Show Notes: https://justinfimlaid.com/quickstart-building-a-security-program-with-the-nist-cybersecurity-framework/h
Contact Me: https://justinfimlaid.com/contact-me/
Hey Everyone – I'm
starting to feel a little bad that the Government has been shutdown for so
long. I've hit the NIST site at least
10-15 over the last couple weeks looking for a reference only to be met by a
we're closed frowny face. Anyway – as
soon as I recorded this the government opened up…figures. By the time this goes live NIST will be open
If you're looking to
build or enhance your security program.
The NIST Cybersecurity Framework might be a good place to start.
I see a lot of
companies looking to build their security or compliance programs around
PCI-DSS, HIPAA, or FFIEC guidance to name a few. It's good guidance but these regulations fail
to recognize an organized security capability.
Meaning – there's no categorization that exists that says if you do
these group of security tasks you'll be better protected, or if you focus on
these groups of tasks you'll be better positioned to recover from a cyber
Cybersecurity framework is organized exactly that way. In absence of any regulation or compliance
requirement this framework might provide a nice step into budget conversations
or even establishing a common way to talk about cybersecurity within your
organization or institution.
To read more about
the NIST Cybersecurity Framework, check out my post
at NuHarbor Security.