#5 - Cyber Frameworks
Nov 27, 2020•58 min•Ep. 5
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more
Episode description
Cyber Frameworks help CISOs build, measure, and execute top-notch information security programs. This podcast overviews the differences between Cyber Control Frameworks (CIS Controls & NIST 800-53), Program Frameworks (ISO 27001 & NIST CSF), and Risk Frameworks (FAIR, ISO 27005, & NIST 800-39) as well as provides useful tips on how to implement them.
Chapters
- 00:00 Introductions
- 03:29 Creating a Framework for Cyber Security Programs
- 06:48 What are the Most Important Controls
- 11:08 Having an Inventory of Your Network Assets
- 14:01 Patch Tuesday and Remediation
- 18:20 Penetration Testing - The Last of the 20 SANS Controls
- 20:58 What's the NIST Cyber Security Framework
- 29:17 The Evolution of Security Controls
- 35:03 ISO 27000 Series Gap Analysis
- 40:03 Cyber is in the Business of Revenue Protection
- 44:53 The Risk Matrix - Likelihood and Impact
- 49:32 Risk Management & Continuous Vulnerability Management
- 51:41 Your four options? (Accept, Mitigate, Avoid, or Assign)
For the best experience, listen in Metacast app for iOS or Android