#5 - Cyber Frameworks

Cyber Frameworks help CISOs build, measure, and execute top-notch information security programs. This podcast overviews the differences between Cyber Control Frameworks (CIS Controls & NIST 800-53), Program Frameworks (ISO 27001 & NIST CSF), and Risk Frameworks (FAIR, ISO 27005, & NIST 800-39) as well as provides useful tips on how to implement them. Chapters 00:00 Introductions 03:29 Creating a Framework for Cyber Security Programs 06:48 What are the Most Important Controls 11:08 Having an Inventory of Your Network Assets 14:01 Patch Tuesday and Remediation 18:20 Penetration Testing - The Last of the 20 SANS Controls 20:58 What's the NIST Cyber Security Framework 29:17 The Evolution of Security Controls 35:03 ISO 27000 Series Gap Analysis 40:03 Cyber is in the Business of Revenue Protection 44:53 The Risk Matrix - Likelihood and Impact 49:32 Risk Management & Continuous Vulnerability Management 51:41 Your four options? (Accept, Mitigate, Avoid, or Assign)