How to implement the CSF from NIST

In this skeleton edition of the Exploring Information Security podcast, I discuss the Cybersecurity Framework (CSF) from NIST with Rick Tracy the CSO at Telos.

Rick (@rick_tracy), is very passionate about the CSF from NIST. The framework is meant to help organizations become more mature from a security standpoint. The CSF provides guidance on implementing security controls and countermeasures. It's not meant to be a one size fits all framework, but something that each organization can cater to their organization.

In this episode we discuss:

  • What is NIST?
  • What is the Cybersecurity Framework?
  • Why it's important
  • How organizations implement the framework

More resources:

How to implment the CSF from NIST
With Rick Tracy
Download

What is the OSINT Framework?

In this knowledge filled episode of the Exploring Information Security podcast, Justin Nordine joins me to discuss the OSINT Framework.

Justin (@jnordine) is the creator of the OSINT Framework. The page is a spider web of tools and other OSINT resources that you can get lost in for days. It's a fabulous tool for those just getting in or those who use OSINT on a daily basis. He created it as a way to keep up with all the OSINT resources out there.

In this episode we discuss

  • How he got started in OSINT
  • What is the OSINT Framework?
  • How should the framework be used?
  • What he has in store for future iterations
What is the OSINT Framework?
With Justin Nordine
Download

What is a security framework?

In this framed episode of the Exploring Information Security podcast, Steven Legg joins me to answer the question, What is a security framework?

Steven (@ZenM0de) is a principal security strategist at eSentire. Part of his role is implementing, and even sometimes creating, security frameworks for organizations. We define what a security framework is and then discuss the process for choosing a framework.

In this episode we discuss:

  • What is a security framework
  • Why is it important
  • Who should be making the decision on a security framework
  • How to know the right ones has been chosen

More resources:

What is a security framework?
With Steven Legg