Control 19 Mapping to the NIST Cybersecurity Framework
9 hours 54 minutes
everyone. Welcome back to the core. So in the last video, we took a look at an overview of CS Control 19 which is for incident response and management.
In this video, we're to take a look at how that maps up to the NIST cybersecurity framework.
So some control 19 1 We just want to make sure we're documenting our incident response procedures. We wanna have that in place before we actually have an incident. Right? So we want to make sure that we've got some kind of ir plan some BCP or DRP plans on, actually, all of the above, right.
We want to make sure we have that in place and that maps to P r I P 94 nist CSF
sub control 19 to We want to make sure everyone understands what their role is during any type of incident. Right? So we want to sign job titles and then their duties for the incident response process. So this match match maps up to several of the CSF one. So p r i p nine i d gv. Two
r s c 01
and d d P. One
some control 19 3 So we want to decimate management personnel to support the incident handling. So who do we go to when we have questions? Who should be doing what we want to make sure that we have decimated people to fight to handle those responsibilities when we need that input
Some control. 19 4 We want Teoh create organization wide standards for reporting incidents. So again, going back to the If you see something, say something, teach people how they could do that put things in place where makes it easy for them to say, Hey, this doesn't look right or hey, my computer's acting up today so you can be alerted to those incidents early on
some control 19 5 Maintaining contact information for the reporting of security incidents because you may have to report to say like the FBI or something. So making sure that everyone has that contact information so they can easily do the reporting during some type of incident, you might also be a health care company and have to report toe CMS, which is centers for Medicaid services.
Or you might have to report some other government agency right, so just make sure that you've got that
appropriate contact information readily available for you.
Some control. 19 6 Reporting any types of computer anomalies or incidents. So again, that's where we go back to training our end users so we can get them to report all these things to US
19 7 conducting periodic incident scenario sessions for personnel. So again, just
there's no point in having an instant response plan. If we never tested right, because by testing it, we can then say, Oh, this person didn't understand this. So let's add this thing in here.
Oops, we noticed everyone did this. Let's add this thing in here to prevent against that. So that way, when a real incident happens, you have a nice, smooth process, or at least a smooth. It's possible to respond to that incident.
Sub control 19.8, creating incidents, scoring and prioritization. So, basically having a systematic where you prioritize. Okay, well, this is the incident, and this is what's happening. But
what's the biggest priority here? Right? Should we stop this? Should we do this? Should we do this? What should we do and make that inconsistent with your actually incident response plan?
So in this video, we just talked through control 19. And how that maps up to the new cybersecurity framework again. Control 19 is incident response and management.
In the next video, we're gonna do a hands on lab where we're gonna do Ah, initial attack analysis. And so again, with all the hands on labs in this course, there are step by step guides. Be sure to download those from the resource is section of the course.