The certification program defines Cybersecurity Risk Management as a system composed of cybersecurity threats, events, controls, assessments, issues, metrics, risks, and the roles and responsibilities of the people that make it happen. The system is described in detail in the textbook: Stepping Through Cybersecurity Risk Management, A Systems Thinking Approach, a Wiley publication, 2024. The course has 10 modules corresponding to the book’s chapters. Each has an online lecture and online assessments. FrameCyber Certification registration is an annual fee, but there is no time limit on the student’s module completion rate, and after successful completion of each module, a certification candidate may download evidence of completion of 12 Continuing Profession Education (CPE) credits that includes the begin and end dates that certification candidate worked on the module.

Because the certification program includes online training and assessment, successful completion of each module provides 12 Continuing Profession Education (CPE) credits acceptable to maintain compliance with other cybersecurity certification programs.  Those who achieve full certification by successfully completing all 10 modules will receive 120 CPEs. This time commitment is consistent with an academic semester course at the Masters level wherein the FrameCyber textbook is used to guide instruction and learning because academic accreditation requires that curriculum be designed to ensure students perform 120 hours of combined lecture, self-study, and learning assessments. In the case of the FrameCyber certification, time expectations for each module include ~1 hour of online lecture and lab set-up, ~2 hours of reading, ~2 hours of spot check and comprehension assessments,  ~3 hours on essay assessment, and ~4 hours on a lab exercise. These estimates include time within the exercises wherein the student may have to do some research or close reexamination of the book’s content to pass the assessments.

Examples:

FrameCyber Certification Module CPEs count toward ISACA’s CISA, CISM, and CRISC certifications under this paragraph in the associated Continuing Professional Education Policy: These activities include structured courses designed for self-study that offer CPE hours. These courses will only be accepted if the course provider issues a certificate of completion and the certificate contains the number of CPE hours earned for the course.

FrameCyber Certification Module CPEs count toward ISC2 CISSP and other cybersecurity-related certifications under its “Courses and seminars – other” qualifying activity in the ISC2 Certification Maintenance Handbook: Education (Group A) educational content where the topics are aligned with the domain(s) of your credential: Courses and seminars – other, Example: Self-study related to research for a project or preparing for a certification examination.