Preparing for Ransomware with the NIST Cybersecurity Framework

Ransomware is a type of malicious attack where attackers encrypt an organization’s data and demand payment to restore access. It disrupts or halts an organization’s operations and poses a dilemma for management: pay the ransom and hope that the attackers keep their word about restoring access and not disclosing data, or do not pay the ransom and restore operations themselves. The methods used to gain access to an organization’s information and systems are common to cyberattacks more broadly, but they are aimed at forcing a ransom to be paid. Organizations must be able to quickly recover from a Ransomware attack and trust that any recovered data is accurate, complete, and free of malware. 

 1 CPE Credit 

On this self-study course learn how  organizations can implement the NIST Cybersecurity Framework to prepare for and reduce the potential for successful ransomware attacks.  

Participants who pass the exam will earn 1 CPE Credit from this program. 

Course Publication Date: October 20th, 2022
Course Review Date: October 20th, 2024

Facilitated By:

Colin Whittaker

Colin Whittaker, PCI Industry Alumni, Founder and Director Informed Risk Decisions Ltd. Colin has been instrumental in driving forward a risk and security strategy for payments over the last 15 years since he retired from the military in 2001, and took up the role of Head of Security at APACS. Whilst there he was one of the first people to be elected to the PCI SSC Board of Advisors where he was always keen to try and promote the differences in threat between Europe and UK, and the US. Since that election he hasn't moved far from the PCI domain. In 2010 he moved to Visa Europe and became the Vice President Payment System Risk with responsibilities for designing and operating the Visa Europe PCI compliance strategy for European merchants and service providers. He was also responsible for coordinating Visa Europe's approach to cardholder data breaches in Europe, and for the changes to the Visa Europe Compliance strategy through the creation of the Technology Innovation Program which gave the very first PCI DSS compliance relief for EMV chip accepting merchants. In 2015 he went independent and currently provides cyber security risk consultancy services to a wide range of public and private companies. Colin has presented on Information Security at major events around the world, and has published a number of papers on security.



Created By:

Chris Burton

Founder of Executive IT Forums, Inc. Program Director, IT GRC Forum. Chris has been working in the technology content marketing field for over 20 years focusing on enterprise cybersecurity and regulatory compliance in industries ranging from healthcare and finance to manufacturing and retail. In 2008 he founded Executive IT Forums, Inc, and set up the IT GRC Forum to produce educational content for Governance, Risk Management, and Compliance (GRC) Executives. Chris is primarily responsible for content design, course development, and delivery of educational programs, and he excels in helping clients to maximize the executive value achieved across GRC campaigns.


NASBA Approved
GRCCPEacademy.org from Executive IT Forums, Inc.(Sponsor Id#: 112059) is registered with the National Association of State Boards of Accountancy (NASBA) as a sponsor of continuing professional education on the National Registry of CPE Sponsors. State boards of accountancy have final authority on the acceptance of individual courses for CPE credit. Complaints regarding registered sponsors may be submitted to the National Registry of CPE Sponsors through its website: www.nasbaregistry.org