Overview
Explore a comprehensive model for organizing and simplifying cybersecurity frameworks in this 40-minute conference talk from the RSA Conference. Learn how to effectively implement and communicate common frameworks to build a more robust security program. Gain insights from Frank Kim, a senior instructor at SANS Institute and experienced CISO, as he shares his expertise on integrating various security frameworks. Discover how to organize different types of frameworks, use them in conjunction, and effectively communicate results to drive program execution. Ideal for security leaders with experience in building and leading security programs, this talk covers control frameworks like NIST SP 853 and CIS Controls, program frameworks such as ISO 27000 and NIST CSF, and risk frameworks including NIST Risk Standards and the FAIR Model. Acquire valuable knowledge on framework mapping, risk management, and the Intrusion Kill Chain to enhance your cybersecurity strategy.
Syllabus
Introduction
Cooking
Overview
Control frameworks
Why use a control framework
NIST SP 853
SP 853 Overview
Control Enhancement
CIS Controls
Free Resources
Program Frameworks
ISO 27000
MS Requirements
NIST CSF
Framework Mapping
Risk Frameworks
NIST Risk Standards
RMF
ISO27000
Fair Model
Risk
Intrusion Kill Chain
Summary
Contact Information
Taught by
RSA Conference