SlideShare uma empresa Scribd logo

Build a Cyber Security Framework in 12 Steps

CISOSHARE
CISOSHARE

Your framework is the basis of the policies and processes of your security program. Learn how to build a security program based on your business needs, rather than compliance.

Tecnologia
1 de 29
Baixar para ler offline
Building a Cyber Security Framework @CISOSHARE Copyright © 2019
What is a Cyber Security Framework? Copyright © 2019
It’s the foundation of your cyber security program. What is a Framework? Copyright © 2019
Your framework should bring together requirements your security program has to meet. Business Goals Regulatory Requirements Best Practices Technical Requirements Industry Requirements Copyright © 2019
Your framework is what all the policies and processes of your security program will be built on. What is a Framework? Copyright © 2019
Ready to Start? Here are our tips on building your security program framework. Copyright © 2019
Understand Your Cyber Security Program Goals. Copyright © 2019
Ask high-level stakeholders for the top 3 goals of your security program. Understand Your Goals Copyright © 2019
Identify demographic information about your company such as: Understand Your Goals This determines what regulatory requirements you must adhere to, like PCI, HIPAA, etc. Your industry Where you’re located What types of data you handle Copyright © 2019
Evaluate Your Current Environment Copyright © 2019
If you have a previously established framework, measure how well different aspects of your security program adhere to it. Evaluate Your Environment Copyright © 2019
Decide if you’re going to build a new framework or retrofit an existing one. Whatever you decide, we recommend a business-based security program, rather than a compliance-based one. Evaluate Your Environment Copyright © 2019
Choose the Right Framework Inputs Copyright © 2019
Framework Inputs This is where regulatory requirements and organizational goals come into play. Good inputs are the key to building a strong framework. Copyright © 2019
Framework Inputs For every input you choose, make sure it aligns with your organizational culture and management processes. Copyright © 2019
Framework Inputs Example: Don’t comply with ISO 27001 if it won’t benefit your business or you don’t have the resources available to carry out the compliance processes. Copyright © 2019
Build Framework Documentation and Management Copyright © 2019
Documentation and Management Building your resource management processes concurrently with your framework will make it easier to understand what resources you’ll need. Document your framework and its management process. Copyright © 2019
Documentation and Management What to include in your documentation? Business Roles Roles and Responsibilities Tools Step-by-Step Instructions Copyright © 2019
Integrate Framework Requirements into Program Elements Copyright © 2019
Program Elements Make sure requirements are incorporated into your charter, policies, measurement program, and processes. Copyright © 2019
Program Elements If you’re retrofitting your framework, make sure new requirements apply to each downstream program element. Copyright © 2019
Review and Monitor Your Environment Copyright © 2019
Monitor Your Environment Once your framework has been implemented, make sure it’s being carried out appropriately in your environment. Copyright © 2019
Monitor Your Environment Check requirements throughout different program elements for any contradictory statements. Copyright © 2019
Validate and Ratify Your Framework Copyright © 2019
Validate and Ratify Have a trusted security resource validate your framework and make sure it’s adopted and enforced by the company. Copyright © 2019
Want More Details? Download our framework checklist! @CISOSHARE Copyright © 2019
Based in Southern California and serving organizations globally, CISOSHARE is the leading provider of security program development, professional, and managed services for leading and rapidly-growing organizations. Learning and teaching lies at the core of CISOSHARE’s culture, focusing on educating employees and clients about information security through our services. CISOSHARE offers managed security program services, role-based services, security architecture, incident management and response, and more. About CISOSHARE @CISOSHARE Copyright © 2019 www.cisoshare.com | info@cisoshare.com | +1-800-203-381

Recomendados

CISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programsCISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programsCISOSHARE
 
Top Tips on Choosing a vCISO
Top Tips on Choosing a vCISOTop Tips on Choosing a vCISO
Top Tips on Choosing a vCISOCISOSHARE
 
Building Cyber Security Policies
Building Cyber Security PoliciesBuilding Cyber Security Policies
Building Cyber Security PoliciesCISOSHARE
 
Building Security Program Processes
Building Security Program ProcessesBuilding Security Program Processes
Building Security Program ProcessesCISOSHARE
 
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsKeeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsFlexera
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Five steps to achieving hipaa compliance
Five steps to achieving hipaa complianceFive steps to achieving hipaa compliance
Five steps to achieving hipaa complianceAnita Jones
 
Icon Secure by Maintel
Icon Secure by MaintelIcon Secure by Maintel
Icon Secure by MaintelJean-Frédéric KARCHER, CISSP 487843
 

Recomendados

CISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programsCISOSHARE's approach to designing effective cyber security programs
CISOSHARE's approach to designing effective cyber security programsCISOSHARE
 
Top Tips on Choosing a vCISO
Top Tips on Choosing a vCISOTop Tips on Choosing a vCISO
Top Tips on Choosing a vCISOCISOSHARE
 
Building Cyber Security Policies
Building Cyber Security PoliciesBuilding Cyber Security Policies
Building Cyber Security PoliciesCISOSHARE
 
Building Security Program Processes
Building Security Program ProcessesBuilding Security Program Processes
Building Security Program ProcessesCISOSHARE
 
Keeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsKeeping a Lid on Costs for Cloud Infrastructure and SaaS Applications
Keeping a Lid on Costs for Cloud Infrastructure and SaaS ApplicationsFlexera
 
Importance Of A Security Policy
Importance Of A Security PolicyImportance Of A Security Policy
Importance Of A Security Policycharlesgarrett
 
Five steps to achieving hipaa compliance
Five steps to achieving hipaa complianceFive steps to achieving hipaa compliance
Five steps to achieving hipaa complianceAnita Jones
 
Icon Secure by Maintel
Icon Secure by MaintelIcon Secure by Maintel
Icon Secure by MaintelJean-Frédéric KARCHER, CISSP 487843
 
Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
6 Steps to Meet Regulatory Compliance
6 Steps to Meet Regulatory Compliance6 Steps to Meet Regulatory Compliance
6 Steps to Meet Regulatory ComplianceEnviroSolutions & Consulting
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalAccenture Technology
 
Cisco business cloud adoption report
Cisco business cloud adoption reportCisco business cloud adoption report
Cisco business cloud adoption reportCMR WORLD TECH
 
overview 2015
overview 2015overview 2015
overview 2015Chuck Knowles
 
Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementTrustArc
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)Marie Peters
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksVincent Bellamy
 
7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security PlanEnvision Technology Advisors
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessGary Hayslip CISSP, CISA, CRISC, CCSK
 
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...Amazon Web Services
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.FitCEO, Inc. (FCI)
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15FitCEO, Inc. (FCI)
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?Amazon Web Services
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAmazon Web Services
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
 
managed-services-buying-guide
managed-services-buying-guidemanaged-services-buying-guide
managed-services-buying-guideMarie Peters
 

Mais conteúdo relacionado

Mais procurados

Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityFlexera
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalAccenture Technology
 
Cisco business cloud adoption report
Cisco business cloud adoption reportCisco business cloud adoption report
Cisco business cloud adoption reportCMR WORLD TECH
 

Mais procurados (6)

Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?Flexera Event - The Game Has Changed - Are You Ready?
Flexera Event - The Game Has Changed - Are You Ready?
 
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology ComplexityWebinar: Maximizing the ROI of IT by Simplifying Technology Complexity
Webinar: Maximizing the ROI of IT by Simplifying Technology Complexity
 
6 Steps to Meet Regulatory Compliance
6 Steps to Meet Regulatory Compliance6 Steps to Meet Regulatory Compliance
6 Steps to Meet Regulatory Compliance
 
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New NormalContinuous Cyber Attacks: Engaging Business Leaders for the New Normal
Continuous Cyber Attacks: Engaging Business Leaders for the New Normal
 
Cisco business cloud adoption report
Cisco business cloud adoption reportCisco business cloud adoption report
Cisco business cloud adoption report
 
overview 2015
overview 2015overview 2015
overview 2015
 

Semelhante a Build a Cyber Security Framework in 12 Steps

Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Amazon Web Services
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1ControlCase
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementTrustArc
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)Marie Peters
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security frameworkYann Lecourt
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworksVincent Bellamy
 
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...Amazon Web Services
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.FitCEO, Inc. (FCI)
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15FitCEO, Inc. (FCI)
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelinesamburyj3c9
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?Amazon Web Services
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Denim Group
 
managed-services-buying-guide
managed-services-buying-guidemanaged-services-buying-guide
managed-services-buying-guideMarie Peters
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...Martin Klie
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Amazon Web Services
 
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)Insider's Guide to the AppExchange Security Review (Dreamforce 2015)
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)Salesforce Partners
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecurestorm
 

Semelhante a Build a Cyber Security Framework in 12 Steps (20)

Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...Everything you wanted to know about compliance but were afraid to ask - GRC20...
Everything you wanted to know about compliance but were afraid to ask - GRC20...
 
Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1Vendor risk management webinar 10022019 v1
Vendor risk management webinar 10022019 v1
 
Feb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor ManagementFeb20 Webinar - Managing Risk and Pain of Vendor Management
Feb20 Webinar - Managing Risk and Pain of Vendor Management
 
10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)10-things-you-ought-to-know-before-you-benchmark(1)
10-things-you-ought-to-know-before-you-benchmark(1)
 
Cyber security framework
Cyber security frameworkCyber security framework
Cyber security framework
 
From checkboxes to frameworks
From checkboxes to frameworksFrom checkboxes to frameworks
From checkboxes to frameworks
 
7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan7 Steps To Developing A Cloud Security Plan
7 Steps To Developing A Cloud Security Plan
 
So you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to SuccessSo you want to be a CISO - 5 steps to Success
So you want to be a CISO - 5 steps to Success
 
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
Leveraging the AWS Cloud Adoption Framework to Build Your Cloud Action Plan (...
 
The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.The Demystification of successful cybersecurity initiatives.
The Demystification of successful cybersecurity initiatives.
 
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
TheDemystification_of_SuccessfulCyberSecurity_VIMRO_LB_VH_MHF_10_11_15
 
Facility Environmental Audit Guidelines
Facility Environmental Audit GuidelinesFacility Environmental Audit Guidelines
Facility Environmental Audit Guidelines
 
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
How Do I Plan for Security, Risk and Compliance when Migrating to AWS?
 
AWS Cloud Security Fundamentals
AWS Cloud Security FundamentalsAWS Cloud Security Fundamentals
AWS Cloud Security Fundamentals
 
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
Giving your AppSec program the edge - using OpenSAMM for benchmarking and sof...
 
managed-services-buying-guide
managed-services-buying-guidemanaged-services-buying-guide
managed-services-buying-guide
 
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
2018 re:Invent - Safeguard the Integrity of Your Code for Fast and Secure Dep...
 
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019 Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
Integrating AppSec into Your DevSecOps on AWS - DEM14 - AWS re:Inforce 2019
 
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)Insider's Guide to the AppExchange Security Review (Dreamforce 2015)
Insider's Guide to the AppExchange Security Review (Dreamforce 2015)
 
Secure Cloud Adoption - Checklist
Secure Cloud Adoption - ChecklistSecure Cloud Adoption - Checklist
Secure Cloud Adoption - Checklist
 

Último

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfAddepto
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DaySri Ambati
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Último (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Gen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdfGen AI in Business - Global Trends Report 2024.pdf
Gen AI in Business - Global Trends Report 2024.pdf
 
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo DayH2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
H2O.ai CEO/Founder: Sri Ambati Keynote at Wells Fargo Day
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Build a Cyber Security Framework in 12 Steps

  • 1. Building a Cyber Security Framework @CISOSHARE Copyright © 2019
  • 2. What is a Cyber Security Framework? Copyright © 2019
  • 3. It’s the foundation of your cyber security program. What is a Framework? Copyright © 2019
  • 4. Your framework should bring together requirements your security program has to meet. Business Goals Regulatory Requirements Best Practices Technical Requirements Industry Requirements Copyright © 2019
  • 5. Your framework is what all the policies and processes of your security program will be built on. What is a Framework? Copyright © 2019
  • 6. Ready to Start? Here are our tips on building your security program framework. Copyright © 2019
  • 7. Understand Your Cyber Security Program Goals. Copyright © 2019
  • 8. Ask high-level stakeholders for the top 3 goals of your security program. Understand Your Goals Copyright © 2019
  • 9. Identify demographic information about your company such as: Understand Your Goals This determines what regulatory requirements you must adhere to, like PCI, HIPAA, etc. Your industry Where you’re located What types of data you handle Copyright © 2019
  • 11. If you have a previously established framework, measure how well different aspects of your security program adhere to it. Evaluate Your Environment Copyright © 2019
  • 12. Decide if you’re going to build a new framework or retrofit an existing one. Whatever you decide, we recommend a business-based security program, rather than a compliance-based one. Evaluate Your Environment Copyright © 2019
  • 13. Choose the Right Framework Inputs Copyright © 2019
  • 14. Framework Inputs This is where regulatory requirements and organizational goals come into play. Good inputs are the key to building a strong framework. Copyright © 2019
  • 15. Framework Inputs For every input you choose, make sure it aligns with your organizational culture and management processes. Copyright © 2019
  • 16. Framework Inputs Example: Don’t comply with ISO 27001 if it won’t benefit your business or you don’t have the resources available to carry out the compliance processes. Copyright © 2019
  • 18. Documentation and Management Building your resource management processes concurrently with your framework will make it easier to understand what resources you’ll need. Document your framework and its management process. Copyright © 2019
  • 19. Documentation and Management What to include in your documentation? Business Roles Roles and Responsibilities Tools Step-by-Step Instructions Copyright © 2019
  • 20. Integrate Framework Requirements into Program Elements Copyright © 2019
  • 21. Program Elements Make sure requirements are incorporated into your charter, policies, measurement program, and processes. Copyright © 2019
  • 22. Program Elements If you’re retrofitting your framework, make sure new requirements apply to each downstream program element. Copyright © 2019
  • 23. Review and Monitor Your Environment Copyright © 2019
  • 24. Monitor Your Environment Once your framework has been implemented, make sure it’s being carried out appropriately in your environment. Copyright © 2019
  • 25. Monitor Your Environment Check requirements throughout different program elements for any contradictory statements. Copyright © 2019
  • 26. Validate and Ratify Your Framework Copyright © 2019
  • 27. Validate and Ratify Have a trusted security resource validate your framework and make sure it’s adopted and enforced by the company. Copyright © 2019
  • 28. Want More Details? Download our framework checklist! @CISOSHARE Copyright © 2019
  • 29. Based in Southern California and serving organizations globally, CISOSHARE is the leading provider of security program development, professional, and managed services for leading and rapidly-growing organizations. Learning and teaching lies at the core of CISOSHARE’s culture, focusing on educating employees and clients about information security through our services. CISOSHARE offers managed security program services, role-based services, security architecture, incident management and response, and more. About CISOSHARE @CISOSHARE Copyright © 2019 www.cisoshare.com | info@cisoshare.com | +1-800-203-381