Friday Nov 27, 2020

#5 - Cyber Frameworks

Cyber Frameworks help CISOs build, measure, and execute top-notch information security programs. This podcast overviews the differences between Cyber Control Frameworks (CIS Controls & NIST 800-53), Program Frameworks (ISO 27001 & NIST CSF), and Risk Frameworks (FAIR, ISO 27005, & NIST 800-39) as well as provides useful tips on how to implement them.

Chapters

  • 00:00 Introductions
  • 03:29 Creating a Framework for Cyber Security Programs
  • 06:48 What are the Most Important Controls
  • 11:08 Having an Inventory of Your Network Assets
  • 14:01 Patch Tuesday and Remediation
  • 18:20 Penetration Testing - The Last of the 20 SANS Controls
  • 20:58 What's the NIST Cyber Security Framework
  • 29:17 The Evolution of Security Controls
  • 35:03 ISO 27000 Series Gap Analysis
  • 40:03 Cyber is in the Business of Revenue Protection
  • 44:53 The Risk Matrix - Likelihood and Impact
  • 49:32 Risk Management & Continuous Vulnerability Management
  • 51:41 Your four options? (Accept, Mitigate, Avoid, or Assign)

Comments (0)

To leave or reply to comments, please download free Podbean or

No Comments

Copyright 2024 All rights reserved.

Podcast Powered By Podbean

Version: 20241125