Рет қаралды 68
0:00 Introduction to NIST CSF 2.0
Allen Keele introduces the NIST Cybersecurity Framework 2.0. He oOutlines the five steps for integrating the framework into an organization, and emphasizes scoping and gathering information as initial steps.
2:08 Assessing Conformance
Keele explains the maturity scale levels for assessing conformance. He describes the range from planned to managed, measured, and defined, and highlights the importance of assigning tasks to the right people.
2:36 Structure of NIST CSF 2.0 Objectives
Keele breaks down the framework into functions, categories, and subcategories. He discusses the 106 subcategories and 363 recommended implementation tasks. Keele stresses the need for clear objectives and control objectives.
9:06 Creating a RACI matrix for roles and responsibilities and assessing completion of the activities assigned
Keele guides on creating a RACI matrix for roles and responsibilities. He provides a detailed explanation of the RACI matrix components, and discusses the importance of documenting and measuring performance.
9:30 Screen demonstration of using the CIS NIST Cybersecurity Framework 2.0 Roles and Responsibilities RACI Matrix & CSF 2.0 Profile Audit Tool
This video features Allen Keele, a principal and lead instructor at Certified Information Security, who outlines the five steps recommended by NIST to initiate or integrate the NIST Cybersecurity Framework 2.0 into an organization's cybersecurity program. He emphasizes the importance of understanding the organization's current cybersecurity state and NIST CSF 2.0's target goals.
This video also discusses the maturity scale levels provided by the Cybersecurity and Infrastructure Security Agency (CISA) for assessing conformance, ranging from planned to managed, measured, and defined. Additionally, Keele explains the hierarchical structure of NCSF 2.0, which includes six functions, 22 major project categories, and 106 subcategories with 363 recommended implementation tasks. He provides insights into assigning roles and responsibilities, creating a RACI matrix, and assessing the completion maturity of actions.