1 00:00:00,840 --> 00:00:03,840 foreign 2 00:00:19,520 --> 00:00:21,359 introduction to cyber security 3 00:00:21,359 --> 00:00:25,140 Frameworks in today's digital age cyber 4 00:00:25,140 --> 00:00:27,119 security has become a top priority for 5 00:00:27,119 --> 00:00:29,880 individuals and organizations alike with 6 00:00:29,880 --> 00:00:31,679 the increasing number of cyber threats 7 00:00:31,679 --> 00:00:33,719 and attacks it is essential to have a 8 00:00:33,719 --> 00:00:35,520 comprehensive cyber security framework 9 00:00:35,520 --> 00:00:37,260 in place to protect sensitive 10 00:00:37,260 --> 00:00:39,420 information and data cyber security 11 00:00:39,420 --> 00:00:41,579 Frameworks provide a structured approach 12 00:00:41,579 --> 00:00:43,860 to managing and mitigating cyber risks 13 00:00:43,860 --> 00:00:46,440 by outlining best practices guidelines 14 00:00:46,440 --> 00:00:48,960 and standards in this article we will 15 00:00:48,960 --> 00:00:51,059 explore three of the most widely used 16 00:00:51,059 --> 00:00:53,399 cyber security Frameworks this cyber 17 00:00:53,399 --> 00:00:56,100 security framework ISO 270001 18 00:00:56,100 --> 00:00:58,079 information security management system 19 00:00:58,079 --> 00:01:00,360 and CIS controls for Effective cyber 20 00:01:00,360 --> 00:01:02,280 defense by understanding these 21 00:01:02,280 --> 00:01:03,899 Frameworks you can better protect 22 00:01:03,899 --> 00:01:05,519 yourself and your organization from 23 00:01:05,519 --> 00:01:07,380 cyber threats and ensure that your cyber 24 00:01:07,380 --> 00:01:09,299 security measures are up to par with 25 00:01:09,299 --> 00:01:10,979 industry standards 26 00:01:10,979 --> 00:01:15,420 2. this cyber security framework 27 00:01:15,420 --> 00:01:17,580 the nist cyber security framework is a 28 00:01:17,580 --> 00:01:19,320 set of guidelines and best practices 29 00:01:19,320 --> 00:01:21,420 designed to help organizations manage 30 00:01:21,420 --> 00:01:24,180 and reduce cyber security risks it was 31 00:01:24,180 --> 00:01:26,040 developed by the National Institute of 32 00:01:26,040 --> 00:01:28,680 Standards and Technology NISD in 33 00:01:28,680 --> 00:01:30,979 response to executive order 34 00:01:30,979 --> 00:01:33,720 13636 which call for the creation of a 35 00:01:33,720 --> 00:01:35,159 framework that would help critical 36 00:01:35,159 --> 00:01:37,259 infrastructure organizations improve 37 00:01:37,259 --> 00:01:40,020 their cyber security posture the 38 00:01:40,020 --> 00:01:41,700 framework consists of five core 39 00:01:41,700 --> 00:01:44,280 functions identify protect protect 40 00:01:44,280 --> 00:01:47,280 respond and recover each function is 41 00:01:47,280 --> 00:01:49,380 further broken down into categories and 42 00:01:49,380 --> 00:01:51,360 subcategories that provide more specific 43 00:01:51,360 --> 00:01:53,280 guidance on how to implement the 44 00:01:53,280 --> 00:01:54,540 framework 45 00:01:54,540 --> 00:01:56,759 the identify function focuses on 46 00:01:56,759 --> 00:01:58,920 understanding an organization's cyber 47 00:01:58,920 --> 00:02:01,680 security risks and vulnerabilities this 48 00:02:01,680 --> 00:02:04,140 includes identifying all assets systems 49 00:02:04,140 --> 00:02:06,299 and data that need to be protected as 50 00:02:06,299 --> 00:02:08,160 well as assessing the potential impact 51 00:02:08,160 --> 00:02:10,080 of a Cyber attack 52 00:02:10,080 --> 00:02:11,520 the protect function involves 53 00:02:11,520 --> 00:02:13,379 implementing safeguards to protect 54 00:02:13,379 --> 00:02:15,660 against cyber threats this includes 55 00:02:15,660 --> 00:02:17,580 measures such as access controls 56 00:02:17,580 --> 00:02:19,800 encryption and security awareness 57 00:02:19,800 --> 00:02:21,780 training for employees 58 00:02:21,780 --> 00:02:24,060 the detect function involves monitoring 59 00:02:24,060 --> 00:02:26,099 systems and networks for signs of a 60 00:02:26,099 --> 00:02:28,440 Cyber attack this includes implementing 61 00:02:28,440 --> 00:02:30,300 intrusion detection and prevention 62 00:02:30,300 --> 00:02:32,520 systems as well as conducting regular 63 00:02:32,520 --> 00:02:34,680 vulnerability scans and penetration 64 00:02:34,680 --> 00:02:36,060 testing 65 00:02:36,060 --> 00:02:38,160 the respond function involves developing 66 00:02:38,160 --> 00:02:40,440 and implementing a plan to respond to a 67 00:02:40,440 --> 00:02:42,840 Cyber attack this includes establishing 68 00:02:42,840 --> 00:02:45,420 an incident Response Team defining roles 69 00:02:45,420 --> 00:02:47,340 and responsibilities and developing 70 00:02:47,340 --> 00:02:49,319 procedures for containing and mitigating 71 00:02:49,319 --> 00:02:51,480 the effects of an attack 72 00:02:51,480 --> 00:02:53,700 finally recover function involves 73 00:02:53,700 --> 00:02:56,040 restoring normal operations after a 74 00:02:56,040 --> 00:02:58,620 Cyber attack this includes developing a 75 00:02:58,620 --> 00:03:00,720 business continuity plan conducting 76 00:03:00,720 --> 00:03:03,000 backups of critical data and ensuring 77 00:03:03,000 --> 00:03:05,040 that systems can be quickly restored in 78 00:03:05,040 --> 00:03:08,160 the event of an outage overall the nist 79 00:03:08,160 --> 00:03:10,140 cyber security framework provides a 80 00:03:10,140 --> 00:03:12,180 comprehensive approach to managing cyber 81 00:03:12,180 --> 00:03:14,340 security risks by following its 82 00:03:14,340 --> 00:03:15,659 guidelines and best practices 83 00:03:15,659 --> 00:03:17,640 organizations can better protect 84 00:03:17,640 --> 00:03:19,560 themselves against cyber threats and 85 00:03:19,560 --> 00:03:22,260 ensure the confidentiality integrity and 86 00:03:22,260 --> 00:03:25,560 availability of their sensitive data 3. 87 00:03:25,560 --> 00:03:28,560 ISO 27001 information security 88 00:03:28,560 --> 00:03:32,459 management system the iso 27001 89 00:03:32,459 --> 00:03:34,500 information security management system 90 00:03:34,500 --> 00:03:37,140 is a globally recognized framework that 91 00:03:37,140 --> 00:03:38,879 provides a systematic approach to 92 00:03:38,879 --> 00:03:41,340 managing sensitive information it 93 00:03:41,340 --> 00:03:43,200 outlines a set of best practices for 94 00:03:43,200 --> 00:03:45,540 establishing implementing maintaining 95 00:03:45,540 --> 00:03:47,400 and continually improving an 96 00:03:47,400 --> 00:03:49,140 organization's information security 97 00:03:49,140 --> 00:03:52,200 management system the frame work is 98 00:03:52,200 --> 00:03:54,120 designed to help organizations identify 99 00:03:54,120 --> 00:03:55,680 and manage risk to their information 100 00:03:55,680 --> 00:03:58,080 assets including confidential data 101 00:03:58,080 --> 00:04:00,060 intellectual property and customer 102 00:04:00,060 --> 00:04:02,459 information it also helps ensure 103 00:04:02,459 --> 00:04:05,280 compliance with legal Regulatory and 104 00:04:05,280 --> 00:04:07,200 contractual requirements related to 105 00:04:07,200 --> 00:04:08,840 information security 106 00:04:08,840 --> 00:04:12,299 ISO 27001 consists of several key 107 00:04:12,299 --> 00:04:14,519 components including risk assessment and 108 00:04:14,519 --> 00:04:16,560 treatment security controls and 109 00:04:16,560 --> 00:04:18,720 continuous Improvement the framework 110 00:04:18,720 --> 00:04:20,519 emphasizes the importance of a 111 00:04:20,519 --> 00:04:22,019 risk-based approach to information 112 00:04:22,019 --> 00:04:24,360 security which involves identifying 113 00:04:24,360 --> 00:04:26,160 potential threats and vulnerabilities 114 00:04:26,160 --> 00:04:28,500 assessing the likelihood and impact of 115 00:04:28,500 --> 00:04:30,540 those risks and implementing appropriate 116 00:04:30,540 --> 00:04:33,300 controls to mitigate them one of the 117 00:04:33,300 --> 00:04:36,180 strengths of iso 27001 is its 118 00:04:36,180 --> 00:04:38,580 flexibility the framework can be adapted 119 00:04:38,580 --> 00:04:40,380 to suit the specific needs of different 120 00:04:40,380 --> 00:04:42,660 organizations regardless of their size 121 00:04:42,660 --> 00:04:45,660 industry or location it can also be 122 00:04:45,660 --> 00:04:47,580 integrated with other management systems 123 00:04:47,580 --> 00:04:49,500 such as quality management or 124 00:04:49,500 --> 00:04:51,440 Environmental Management to create a 125 00:04:51,440 --> 00:04:53,699 comprehensive approach to organizational 126 00:04:53,699 --> 00:04:55,139 governance 127 00:04:55,139 --> 00:04:58,199 overall the iso 27001 information 128 00:04:58,199 --> 00:05:00,600 security management system is a valuable 129 00:05:00,600 --> 00:05:02,520 tool for organizations looking to 130 00:05:02,520 --> 00:05:04,380 establish a robust and effective 131 00:05:04,380 --> 00:05:06,780 information security program by 132 00:05:06,780 --> 00:05:08,340 following the framework's guidelines 133 00:05:08,340 --> 00:05:10,500 organizations can better protect their 134 00:05:10,500 --> 00:05:12,720 sensitive information reduce the risk of 135 00:05:12,720 --> 00:05:14,639 cyber attacks and demonstrate their 136 00:05:14,639 --> 00:05:16,620 commitment to security to stakeholders 137 00:05:16,620 --> 00:05:18,620 and customers alike 138 00:05:18,620 --> 00:05:21,720 4. CIS controls for Effective cyber 139 00:05:21,720 --> 00:05:24,600 defense the center for Internet Security 140 00:05:24,600 --> 00:05:27,720 Cas controls is a set of best practices 141 00:05:27,720 --> 00:05:29,880 designed to help organizations protect 142 00:05:29,880 --> 00:05:31,740 their systems and data from cyber 143 00:05:31,740 --> 00:05:34,020 threats the controls are organized into 144 00:05:34,020 --> 00:05:36,960 three categories basic foundational and 145 00:05:36,960 --> 00:05:38,460 organizational 146 00:05:38,460 --> 00:05:40,740 the basic controls include measures such 147 00:05:40,740 --> 00:05:42,720 as inventory and control of Hardware 148 00:05:42,720 --> 00:05:45,660 assets inventory and control of software 149 00:05:45,660 --> 00:05:47,759 assets continuous vulnerability 150 00:05:47,759 --> 00:05:49,680 management and controlled use of 151 00:05:49,680 --> 00:05:52,199 administrative privileges these controls 152 00:05:52,199 --> 00:05:53,639 are considered essential for any 153 00:05:53,639 --> 00:05:55,800 organization that wants to establish a 154 00:05:55,800 --> 00:05:58,199 strong cyber security posture 155 00:05:58,199 --> 00:06:00,240 the foundational controls build upon the 156 00:06:00,240 --> 00:06:02,160 basic controls and include measures such 157 00:06:02,160 --> 00:06:04,500 as email and web browser protections 158 00:06:04,500 --> 00:06:06,660 malware defenses data recovery 159 00:06:06,660 --> 00:06:08,820 capabilities and secure configurations 160 00:06:08,820 --> 00:06:11,699 for network devices these controls are 161 00:06:11,699 --> 00:06:13,560 designed to provide additional layers of 162 00:06:13,560 --> 00:06:16,440 protection against common cyber threats 163 00:06:16,440 --> 00:06:19,199 finally organizational controls focus on 164 00:06:19,199 --> 00:06:21,479 the policies procedures and training 165 00:06:21,479 --> 00:06:23,639 necessary to maintain an effective cyber 166 00:06:23,639 --> 00:06:26,220 security program these controls include 167 00:06:26,220 --> 00:06:28,020 measures such as security awareness 168 00:06:28,020 --> 00:06:30,360 training incident response planning and 169 00:06:30,360 --> 00:06:33,300 penetration testing by implementing the 170 00:06:33,300 --> 00:06:35,699 sys controls organizations can establish 171 00:06:35,699 --> 00:06:37,680 a comprehensive cyber security program 172 00:06:37,680 --> 00:06:40,080 that addresses both Technical and 173 00:06:40,080 --> 00:06:42,780 organizational aspects of security the 174 00:06:42,780 --> 00:06:44,759 controls are regularly updated based on 175 00:06:44,759 --> 00:06:47,039 new threats and vulnerabilities ensuring 176 00:06:47,039 --> 00:06:49,259 that organizations stay up to date with 177 00:06:49,259 --> 00:06:51,360 the latest best practices in cyber 178 00:06:51,360 --> 00:06:53,600 security 179 00:06:54,780 --> 00:06:57,780 foreign 180 00:07:01,270 --> 00:07:10,550 [Music]