NIST Cybersecurity Framework
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Time
5 hours 58 minutes
Difficulty
Intermediate
CEU/CPE
6
Video Transcription
00:00
>> Welcome back to Cybrary course.
00:00
I'm your instructor, Brad Rhodes.
00:00
Let's jump into the NIST Cybersecurity Framework.
00:00
In this lesson, we're going to review the framework.
00:00
We're going to talk about the category identifiers and
00:00
then we're going to do an example
00:00
>> based on the framework.
00:00
>> The NIST Cybersecurity Framework is a favorite of mine.
00:00
I have been using this for about 10 years now.
00:00
I teach it to defenders,
00:00
I teach it to organizations that
00:00
don't have anything in place to begin with,
00:00
and this is a great starting point.
00:00
It's broken down into five areas.
00:00
Identify, protect, detect, respond, and recover.
00:00
Identify. That's our assets,
00:00
we get to know what we got and assets are systems,
00:00
people, data, and those risks associated.
00:00
In protect, that's where we're
00:00
implementing our security controls.
00:00
You remember the security controls we
00:00
talked about in 853?
00:00
Obviously, there's multiple processes
00:00
that an AC can use to implement those,
00:00
but that's where we look at that.
00:00
In detection, that's where we've
00:00
employed those security controls
00:00
we talked about and protect and now we're
00:00
actually catching the bad guy in the act.
00:00
Hopefully where you've got
00:00
controls in place, perhaps like say,
00:00
firewalls and
00:00
network intrusion prevention systems
00:00
and everything like that,
00:00
that keeps the bad guys out.
00:00
Or maybe we don't
00:00
have the money for that and we only have IDSs,
00:00
and now we have to move into
00:00
the next phase of the cybersecurity framework,
00:00
which is respond, and
00:00
so respond is pretty straightforward.
00:00
Something bad has happened.
00:00
We now have to deal with a cybersecurity incident,
00:00
and then, of course, the last one there is recover,
00:00
and that's where we put the pieces back together.
00:00
Obviously, our goal is to spend a lot of time
00:00
in protect and detect where
00:00
we determine the right safeguards and
00:00
controls those mitigations that
00:00
help us to reduce our risk,
00:00
and then the detect portion
00:00
where we're catching the bad guys in the act,
00:00
and hopefully we have controls in
00:00
place that allow us to prevent
00:00
the bad guys from doing something.
00:00
But if we don't, then we have to deal with
00:00
the rest of the cycle.
00:00
In our category identifier is right
00:00
within the NIST cybersecurity framework,
00:00
there are subsets, if you will, for each of them.
00:00
For example, in ID, identifier,
00:00
you've got things like asset management,
00:00
risk management, supply chain risk management.
00:00
You have seen all of these things
00:00
before and you'll note that we talked
00:00
about the fact that ACs have a lot of
00:00
great starting points from the NIST guidance,
00:00
and this is a great example of that.
00:00
If we go down to detect,
00:00
we have continuous monitoring.
00:00
We've seen this before. You go to respond.
00:00
We've seen communications.
00:00
We've talked about that in the protect.
00:00
We've talked about identity management
00:00
and access control or like that IAAAP.
00:00
You'll note that across
00:00
the NIST Cybersecurity Framework are a lot of
00:00
things that ACs inherently do,
00:00
and obviously this is a great framework
00:00
to work with your cybersecurity teams,
00:00
your InfoSec teams if they have to do incident response.
00:00
Let's look at a supply chain example,
00:00
and we have talked about
00:00
supply chain at number of times,
00:00
and you might get the feeling
00:00
that supply chain is kind of important.
00:00
It absolutely is,
00:00
and so when you look at
00:00
the supply chain risk management area,
00:00
there's four different things we talk
00:00
about the risk management itself,
00:00
we look at the third parties.
00:00
We need to understand when we procure from
00:00
a third party that
00:00
we might actually be buying
00:00
something that's already compromised.
00:00
Because we again, when we talked about supply chain,
00:00
remember that the more complex your supply chain is,
00:00
the less visibility you have from the top
00:00
looking out to the very edge of that supply chain,
00:00
and that's super concerning today when you think about
00:00
all the things in the news about various countries,
00:00
co-opting supply chains,
00:00
putting in back doors, that kind of thing.
00:00
We have to be very cognizant of that.
00:00
Another piece here is contracts,
00:00
maybe something you didn't think about when we do
00:00
our contracts we can actually build
00:00
in measures to hold the suppliers,
00:00
especially third-party suppliers,
00:00
accountable for what they deliver or not.
00:00
Or if we discover something in that,
00:00
we could potentially then not
00:00
use that element or product or service,
00:00
and then, of course, we talked about audits.
00:00
When you talk about dealing with
00:00
third parties and the supply chain,
00:00
if you do not specify in the contract, for example,
00:00
that audit charred testing or something
00:00
that we're going to do, then guess what?
00:00
You don't get to do it,
00:00
so it is very important to
00:00
understand the ecosystem of supply chains,
00:00
and we've talked about supply
00:00
chains and number of times,
00:00
and it's very important
00:00
as sometimes we're the only people that
00:00
understand the complexity of
00:00
the supply chain and the risks that come with it.
00:00
In this lesson, we looked
00:00
at the NIST Cybersecurity Framework.
00:00
We looked at the category identifiers and then we talked
00:00
through a supply chain example
00:00
and all those different sub-parts.
00:00
Again, just to highlight,
00:00
what's great about the NIST documentation
00:00
is that it provides you a great starting point.
00:00
You don't have to reinvent the wheel on this.
00:00
This gives you the questions to ask as an EC,
00:00
when you're looking across the five areas
00:00
of the framework, will see you next time.
Up Next
Similar Content
