EP 62: The NIST Cybersecurity Framework
- S2E62
- 31:34
- January 21st 2022
https://www.yourcyberpath.com/62
In this episode, we cover the importance of the NIST Cybersecurity Framework (NIST CSF) and its use in managing risk as a business process within your organizations. The NIST Cybersecurity Framework was developed by the National Institute of Standards and Technology in collaboration with cybersecurity experts across the world.
The framework is divided into three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profile. The Framework Core contains the five concurrent and continuous functions performed by a cybersecurity organization: identify, protect, detect, respond, and recover. The Framework Implementation Tiers provides 4 levels of achievement for cybersecurity risk management. The Framework Profiles contains 23 activities and 108 outcomes that can be used to create a profile for your organization to manage its cybersecurity risk.
Kip Boyle and Jason Dion spend this episode providing a great overview of the NIST Cybersecurity Framework and its benefits. The team has recently filmed a long-form course that dives into each and every part of the Framework and teaches you how to use it in your own consulting and risk management efforts. You can find the course on the Your Cyber Path website or at our distribution partner’s website, Udemy.
What You’ll Learn
● What the NIST Cybersecurity Framework is
● The benefits of using the NIST Cybersecurity Framework
● The three parts of the NIST Cybersecurity Framework
● How to integrate other control methods (ISACA, ISO, RMF) into the NIST Cybersecurity Framework
Relevant Websites For This Episode
● NIST Cybersecurity Framework course (https://www.yourcyberpath.com/udemy)
● NIST Cybersecurity Framework (https://www.nist.gov/cyberframework)
● Your Cyber Path (https://www.yourcyberpath.com)
Tags: NIST CSF, Courses
Other Relevant Episodes
● Episode 50 – What does it take to lead a cybersecurity program
● Episode 53 – How to buy cyber insurance for your law practice
Your Cyber Path: How to Get Your Dream Cybersecurity Job
The Your Cyber Path podcast is designed to help you find out what it takes to get your dream cybersecurity job (from the hiring managers' perspective). After all, it is the hiring manager you need to impress in order to land your dream role. Stop wondering what the hiring manager is thinking, and learn first hand from our team of professional cybersecurity hiring managers who can help you cut through the process and understand what it takes to get hired these days.
Meet the Hosts
Jason Dion is a former college professor and the lead instructor at Dion Training Solutions. He has multiple information technology professional certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Network Defense Architect (CNDA), Digital Forensic Examiner (DFE), Digital Media Collector (DMC), CySA+, Security+, Network+, A+, PRINCE2 Practitioner, and ITIL. With networking experience dating back to 1992, Jason has been a network engineer, Deputy Director of a Network Operations Center, and an Information Systems Officer for large organizations around the globe.
Kip Boyle is a husband, dad, entrepreneur, and experienced cyber risk manager. He founded Cyber Risk Opportunities LLC in 2015 after 7 years as the CISO of PEMCO Insurance in Seattle. As a captain on active duty in the US Air Force, he served in the Combat Archer and F-22 Stealth Fighter programs, where he was the director of enterprise network security. These days, he serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!