Best Practices in Adopting NIST and CIS Control Frameworks

I recently gave a Webinar on how organisations, even outside of the US Federal Government can use NIST’s Cyber Security Framework and Risk Management Framework, in conjunction with control frameworks like CIS, ISO 27002 or COBIT, to develop an operating model that bridges the gulf between cyber risk and operations functions. So often the information we need to build cohesive workflows between the different silos even within cyber security functions, let-or-loan the wider business, resides on different systems in different formats. Atop of this, CISOs may need to confirm to many different contractual and regulatory obligations for which they must demonstrate compliance with, but while facing continual change.

The traditional annual cycle of audit and remedial actions cannot keep pace with the rapidly changing pace of change in IT and adversary behaviour. Our manual ad-hoc processes simply do not scale to address the level of threat organisations face. In the session I discuss how to build a granular real-time controls monitoring capability that drives continual improvement, starting at whatever maturity level your organisation currently resides. I also discuss how Cyber Security Framework profiles can be used as a basis to drive cyber transformation, and demonstrate an end-to-end example of a continual controls monitoring from assessing and treating the cyber risk using NIST Risk Management Framework, to control selection and operationalisation using NIST Cyber Security Framework and the CIS Critical Controls.

You can view the Webinar at BrightTALK.