Welcome back to CyberRays is, of course, I'm your instructor. Brad Roads.
Let's jump into the nests. Cybersecurity framework.
So in this lesson, we're going to review the framework. We're gonna talk about the category identifiers, and then we're going to do an example based on the framework.
So the Knicks cybersecurity framework is a favorite of mine. I have been using this for about 10 years now. I teach it to defenders. I teach it to organizations that don't have anything in place to begin with. And this is a great starting point. Um, it's broken down into five areas. Identify protect the tech, respond and recover.
So and identify. That's our assets, right? We got to know what we got and assets or systems. People data and those risks associate ID
um, in protect. That's where we're implementing our security controls. You remember the security controls we talked about in 853? Obviously, there's multiple processes that *** he can use to implement those. But that's where we look at that
in detection. That's where we've employed those those security controls we talked about and protect. And now we're actually catching the bad guy in the act right? Hopefully where you've got controls in place, perhaps, like say firewalls and a network intrusion prevention systems and everything like that that keeps the bad guys out, right?
Or maybe we don't have the money for that. And we only have I DS. And now we have to move
into the next phase of the cybersecurity framework which is respond and so respond is pretty straightforward. Something bad has happened,
right? And we now have to deal with the cybersecurity incident,
right? And then, of course, the last one there is recover. And that's where we put the pieces back together. Obviously, our goal is to spend a lot of time in protect and detect right where we we we determine the right safeguards and controls those mitigations that help us to reduce our risk, right? And then the detect portion where
we're catching the bad guys in the act,
right? And hopefully we have controls in place that allow us to prevent the bad guys from doing something. But if we don't, then we have to deal with the rest off the cycle.
in our category, identify IRS right within the this cybersecurity framework There subsets if you will, for each of them. For example, in I d identifier, you've got things like asset management, risk management supply, chain judgment. You have seen all of these things before, and you'll note that we talked about the fact that it sees
have a lot of great starting points from the NUS guidance. And this is a great example of that.
Um, if we go down to detect, we have continuous monitoring. We've seen this before. You go to respond, we've seen communications, right? We've talked about that, right? Um, in the protect we've talked about identity management and access control are like that. I triple a piece. So you'll note that across
the NUS cybersecurity framework are a lot of things that
ISI is inherently do. And obviously, this is a great framework toe work with your cyber security teams. Your info SEC teams, if they have to do incident, response.
So let's look at the supply chain example, and we have talked about supply chain a number of times, and you might get the feeling that supply chain is kind of important. It absolutely is. And so when you look at the supply chain, risk management area. There's four different things. We talk about the risk management itself. We look at the third parties, right?
We need to understand when we procure from a third party,
um, that we might actually be buying something that's already compromised. Right? Because we again we talked about when we talk about supply chain. Remember, the more complex your supply chain is, the less visibility you have from the top. Looking out to the very edge of that supply chain. I'm not super concerning today when you think about all the things in the news about
various countries, you know, co opting supply chains, putting in back doors, that kind of thing. So we have to be very cognizant of that. Right? Um,
another piece here is contracts, right? Maybe something didn't think about when we do our contracts, right? We can actually build in measures to toe hold the suppliers, especially third party suppliers, accountable for what they deliver or not. Or if we discover something in that right, we could potentially
then not use that element or product or service.
Um, And then, of course, we talk about audits, right when you talk about dealing with third parties in the supply chain. If you do not specify in the contract, for example, that audit charred testing or something that we're going to do, then guess what you don't get to do it right. So it is very, very important right to understand the eco system of supply chains
when we talked about supply chains a number of times,
and it's very important, as it sees right. Sometimes we're the only people that understand the complexity of the supply chain and the risks that come with it.
All right, so in this lesson, we look at the NUS cybersecurity framework.
We looked at the category identifiers, and then we talk through a supply chain example and all those different subparts right again just to highlight what's great about the Knicks documentation is that it provides you a great starting point. You don't have to reinvent the wheel on this right? This gives you the questions to ask. As an ISI, when you're looking across the five areas of the framework,
we'll see you next time