#5 - Cyber Frameworks

Cyber Frameworks help CISOs build, measure, and execute top-notch information security programs. This podcast overviews the differences between Cyber Control Frameworks (CIS Controls & NIST 800-53), Program Frameworks (ISO 27001 & NIST CSF), and Risk Frameworks (FAIR, ISO 27005, & NIST 800-39) as well as provides useful tips on how to implement them. Chapters 00:00 Introductions 03:29 Creating a Framework for Cyber Security Programs 06:48 What are the Most Important Controls 11:08 Having an Inventory of Your Network ...

Cyber Frameworks help CISOs build, measure, and execute top-notch information security programs. This podcast overviews the differences between Cyber Control Frameworks (CIS Controls & NIST 800-53), Program Frameworks (ISO 27001 & NIST CSF), and Risk Frameworks (FAIR, ISO 27005, & NIST 800-39) as well as provides useful tips on how to implement them.

Chapters

• 00:00 Introductions
• 03:29 Creating a Framework for Cyber Security Programs
• 06:48 What are the Most Important Controls
• 11:08 Having an Inventory of Your Network Assets
• 14:01 Patch Tuesday and Remediation
• 18:20 Penetration Testing - The Last of the 20 SANS Controls
• 20:58 What's the NIST Cyber Security Framework
• 29:17 The Evolution of Security Controls
• 35:03 ISO 27000 Series Gap Analysis
• 40:03 Cyber is in the Business of Revenue Protection
• 44:53 The Risk Matrix - Likelihood and Impact
• 49:32 Risk Management & Continuous Vulnerability Management
• 51:41 Your four options? (Accept, Mitigate, Avoid, or Assign)