#5 - Cyber Frameworks

Cyber Frameworks help CISOs build, measure, and execute top-notch information security programs. This podcast overviews the differences between Cyber Control Frameworks (CIS Controls & NIST 800-53), Program Frameworks (ISO 27001 & NIST CSF), and Risk Frameworks (FAIR, ISO 27005, & NIST 800-39) as well as provides useful tips on how to implement them. Chapters 00:00 Introductions 03:29 Creating a Framework for Cyber Security Programs 06:48 What are the Most Important Controls 11:08 Having an Inventory of Your Network Assets 14:01 Patch Tuesday and Remediation 18:20 Penetration Testing - The Last of the 20 SANS Controls 20:58 What's the NIST Cyber Security Framework 29:17 The Evolution of Security Controls 35:03 ISO 27000 Series Gap Analysis 40:03 Cyber is in the Business of Revenue Protection 44:53 The Risk Matrix - Likelihood and Impact 49:32 Risk Management & Continuous Vulnerability Management 51:41 Your four options? (Accept, Mitigate, Avoid, or Assign)

Om Podcasten

Welcome to CISO Tradecraft®, your guide to mastering the art of being a top-tier Chief Information Security Officer (CISO). Our podcast empowers you to elevate your information security skills to an executive level. Join us on this journey through the domains of effective CISO leadership. © Copyright 2025, National Security Corporation. All Rights Reserved