WEBVTT

00:00:00.840 --> 00:00:03.840
foreign

00:00:19.520 --> 00:00:21.359
introduction to cyber security

00:00:21.359 --> 00:00:25.140
Frameworks in today's digital age cyber

00:00:25.140 --> 00:00:27.119
security has become a top priority for

00:00:27.119 --> 00:00:29.880
individuals and organizations alike with

00:00:29.880 --> 00:00:31.679
the increasing number of cyber threats

00:00:31.679 --> 00:00:33.719
and attacks it is essential to have a

00:00:33.719 --> 00:00:35.520
comprehensive cyber security framework

00:00:35.520 --> 00:00:37.260
in place to protect sensitive

00:00:37.260 --> 00:00:39.420
information and data cyber security

00:00:39.420 --> 00:00:41.579
Frameworks provide a structured approach

00:00:41.579 --> 00:00:43.860
to managing and mitigating cyber risks

00:00:43.860 --> 00:00:46.440
by outlining best practices guidelines

00:00:46.440 --> 00:00:48.960
and standards in this article we will

00:00:48.960 --> 00:00:51.059
explore three of the most widely used

00:00:51.059 --> 00:00:53.399
cyber security Frameworks this cyber

00:00:53.399 --> 00:00:56.100
security framework ISO 270001

00:00:56.100 --> 00:00:58.079
information security management system

00:00:58.079 --> 00:01:00.360
and CIS controls for Effective cyber

00:01:00.360 --> 00:01:02.280
defense by understanding these

00:01:02.280 --> 00:01:03.899
Frameworks you can better protect

00:01:03.899 --> 00:01:05.519
yourself and your organization from

00:01:05.519 --> 00:01:07.380
cyber threats and ensure that your cyber

00:01:07.380 --> 00:01:09.299
security measures are up to par with

00:01:09.299 --> 00:01:10.979
industry standards

00:01:10.979 --> 00:01:15.420
2. this cyber security framework

00:01:15.420 --> 00:01:17.580
the nist cyber security framework is a

00:01:17.580 --> 00:01:19.320
set of guidelines and best practices

00:01:19.320 --> 00:01:21.420
designed to help organizations manage

00:01:21.420 --> 00:01:24.180
and reduce cyber security risks it was

00:01:24.180 --> 00:01:26.040
developed by the National Institute of

00:01:26.040 --> 00:01:28.680
Standards and Technology NISD in

00:01:28.680 --> 00:01:30.979
response to executive order

00:01:30.979 --> 00:01:33.720
13636 which call for the creation of a

00:01:33.720 --> 00:01:35.159
framework that would help critical

00:01:35.159 --> 00:01:37.259
infrastructure organizations improve

00:01:37.259 --> 00:01:40.020
their cyber security posture the

00:01:40.020 --> 00:01:41.700
framework consists of five core

00:01:41.700 --> 00:01:44.280
functions identify protect protect

00:01:44.280 --> 00:01:47.280
respond and recover each function is

00:01:47.280 --> 00:01:49.380
further broken down into categories and

00:01:49.380 --> 00:01:51.360
subcategories that provide more specific

00:01:51.360 --> 00:01:53.280
guidance on how to implement the

00:01:53.280 --> 00:01:54.540
framework

00:01:54.540 --> 00:01:56.759
the identify function focuses on

00:01:56.759 --> 00:01:58.920
understanding an organization's cyber

00:01:58.920 --> 00:02:01.680
security risks and vulnerabilities this

00:02:01.680 --> 00:02:04.140
includes identifying all assets systems

00:02:04.140 --> 00:02:06.299
and data that need to be protected as

00:02:06.299 --> 00:02:08.160
well as assessing the potential impact

00:02:08.160 --> 00:02:10.080
of a Cyber attack

00:02:10.080 --> 00:02:11.520
the protect function involves

00:02:11.520 --> 00:02:13.379
implementing safeguards to protect

00:02:13.379 --> 00:02:15.660
against cyber threats this includes

00:02:15.660 --> 00:02:17.580
measures such as access controls

00:02:17.580 --> 00:02:19.800
encryption and security awareness

00:02:19.800 --> 00:02:21.780
training for employees

00:02:21.780 --> 00:02:24.060
the detect function involves monitoring

00:02:24.060 --> 00:02:26.099
systems and networks for signs of a

00:02:26.099 --> 00:02:28.440
Cyber attack this includes implementing

00:02:28.440 --> 00:02:30.300
intrusion detection and prevention

00:02:30.300 --> 00:02:32.520
systems as well as conducting regular

00:02:32.520 --> 00:02:34.680
vulnerability scans and penetration

00:02:34.680 --> 00:02:36.060
testing

00:02:36.060 --> 00:02:38.160
the respond function involves developing

00:02:38.160 --> 00:02:40.440
and implementing a plan to respond to a

00:02:40.440 --> 00:02:42.840
Cyber attack this includes establishing

00:02:42.840 --> 00:02:45.420
an incident Response Team defining roles

00:02:45.420 --> 00:02:47.340
and responsibilities and developing

00:02:47.340 --> 00:02:49.319
procedures for containing and mitigating

00:02:49.319 --> 00:02:51.480
the effects of an attack

00:02:51.480 --> 00:02:53.700
finally recover function involves

00:02:53.700 --> 00:02:56.040
restoring normal operations after a

00:02:56.040 --> 00:02:58.620
Cyber attack this includes developing a

00:02:58.620 --> 00:03:00.720
business continuity plan conducting

00:03:00.720 --> 00:03:03.000
backups of critical data and ensuring

00:03:03.000 --> 00:03:05.040
that systems can be quickly restored in

00:03:05.040 --> 00:03:08.160
the event of an outage overall the nist

00:03:08.160 --> 00:03:10.140
cyber security framework provides a

00:03:10.140 --> 00:03:12.180
comprehensive approach to managing cyber

00:03:12.180 --> 00:03:14.340
security risks by following its

00:03:14.340 --> 00:03:15.659
guidelines and best practices

00:03:15.659 --> 00:03:17.640
organizations can better protect

00:03:17.640 --> 00:03:19.560
themselves against cyber threats and

00:03:19.560 --> 00:03:22.260
ensure the confidentiality integrity and

00:03:22.260 --> 00:03:25.560
availability of their sensitive data 3.

00:03:25.560 --> 00:03:28.560
ISO 27001 information security

00:03:28.560 --> 00:03:32.459
management system the iso 27001

00:03:32.459 --> 00:03:34.500
information security management system

00:03:34.500 --> 00:03:37.140
is a globally recognized framework that

00:03:37.140 --> 00:03:38.879
provides a systematic approach to

00:03:38.879 --> 00:03:41.340
managing sensitive information it

00:03:41.340 --> 00:03:43.200
outlines a set of best practices for

00:03:43.200 --> 00:03:45.540
establishing implementing maintaining

00:03:45.540 --> 00:03:47.400
and continually improving an

00:03:47.400 --> 00:03:49.140
organization's information security

00:03:49.140 --> 00:03:52.200
management system the frame work is

00:03:52.200 --> 00:03:54.120
designed to help organizations identify

00:03:54.120 --> 00:03:55.680
and manage risk to their information

00:03:55.680 --> 00:03:58.080
assets including confidential data

00:03:58.080 --> 00:04:00.060
intellectual property and customer

00:04:00.060 --> 00:04:02.459
information it also helps ensure

00:04:02.459 --> 00:04:05.280
compliance with legal Regulatory and

00:04:05.280 --> 00:04:07.200
contractual requirements related to

00:04:07.200 --> 00:04:08.840
information security

00:04:08.840 --> 00:04:12.299
ISO 27001 consists of several key

00:04:12.299 --> 00:04:14.519
components including risk assessment and

00:04:14.519 --> 00:04:16.560
treatment security controls and

00:04:16.560 --> 00:04:18.720
continuous Improvement the framework

00:04:18.720 --> 00:04:20.519
emphasizes the importance of a

00:04:20.519 --> 00:04:22.019
risk-based approach to information

00:04:22.019 --> 00:04:24.360
security which involves identifying

00:04:24.360 --> 00:04:26.160
potential threats and vulnerabilities

00:04:26.160 --> 00:04:28.500
assessing the likelihood and impact of

00:04:28.500 --> 00:04:30.540
those risks and implementing appropriate

00:04:30.540 --> 00:04:33.300
controls to mitigate them one of the

00:04:33.300 --> 00:04:36.180
strengths of iso 27001 is its

00:04:36.180 --> 00:04:38.580
flexibility the framework can be adapted

00:04:38.580 --> 00:04:40.380
to suit the specific needs of different

00:04:40.380 --> 00:04:42.660
organizations regardless of their size

00:04:42.660 --> 00:04:45.660
industry or location it can also be

00:04:45.660 --> 00:04:47.580
integrated with other management systems

00:04:47.580 --> 00:04:49.500
such as quality management or

00:04:49.500 --> 00:04:51.440
Environmental Management to create a

00:04:51.440 --> 00:04:53.699
comprehensive approach to organizational

00:04:53.699 --> 00:04:55.139
governance

00:04:55.139 --> 00:04:58.199
overall the iso 27001 information

00:04:58.199 --> 00:05:00.600
security management system is a valuable

00:05:00.600 --> 00:05:02.520
tool for organizations looking to

00:05:02.520 --> 00:05:04.380
establish a robust and effective

00:05:04.380 --> 00:05:06.780
information security program by

00:05:06.780 --> 00:05:08.340
following the framework's guidelines

00:05:08.340 --> 00:05:10.500
organizations can better protect their

00:05:10.500 --> 00:05:12.720
sensitive information reduce the risk of

00:05:12.720 --> 00:05:14.639
cyber attacks and demonstrate their

00:05:14.639 --> 00:05:16.620
commitment to security to stakeholders

00:05:16.620 --> 00:05:18.620
and customers alike

00:05:18.620 --> 00:05:21.720
4. CIS controls for Effective cyber

00:05:21.720 --> 00:05:24.600
defense the center for Internet Security

00:05:24.600 --> 00:05:27.720
Cas controls is a set of best practices

00:05:27.720 --> 00:05:29.880
designed to help organizations protect

00:05:29.880 --> 00:05:31.740
their systems and data from cyber

00:05:31.740 --> 00:05:34.020
threats the controls are organized into

00:05:34.020 --> 00:05:36.960
three categories basic foundational and

00:05:36.960 --> 00:05:38.460
organizational

00:05:38.460 --> 00:05:40.740
the basic controls include measures such

00:05:40.740 --> 00:05:42.720
as inventory and control of Hardware

00:05:42.720 --> 00:05:45.660
assets inventory and control of software

00:05:45.660 --> 00:05:47.759
assets continuous vulnerability

00:05:47.759 --> 00:05:49.680
management and controlled use of

00:05:49.680 --> 00:05:52.199
administrative privileges these controls

00:05:52.199 --> 00:05:53.639
are considered essential for any

00:05:53.639 --> 00:05:55.800
organization that wants to establish a

00:05:55.800 --> 00:05:58.199
strong cyber security posture

00:05:58.199 --> 00:06:00.240
the foundational controls build upon the

00:06:00.240 --> 00:06:02.160
basic controls and include measures such

00:06:02.160 --> 00:06:04.500
as email and web browser protections

00:06:04.500 --> 00:06:06.660
malware defenses data recovery

00:06:06.660 --> 00:06:08.820
capabilities and secure configurations

00:06:08.820 --> 00:06:11.699
for network devices these controls are

00:06:11.699 --> 00:06:13.560
designed to provide additional layers of

00:06:13.560 --> 00:06:16.440
protection against common cyber threats

00:06:16.440 --> 00:06:19.199
finally organizational controls focus on

00:06:19.199 --> 00:06:21.479
the policies procedures and training

00:06:21.479 --> 00:06:23.639
necessary to maintain an effective cyber

00:06:23.639 --> 00:06:26.220
security program these controls include

00:06:26.220 --> 00:06:28.020
measures such as security awareness

00:06:28.020 --> 00:06:30.360
training incident response planning and

00:06:30.360 --> 00:06:33.300
penetration testing by implementing the

00:06:33.300 --> 00:06:35.699
sys controls organizations can establish

00:06:35.699 --> 00:06:37.680
a comprehensive cyber security program

00:06:37.680 --> 00:06:40.080
that addresses both Technical and

00:06:40.080 --> 00:06:42.780
organizational aspects of security the

00:06:42.780 --> 00:06:44.759
controls are regularly updated based on

00:06:44.759 --> 00:06:47.039
new threats and vulnerabilities ensuring

00:06:47.039 --> 00:06:49.259
that organizations stay up to date with

00:06:49.259 --> 00:06:51.360
the latest best practices in cyber

00:06:51.360 --> 00:06:53.600
security

00:06:54.780 --> 00:06:57.780
foreign

00:07:01.270 --> 00:07:10.550
[Music]