Cyber Frameworks help CISOs build, measure, and execute top-notch information security programs. This podcast overviews the differences between Cyber Control Frameworks (CIS Controls & NIST 800-53), Program Frameworks (ISO 27001 & NIST CSF), and Risk Frameworks (FAIR, ISO 27005, & NIST 800-39) as well as provides useful tips on how to implement them.
Chapters
- 00:00 Introductions
- 03:29 Creating a Framework for Cyber Security Programs
- 06:48 What are the Most Important Controls
- 11:08 Having an Inventory of Your Network Assets
- 14:01 Patch Tuesday and Remediation
- 18:20 Penetration Testing - The Last of the 20 SANS Controls
- 20:58 What's the NIST Cyber Security Framework
- 29:17 The Evolution of Security Controls
- 35:03 ISO 27000 Series Gap Analysis
- 40:03 Cyber is in the Business of Revenue Protection
- 44:53 The Risk Matrix - Likelihood and Impact
- 49:32 Risk Management & Continuous Vulnerability Management
- 51:41 Your four options? (Accept, Mitigate, Avoid, or Assign)
