NIST Cybersecurity Framework | Cybersecurity Insights #4

June 1, 2019 posted by

hey everybody its Josh from absolute we're going to start taking a look at the NIST cybersecurity framework I'll go into all five pillars of NIST in future episodes but for now let's do a quick overview in this CSF calls for actions in the IT and security team can do to create resilience by default those actions are identify protect detect respond and recover first up identify see everything but this is not just an inventory of resources we need to put our finger on hidden weaknesses and vulnerabilities 99% of successful attacks hit existing vulnerabilities that were either hidden or unresolved number to protect or build a moat the protect pillar gives us techniques to safeguard data access controls to solve overly permissive pathways to the goods data security to blanket information and prevent its escape protective technology so we don't have to do all of this by hand and training to keep our users in the know about cyber security principles they simply do not know what you know teach them and everyone wins number three detect which invites us to go looking for trouble once we have a strong baseline identify and protect we can find – what makes something an anomaly then watch the baseline with a keen eye to see if anomalies pop up reflect on what we found so we can get better at our powers of detection number four be responsive the respond pillar shows us how to plan communicate analyze mitigate and improve Incident Response response planning and communication give us the connective tissue that helps diffuse security incidents with analysis and mitigation directed toward the goal of swift recovery and five recover this is where we iterate and adapt this pushes us to learn from what's happened and adjust controls to bounce back stronger than ever by questioning assumptions taking our new hard-won knowledge of what happened we influence security measures that will help protect us against the unknown future putting the NIST CSF in place can lead to acute anxiety and fear these are base instincts that are part of being human we fear what we don't understand but as you'll see in later episodes then this CSF is only formalizing what you've done for years this is nothing new and there's nothing to fear nothing remember to like this episode and subscribe to get the rest of the story I'll see you next time


2 Replies to “NIST Cybersecurity Framework | Cybersecurity Insights #4”

  1. musictouchurheart says:

    Thanks for the nice and brief video.
    "Watch the baseline with a keen eye to see if anomalies pop up" – am not sure CSF at its framework's capabilities level can handle this though. The keen eye to observe an anomaly popping up has to come from operation level.

  2. Josh Mayfield says:

    Looking to learn more about NIST CSF? Check out our blog to find out what you may be missing.

Leave a Comment

Your email address will not be published. Required fields are marked *