SlideShare ist ein Scribd-Unternehmen logo

How to Build a Cyber Security Framework

CISOSHARE
CISOSHARE

Your framework is the basis of the policies and processes of your security program. Learn how to build a security program based on your business needs, rather than compliance.

Technologie
1 von 29
Downloaden Sie, um offline zu lesen
Building a Cyber Security Framework @CISOSHARE Copyright © 2019
What is a Cyber Security Framework? Copyright © 2019
It’s the foundation of your cyber security program. What is a Framework? Copyright © 2019
Your framework should bring together requirements your security program has to meet. Business Goals Regulatory Requirements Best Practices Technical Requirements Industry Requirements Copyright © 2019
Your framework is what all the policies and processes of your security program will be built on. What is a Framework? Copyright © 2019
Ready to Start? Here are our tips on building your security program framework. Copyright © 2019
Understand Your Cyber Security Program Goals. Copyright © 2019
Ask high-level stakeholders for the top 3 goals of your security program. Understand Your Goals Copyright © 2019
Identify demographic information about your company such as: Understand Your Goals This determines what regulatory requirements you must adhere to, like PCI, HIPAA, etc. Your industry Where you’re located What types of data you handle Copyright © 2019
Evaluate Your Current Environment Copyright © 2019
If you have a previously established framework, measure how well different aspects of your security program adhere to it. Evaluate Your Environment Copyright © 2019
Decide if you’re going to build a new framework or retrofit an existing one. Whatever you decide, we recommend a business-based security program, rather than a compliance-based one. Evaluate Your Environment Copyright © 2019
Choose the Right Framework Inputs Copyright © 2019
Framework Inputs This is where regulatory requirements and organizational goals come into play. Good inputs are the key to building a strong framework. Copyright © 2019
Framework Inputs For every input you choose, make sure it aligns with your organizational culture and management processes. Copyright © 2019
Framework Inputs Example: Don’t comply with ISO 27001 if it won’t benefit your business or you don’t have the resources available to carry out the compliance processes. Copyright © 2019
Build Framework Documentation and Management Copyright © 2019
Documentation and Management Building your resource management processes concurrently with your framework will make it easier to understand what resources you’ll need. Document your framework and its management process. Copyright © 2019
Documentation and Management What to include in your documentation? Business Roles Roles and Responsibilities Tools Step-by-Step Instructions Copyright © 2019
Integrate Framework Requirements into Program Elements Copyright © 2019
Program Elements Make sure requirements are incorporated into your charter, policies, measurement program, and processes. Copyright © 2019
Program Elements If you’re retrofitting your framework, make sure new requirements apply to each downstream program element. Copyright © 2019
Review and Monitor Your Environment Copyright © 2019
Monitor Your Environment Once your framework has been implemented, make sure it’s being carried out appropriately in your environment. Copyright © 2019
Monitor Your Environment Check requirements throughout different program elements for any contradictory statements. Copyright © 2019
Validate and Ratify Your Framework Copyright © 2019
Validate and Ratify Have a trusted security resource validate your framework and make sure it’s adopted and enforced by the company. Copyright © 2019
Want More Details? Download our framework checklist! @CISOSHARE Copyright © 2019
Based in Southern California and serving organizations globally, CISOSHARE is the leading provider of security program development, professional, and managed services for leading and rapidly-growing organizations. Learning and teaching lies at the core of CISOSHARE’s culture, focusing on educating employees and clients about information security through our services. CISOSHARE offers managed security program services, role-based services, security architecture, incident management and response, and more. About CISOSHARE @CISOSHARE Copyright © 2019 www.cisoshare.com | info@cisoshare.com | +1-800-203-381

Empfohlen

CISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programsCISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programsCISOSHARE
 
Top Tips on Choosing a vCISO
Top Tips on Choosing a vCISOTop Tips on Choosing a vCISO
Top Tips on Choosing a vCISOCISOSHARE
 
Building Cyber Security Policies
Building Cyber Security PoliciesBuilding Cyber Security Policies
Building Cyber Security PoliciesCISOSHARE
 
Building Security Program Processes
Building Security Program ProcessesBuilding Security Program Processes
Building Security Program ProcessesCISOSHARE
 
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsKeeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsFlexera
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Five steps to achieving hipaa compliance
Five steps to achieving hipaa complianceFive steps to achieving hipaa compliance
Five steps to achieving hipaa complianceAnita Jones
 
Icon Secure by Maintel
Icon Secure by MaintelIcon Secure by Maintel
Icon Secure by MaintelJean-Frédéric KARCHER, CISSP 487843
 

Empfohlen

CISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programsCISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programsCISOSHARE
 
Top Tips on Choosing a vCISO
Top Tips on Choosing a vCISOTop Tips on Choosing a vCISO
Top Tips on Choosing a vCISOCISOSHARE
 
Building Cyber Security Policies
Building Cyber Security PoliciesBuilding Cyber Security Policies
Building Cyber Security PoliciesCISOSHARE
 
Building Security Program Processes
Building Security Program ProcessesBuilding Security Program Processes
Building Security Program ProcessesCISOSHARE
 
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsKeeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsFlexera
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Five steps to achieving hipaa compliance
Five steps to achieving hipaa complianceFive steps to achieving hipaa compliance
Five steps to achieving hipaa complianceAnita Jones
 
Icon Secure by Maintel
Icon Secure by MaintelIcon Secure by Maintel
Icon Secure by MaintelJean-Frédéric KARCHER, CISSP 487843
 
Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
6 Steps to Meet Regulatory Compliance
6 Steps to Meet Regulatory Compliance6 Steps to Meet Regulatory Compliance
6 Steps to Meet Regulatory ComplianceEnviroSolutions & Consulting
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalAccenture Technology
 
Cisco business cloud adoption report
Cisco business cloud adoption reportCisco business cloud adoption report
Cisco business cloud adoption reportCMR WORLD TECH
 
overview 2015
overview 2015overview 2015
overview 2015Chuck Knowles
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementTrustArc
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)Marie Peters
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksVincent Bellamy
 
7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security PlanEnvision Technology Advisors
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessGary Hayslip CISSP, CISA, CRISC, CCSK
 
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...Amazon Web Services
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.FitCEO, Inc. (FCI)
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15FitCEO, Inc. (FCI)
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?Amazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAmazon Web Services
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
 
managed-services-buying-guide
managed-services-buying-guidemanaged-services-buying-guide
managed-services-buying-guideMarie Peters
 

Weitere ähnliche Inhalte

Was ist angesagt?

Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalAccenture Technology
 
Cisco business cloud adoption report
Cisco business cloud adoption reportCisco business cloud adoption report
Cisco business cloud adoption reportCMR WORLD TECH
 

Was ist angesagt? (6)

Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
 
6 Steps to Meet Regulatory Compliance
6 Steps to Meet Regulatory Compliance6 Steps to Meet Regulatory Compliance
6 Steps to Meet Regulatory Compliance
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
 
Cisco business cloud adoption report
Cisco business cloud adoption reportCisco business cloud adoption report
Cisco business cloud adoption report
 
overview 2015
overview 2015overview 2015
overview 2015
 

Ähnlich wie How to Build a Cyber Security Framework

Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementTrustArc
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)Marie Peters
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksVincent Bellamy
 
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...Amazon Web Services
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.FitCEO, Inc. (FCI)
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15FitCEO, Inc. (FCI)
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?Amazon Web Services
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
 
managed-services-buying-guide
managed-services-buying-guidemanaged-services-buying-guide
managed-services-buying-guideMarie Peters
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...Martin Klie
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
 
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)Insider's Guide to the AppExchange Security Review (Dreamforce 2015)
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)Salesforce Partners
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecurestorm
 

Ähnlich wie How to Build a Cyber Security Framework (20)

Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor Management
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security framework
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
 
managed-services-buying-guide
managed-services-buying-guidemanaged-services-buying-guide
managed-services-buying-guide
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
 
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)Insider's Guide to the AppExchange Security Review (Dreamforce 2015)
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - Checklist
 

Kürzlich hochgeladen

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Principled Technologies
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 

Kürzlich hochgeladen (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
Deploy with confidence: VMware Cloud Foundation 5.1 on next gen Dell PowerEdg...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 

How to Build a Cyber Security Framework

  • 1. Building a Cyber Security Framework @CISOSHARE Copyright © 2019
  • 2. What is a Cyber Security Framework? Copyright © 2019
  • 3. It’s the foundation of your cyber security program. What is a Framework? Copyright © 2019
  • 4. Your framework should bring together requirements your security program has to meet. Business Goals Regulatory Requirements Best Practices Technical Requirements Industry Requirements Copyright © 2019
  • 5. Your framework is what all the policies and processes of your security program will be built on. What is a Framework? Copyright © 2019
  • 6. Ready to Start? Here are our tips on building your security program framework. Copyright © 2019
  • 7. Understand Your Cyber Security Program Goals. Copyright © 2019
  • 8. Ask high-level stakeholders for the top 3 goals of your security program. Understand Your Goals Copyright © 2019
  • 9. Identify demographic information about your company such as: Understand Your Goals This determines what regulatory requirements you must adhere to, like PCI, HIPAA, etc. Your industry Where you’re located What types of data you handle Copyright © 2019
  • 11. If you have a previously established framework, measure how well different aspects of your security program adhere to it. Evaluate Your Environment Copyright © 2019
  • 12. Decide if you’re going to build a new framework or retrofit an existing one. Whatever you decide, we recommend a business-based security program, rather than a compliance-based one. Evaluate Your Environment Copyright © 2019
  • 13. Choose the Right Framework Inputs Copyright © 2019
  • 14. Framework Inputs This is where regulatory requirements and organizational goals come into play. Good inputs are the key to building a strong framework. Copyright © 2019
  • 15. Framework Inputs For every input you choose, make sure it aligns with your organizational culture and management processes. Copyright © 2019
  • 16. Framework Inputs Example: Don’t comply with ISO 27001 if it won’t benefit your business or you don’t have the resources available to carry out the compliance processes. Copyright © 2019
  • 18. Documentation and Management Building your resource management processes concurrently with your framework will make it easier to understand what resources you’ll need. Document your framework and its management process. Copyright © 2019
  • 19. Documentation and Management What to include in your documentation? Business Roles Roles and Responsibilities Tools Step-by-Step Instructions Copyright © 2019
  • 20. Integrate Framework Requirements into Program Elements Copyright © 2019
  • 21. Program Elements Make sure requirements are incorporated into your charter, policies, measurement program, and processes. Copyright © 2019
  • 22. Program Elements If you’re retrofitting your framework, make sure new requirements apply to each downstream program element. Copyright © 2019
  • 23. Review and Monitor Your Environment Copyright © 2019
  • 24. Monitor Your Environment Once your framework has been implemented, make sure it’s being carried out appropriately in your environment. Copyright © 2019
  • 25. Monitor Your Environment Check requirements throughout different program elements for any contradictory statements. Copyright © 2019
  • 26. Validate and Ratify Your Framework Copyright © 2019
  • 27. Validate and Ratify Have a trusted security resource validate your framework and make sure it’s adopted and enforced by the company. Copyright © 2019
  • 28. Want More Details? Download our framework checklist! @CISOSHARE Copyright © 2019
  • 29. Based in Southern California and serving organizations globally, CISOSHARE is the leading provider of security program development, professional, and managed services for leading and rapidly-growing organizations. Learning and teaching lies at the core of CISOSHARE’s culture, focusing on educating employees and clients about information security through our services. CISOSHARE offers managed security program services, role-based services, security architecture, incident management and response, and more. About CISOSHARE @CISOSHARE Copyright © 2019 www.cisoshare.com | info@cisoshare.com | +1-800-203-381