0:00:00.840,0:00:03.840
foreign

0:00:19.520,0:00:21.359
introduction to cyber security

0:00:21.359,0:00:25.140
Frameworks in today's digital age cyber

0:00:25.140,0:00:27.119
security has become a top priority for

0:00:27.119,0:00:29.880
individuals and organizations alike with

0:00:29.880,0:00:31.679
the increasing number of cyber threats

0:00:31.679,0:00:33.719
and attacks it is essential to have a

0:00:33.719,0:00:35.520
comprehensive cyber security framework

0:00:35.520,0:00:37.260
in place to protect sensitive

0:00:37.260,0:00:39.420
information and data cyber security

0:00:39.420,0:00:41.579
Frameworks provide a structured approach

0:00:41.579,0:00:43.860
to managing and mitigating cyber risks

0:00:43.860,0:00:46.440
by outlining best practices guidelines

0:00:46.440,0:00:48.960
and standards in this article we will

0:00:48.960,0:00:51.059
explore three of the most widely used

0:00:51.059,0:00:53.399
cyber security Frameworks this cyber

0:00:53.399,0:00:56.100
security framework ISO 270001

0:00:56.100,0:00:58.079
information security management system

0:00:58.079,0:01:00.360
and CIS controls for Effective cyber

0:01:00.360,0:01:02.280
defense by understanding these

0:01:02.280,0:01:03.899
Frameworks you can better protect

0:01:03.899,0:01:05.519
yourself and your organization from

0:01:05.519,0:01:07.380
cyber threats and ensure that your cyber

0:01:07.380,0:01:09.299
security measures are up to par with

0:01:09.299,0:01:10.979
industry standards

0:01:10.979,0:01:15.420
2. this cyber security framework

0:01:15.420,0:01:17.580
the nist cyber security framework is a

0:01:17.580,0:01:19.320
set of guidelines and best practices

0:01:19.320,0:01:21.420
designed to help organizations manage

0:01:21.420,0:01:24.180
and reduce cyber security risks it was

0:01:24.180,0:01:26.040
developed by the National Institute of

0:01:26.040,0:01:28.680
Standards and Technology NISD in

0:01:28.680,0:01:30.979
response to executive order

0:01:30.979,0:01:33.720
13636 which call for the creation of a

0:01:33.720,0:01:35.159
framework that would help critical

0:01:35.159,0:01:37.259
infrastructure organizations improve

0:01:37.259,0:01:40.020
their cyber security posture the

0:01:40.020,0:01:41.700
framework consists of five core

0:01:41.700,0:01:44.280
functions identify protect protect

0:01:44.280,0:01:47.280
respond and recover each function is

0:01:47.280,0:01:49.380
further broken down into categories and

0:01:49.380,0:01:51.360
subcategories that provide more specific

0:01:51.360,0:01:53.280
guidance on how to implement the

0:01:53.280,0:01:54.540
framework

0:01:54.540,0:01:56.759
the identify function focuses on

0:01:56.759,0:01:58.920
understanding an organization's cyber

0:01:58.920,0:02:01.680
security risks and vulnerabilities this

0:02:01.680,0:02:04.140
includes identifying all assets systems

0:02:04.140,0:02:06.299
and data that need to be protected as

0:02:06.299,0:02:08.160
well as assessing the potential impact

0:02:08.160,0:02:10.080
of a Cyber attack

0:02:10.080,0:02:11.520
the protect function involves

0:02:11.520,0:02:13.379
implementing safeguards to protect

0:02:13.379,0:02:15.660
against cyber threats this includes

0:02:15.660,0:02:17.580
measures such as access controls

0:02:17.580,0:02:19.800
encryption and security awareness

0:02:19.800,0:02:21.780
training for employees

0:02:21.780,0:02:24.060
the detect function involves monitoring

0:02:24.060,0:02:26.099
systems and networks for signs of a

0:02:26.099,0:02:28.440
Cyber attack this includes implementing

0:02:28.440,0:02:30.300
intrusion detection and prevention

0:02:30.300,0:02:32.520
systems as well as conducting regular

0:02:32.520,0:02:34.680
vulnerability scans and penetration

0:02:34.680,0:02:36.060
testing

0:02:36.060,0:02:38.160
the respond function involves developing

0:02:38.160,0:02:40.440
and implementing a plan to respond to a

0:02:40.440,0:02:42.840
Cyber attack this includes establishing

0:02:42.840,0:02:45.420
an incident Response Team defining roles

0:02:45.420,0:02:47.340
and responsibilities and developing

0:02:47.340,0:02:49.319
procedures for containing and mitigating

0:02:49.319,0:02:51.480
the effects of an attack

0:02:51.480,0:02:53.700
finally recover function involves

0:02:53.700,0:02:56.040
restoring normal operations after a

0:02:56.040,0:02:58.620
Cyber attack this includes developing a

0:02:58.620,0:03:00.720
business continuity plan conducting

0:03:00.720,0:03:03.000
backups of critical data and ensuring

0:03:03.000,0:03:05.040
that systems can be quickly restored in

0:03:05.040,0:03:08.160
the event of an outage overall the nist

0:03:08.160,0:03:10.140
cyber security framework provides a

0:03:10.140,0:03:12.180
comprehensive approach to managing cyber

0:03:12.180,0:03:14.340
security risks by following its

0:03:14.340,0:03:15.659
guidelines and best practices

0:03:15.659,0:03:17.640
organizations can better protect

0:03:17.640,0:03:19.560
themselves against cyber threats and

0:03:19.560,0:03:22.260
ensure the confidentiality integrity and

0:03:22.260,0:03:25.560
availability of their sensitive data 3.

0:03:25.560,0:03:28.560
ISO 27001 information security

0:03:28.560,0:03:32.459
management system the iso 27001

0:03:32.459,0:03:34.500
information security management system

0:03:34.500,0:03:37.140
is a globally recognized framework that

0:03:37.140,0:03:38.879
provides a systematic approach to

0:03:38.879,0:03:41.340
managing sensitive information it

0:03:41.340,0:03:43.200
outlines a set of best practices for

0:03:43.200,0:03:45.540
establishing implementing maintaining

0:03:45.540,0:03:47.400
and continually improving an

0:03:47.400,0:03:49.140
organization's information security

0:03:49.140,0:03:52.200
management system the frame work is

0:03:52.200,0:03:54.120
designed to help organizations identify

0:03:54.120,0:03:55.680
and manage risk to their information

0:03:55.680,0:03:58.080
assets including confidential data

0:03:58.080,0:04:00.060
intellectual property and customer

0:04:00.060,0:04:02.459
information it also helps ensure

0:04:02.459,0:04:05.280
compliance with legal Regulatory and

0:04:05.280,0:04:07.200
contractual requirements related to

0:04:07.200,0:04:08.840
information security

0:04:08.840,0:04:12.299
ISO 27001 consists of several key

0:04:12.299,0:04:14.519
components including risk assessment and

0:04:14.519,0:04:16.560
treatment security controls and

0:04:16.560,0:04:18.720
continuous Improvement the framework

0:04:18.720,0:04:20.519
emphasizes the importance of a

0:04:20.519,0:04:22.019
risk-based approach to information

0:04:22.019,0:04:24.360
security which involves identifying

0:04:24.360,0:04:26.160
potential threats and vulnerabilities

0:04:26.160,0:04:28.500
assessing the likelihood and impact of

0:04:28.500,0:04:30.540
those risks and implementing appropriate

0:04:30.540,0:04:33.300
controls to mitigate them one of the

0:04:33.300,0:04:36.180
strengths of iso 27001 is its

0:04:36.180,0:04:38.580
flexibility the framework can be adapted

0:04:38.580,0:04:40.380
to suit the specific needs of different

0:04:40.380,0:04:42.660
organizations regardless of their size

0:04:42.660,0:04:45.660
industry or location it can also be

0:04:45.660,0:04:47.580
integrated with other management systems

0:04:47.580,0:04:49.500
such as quality management or

0:04:49.500,0:04:51.440
Environmental Management to create a

0:04:51.440,0:04:53.699
comprehensive approach to organizational

0:04:53.699,0:04:55.139
governance

0:04:55.139,0:04:58.199
overall the iso 27001 information

0:04:58.199,0:05:00.600
security management system is a valuable

0:05:00.600,0:05:02.520
tool for organizations looking to

0:05:02.520,0:05:04.380
establish a robust and effective

0:05:04.380,0:05:06.780
information security program by

0:05:06.780,0:05:08.340
following the framework's guidelines

0:05:08.340,0:05:10.500
organizations can better protect their

0:05:10.500,0:05:12.720
sensitive information reduce the risk of

0:05:12.720,0:05:14.639
cyber attacks and demonstrate their

0:05:14.639,0:05:16.620
commitment to security to stakeholders

0:05:16.620,0:05:18.620
and customers alike

0:05:18.620,0:05:21.720
4. CIS controls for Effective cyber

0:05:21.720,0:05:24.600
defense the center for Internet Security

0:05:24.600,0:05:27.720
Cas controls is a set of best practices

0:05:27.720,0:05:29.880
designed to help organizations protect

0:05:29.880,0:05:31.740
their systems and data from cyber

0:05:31.740,0:05:34.020
threats the controls are organized into

0:05:34.020,0:05:36.960
three categories basic foundational and

0:05:36.960,0:05:38.460
organizational

0:05:38.460,0:05:40.740
the basic controls include measures such

0:05:40.740,0:05:42.720
as inventory and control of Hardware

0:05:42.720,0:05:45.660
assets inventory and control of software

0:05:45.660,0:05:47.759
assets continuous vulnerability

0:05:47.759,0:05:49.680
management and controlled use of

0:05:49.680,0:05:52.199
administrative privileges these controls

0:05:52.199,0:05:53.639
are considered essential for any

0:05:53.639,0:05:55.800
organization that wants to establish a

0:05:55.800,0:05:58.199
strong cyber security posture

0:05:58.199,0:06:00.240
the foundational controls build upon the

0:06:00.240,0:06:02.160
basic controls and include measures such

0:06:02.160,0:06:04.500
as email and web browser protections

0:06:04.500,0:06:06.660
malware defenses data recovery

0:06:06.660,0:06:08.820
capabilities and secure configurations

0:06:08.820,0:06:11.699
for network devices these controls are

0:06:11.699,0:06:13.560
designed to provide additional layers of

0:06:13.560,0:06:16.440
protection against common cyber threats

0:06:16.440,0:06:19.199
finally organizational controls focus on

0:06:19.199,0:06:21.479
the policies procedures and training

0:06:21.479,0:06:23.639
necessary to maintain an effective cyber

0:06:23.639,0:06:26.220
security program these controls include

0:06:26.220,0:06:28.020
measures such as security awareness

0:06:28.020,0:06:30.360
training incident response planning and

0:06:30.360,0:06:33.300
penetration testing by implementing the

0:06:33.300,0:06:35.699
sys controls organizations can establish

0:06:35.699,0:06:37.680
a comprehensive cyber security program

0:06:37.680,0:06:40.080
that addresses both Technical and

0:06:40.080,0:06:42.780
organizational aspects of security the

0:06:42.780,0:06:44.759
controls are regularly updated based on

0:06:44.759,0:06:47.039
new threats and vulnerabilities ensuring

0:06:47.039,0:06:49.259
that organizations stay up to date with

0:06:49.259,0:06:51.360
the latest best practices in cyber

0:06:51.360,0:06:53.600
security

0:06:54.780,0:06:57.780
foreign

0:07:01.270,0:07:10.550
[Music]