From the course: Building and Auditing a Cybersecurity Program

Creating the cybersecurity program framework

From the course: Building and Auditing a Cybersecurity Program

Start my 1-month free trial Buy for my team

Creating the cybersecurity program framework

- [Instructor] The "Building and Auditing a Cybersecurity Program" course is valuable for anyone who has a stake in an organization's cybersecurity program. In addition, anyone who has an interest in the structure of a cybersecurity program will find the course beneficial. The course has been designed to accommodate both those who might have an IT or security background and those without. The goal of this course is to provide a comprehensive methodology with which anyone can use to build or assess any organization's cybersecurity program. To create the framework for the course, I mapped the NIST cybersecurity framework to the Center for Internet Security critical security controls to come up with the six core domains. The cybersecurity program core domains center around implementing cybersecurity governance, how to inventory infrastructure and software assets, data protection techniques, tools and processes to detect potential security threats, recovery capabilities after a cybersecurity event, and how to secure applications and cloud technologies. For each domain, I define the central cybersecurity elements that should comprise the respective domain area. In addition, I describe security best practices to implement within the domain. A set of key audit points are provided at the end of each domain that can be utilized as a quick summary. As we go through the various domains, it is important to keep in mind that the function of cybersecurity is not to negatively impact the business, but rather to be a business enabler.

Contents