Private Sector Requirements

00:01

All right. Welcome to less than 3.3. We're gonna talk about some private sector requirements and how they could affect your vulnerability management process.

00:10

All right, so we're learning objectives. We're gonna be talking about some of the private sector requirements you might face. You may see them. You may not. Depending on what kind of organization you are, you might have different cyber security requirements.

00:24

Some of the global and emerging cyber security policies. That might be good to know, um, or take a look at even if they don't apply to you might be might be good to help improve your security practices

00:34

on then some takeaways for executive leadership.

00:38

So the private sector, you know, Mr Guidance, I say, for private or public NIST puts out some really great documentation. If you have questions on, uh, I o t mobile device management network segmentation zero trust architecture, anything like that

00:55

on this test, um, they put a lot of work into their guidance.

00:59

So even if you're in the private sector, there's a lot of great stuff out there that you can use to help secure your environment.

01:06

Cyber security insurance. Um, it's a relatively new concept. I know it's been around for a few years, but, um, it's a great way to help reduce your risk. Well, really, you're transferring your risk, but it's a great It's another way if you can't quite secure environment just makes more sense to

01:23

Teoh. Have someone else help you with that. You can always look at cyber security

01:26

insurance.

01:27

Three. I s 0 to 27 000 Siri's with AII See the International Electro Technical Commission. They have some really great documentation as well and some standards that we need to follow.

01:41

Um I Tripoli, the Institute of Electrical and Electronics Engineers. There's a lot of great research, any information that I Tripoli has related to cybersecurity best practices, really good technical guides so that there's some great information there if you're curious,

01:59

Um, and a lot of vendors have best practice guides. So, like a Cisco, they have ah, security best practice guide.

02:05

Um, Citrix. They have great, uh, security best practice guides. So, Microsoft, any of those those big vendors, even if you don't quite know where to go, you can go to their website, look for best practice guides and you'll be on your way, and that'll at least give you,

02:21

especially if you're a smaller organization. You can take some of these things to help slowly start improving security.

02:27

Um, so again, the NIST guidance some of the great stuff that's out there, the risk management framework. Um,

02:34

if you're interested in learning more, I did a risk management framework course with cyber. You can check that out. It's a great process, especially if you're again not not quite as mature or you're looking to mature your vulnerability management program. There's some great information in there.

02:49

A small was a cybersecurity framework. There's air to great frameworks that you can take depending on what kind of business you are.

02:55

Um, add them and then you can kind of tailor them to what you dio

03:00

the next 853. Our four. Ah, soon we're gonna be looking out for our five in draft form. Right now, security and privacy controls that's really gonna are five is really going to change the way we look at vulnerability and patch management. So keep an eye out for that one. When that that gets ah goes from draft to final

03:20

840 the Guide to Enterprise Management Technologies.

03:23

Another great resource. You know, these are just some guys I want to point out if you're interested in learning more. You know, from an executive standpoint, I think it's important to understand some of these things. But again, there's some great courses on cyberia for some of these. The this under it missed 853 are for Dr Sculpted, a great course on that that you can check out if you want to learn more.

03:43

So there's some. There's some really great training and other supplemental materials that you can look at

03:47

if you're interested in improving your security practices.

03:52

All right, so some emerging cybersecurity regulations here. We're talking about some different regulations that are either coming down the pike or have been implemented some things that are going on, you know, within the United States that we can look at

04:09

that we might need to keep an eye out for in the future, uh, might affect us depending on what organization you're in. So the n Y DFS cybersecurity regulation that was actually implemented, I think, fully implemented this year had many stages to it over the last two years. But so if your financial institution, you're gonna be following that to the letter

04:28

Ah, dotc Mm I the cybersecurity regulation for government contractors.

04:31

That's gonna be a really important one. If you are a contract, you work with D o D s. So keep an eye out for that one. Ast. Far as I know, it's still in draft. But that will change at some point, and people will have Teoh start to comply with us. Eso checking the definitive guide from digital guardian for each state. So there's a great guide

04:50

Should be my references that you can take a look at,

04:54

um, so, depending on what state you're in, if you're interested in learning more about cybersecurity practices regulations, you can find out some more. There.

05:02

Some of the strictest states. I included some of these because if you're interested in seeing what other states air doing how they're trying Teoh kind of Rangel cybersecurity and privacy issues related to vulnerability management as well. You can take a look at some of these other states. Documentation get an idea of what they're looking at as well.

05:24

So the main takeaways for executive leadership some of things I think are so important. If you're dealing with multiple states, it's really important to be familiar what our laws and regulations might go with each state if you're working with other businesses and other states, understanding what their requirements might be and seeing if they meet your requirements.

05:43

So if you want a team with someone you wanna partner with someone, you might want to make sure that their cybersecurity practices

05:47

are up to snuff with what you're doing and vice versa. Um, so have a vulnerability management specialist. And this could be,

05:56

ah, cybersecurity specialists as well someone who can really keep chap keep track of changing laws, regulations, anything that you might need to be aware of. As you're continuing to evolve your practice, that might have an impact on how you do things.

06:10

Um, being aware with what's going on with the and Y. F. D s cybersecurity regulations. I think it's really interesting what they were doing in New York with the financial sector that they're making these cybersecurity regulations. You have to re certify, I believe every year,

06:27

and it includes everything from you must have a system, so you must conduct pen testing

06:31

you must have risk assessments. Done. All of these things that work together to create a more Richard cybersecurity practice. Um

06:40

So keep an eye on that. I think we might see more of this in the future, which I think is a great step for cybersecurity regulations in general.

06:48

So today we talked about what regulations? Standards there are in the private sector, that regarding cybersecurity, what you might be responsible for some of the NIST and US cert guidance that's available. Uh, that can really help you out. If you're really interested, you know, or you want a task when your team to kind of take a look at these and see how they might relate to you?

07:08

What's emerging, What's going on with cybersecurity regulations? Things are constantly evolving

07:13

as cybersecurity is becoming more important to organizations. So just keep an eye on those on. And then what executive leadership should be aware of to kind of help improve their vulnerability management processes?