managers supporting risk‑based initiatives

Prerequisites

There are no formal prerequisites for this Foundation‑level course, though a basic understanding of cybersecurity, data science, or risk management is helpful.

Participants are provided with:

NIST Cybersecurity Professional® (NCSP®) 800-30 Foundation Certificate courseware including links to further reading and resources.
NIST Cybersecurity Professional® (NCSP®) 800-30 Foundation Certificate, Certificate of Completion.
NIST Cybersecurity Professional® (NCSP®) 800-30 Foundation Certificate digital badge.

Enrol Today

Develop the capability to conduct NIST‑aligned risk assessments using structured methods for identifying, analysing, and prioritising cybersecurity risks.