Summary: Show Notes: https://justinfimlaid.com/quickstart-building-a-security-program-with-the-nist-cybersecurity-framework/h<br> <br> <br> <br> Sponsor: https://www.nuharborsecurity.com<br> <br> <br> <br> Contact Me: https://justinfimlaid.com/contact-me/<br> <br> <br> <br> Twitter: @justinfimlaid<br> <br> <br> <br> LinkedIn: https://www.linkedin.com/in/jfimlaid/<br> <br> <br> <br> Hey Everyone - I'm<br> starting to feel a little bad that the Government has been shutdown for so<br> long. I've hit the NIST site at least<br> 10-15 over the last couple weeks looking for a reference only to be met by a<br> we're closed frowny face. Anyway - as<br> soon as I recorded this the government opened up…figures. By the time this goes live NIST will be open<br> again. <br> <br> <br> <br> If you're looking to<br> build or enhance your security program. <br> The NIST Cybersecurity Framework might be a good place to start.<br> <br> <br> <br> I see a lot of<br> companies looking to build their security or compliance programs around<br> PCI-DSS, HIPAA, or FFIEC guidance to name a few. It's good guidance but these regulations fail<br> to recognize an organized security capability. <br> Meaning - there's no categorization that exists that says if you do<br> these group of security tasks you'll be better protected, or if you focus on<br> these groups of tasks you'll be better positioned to recover from a cyber<br> event.<br> <br> <br> <br> The NIST<br> Cybersecurity framework is organized exactly that way. In absence of any regulation or compliance<br> requirement this framework might provide a nice step into budget conversations<br> or even establishing a common way to talk about cybersecurity within your<br> organization or institution.<br> <br> <br> <br> To read more about<br> the NIST Cybersecurity Framework, check out my post<br> at NuHarbor Security.
