WEBVTT

1
00:00:00.060 --> 00:00:01.230
In this lesson,

2
00:00:01.230 --> 00:00:03.720
we will learn about security frameworks.

3
00:00:03.720 --> 00:00:06.390
Security frameworks are sets of guidelines,

4
00:00:06.390 --> 00:00:08.520
best practices, and standards

5
00:00:08.520 --> 00:00:10.620
designed to help organizations manage

6
00:00:10.620 --> 00:00:13.230
and reduce cybersecurity risk.

7
00:00:13.230 --> 00:00:16.620
Security frameworks include foundational best practices,

8
00:00:16.620 --> 00:00:18.420
which form the core principles

9
00:00:18.420 --> 00:00:21.000
that guide the implementation of security measures,

10
00:00:21.000 --> 00:00:24.120
benchmarks, which are specific measurable standards

11
00:00:24.120 --> 00:00:26.550
derived from foundational best practices,

12
00:00:26.550 --> 00:00:30.540
and the Center for Internet Security or CIS Benchmarks,

13
00:00:30.540 --> 00:00:33.930
which specifically offer actionable and detailed guidance

14
00:00:33.930 --> 00:00:36.060
on securing systems and data.

15
00:00:36.060 --> 00:00:37.410
Now, let's explore

16
00:00:37.410 --> 00:00:40.590
each of these security frameworks in more detail.

17
00:00:40.590 --> 00:00:43.680
First, we have foundational best practices.

18
00:00:43.680 --> 00:00:46.320
Foundational best practices are key frameworks

19
00:00:46.320 --> 00:00:49.440
and standards that help organizations protect data,

20
00:00:49.440 --> 00:00:53.490
manage risks, and stay secure across different industries.

21
00:00:53.490 --> 00:00:56.280
For example, the International Organization

22
00:00:56.280 --> 00:01:00.150
for Standardization, or ISO 27000 series,

23
00:01:00.150 --> 00:01:01.710
sets international standards

24
00:01:01.710 --> 00:01:04.020
for managing information security.

25
00:01:04.020 --> 00:01:06.600
The National Institute of Standards and Technology

26
00:01:06.600 --> 00:01:10.560
or NIST Cybersecurity Framework helps businesses assess

27
00:01:10.560 --> 00:01:14.220
and improve their ability to protect information systems.

28
00:01:14.220 --> 00:01:17.520
Control Objectives for Information and Related Technology,

29
00:01:17.520 --> 00:01:19.830
or COBIT, is essential for governing

30
00:01:19.830 --> 00:01:21.630
and managing IT systems.

31
00:01:21.630 --> 00:01:24.180
The Payment Card Industry Data Security Standard,

32
00:01:24.180 --> 00:01:29.010
or PCI DSS, focuses on securing credit card transactions.

33
00:01:29.010 --> 00:01:31.370
The committee of sponsoring organizations

34
00:01:31.370 --> 00:01:34.710
of the Treadway Commission, or COSO Framework,

35
00:01:34.710 --> 00:01:37.470
emphasizes enterprise risk management.

36
00:01:37.470 --> 00:01:40.620
The General Data Protection Regulation, or GDPR,

37
00:01:40.620 --> 00:01:43.800
sets strict data privacy rules in the European Union

38
00:01:43.800 --> 00:01:45.960
and for European Union citizens.

39
00:01:45.960 --> 00:01:47.820
If you're managing IT services,

40
00:01:47.820 --> 00:01:50.520
the Information Technology Infrastructure Library,

41
00:01:50.520 --> 00:01:52.500
or ITIL, is critical.

42
00:01:52.500 --> 00:01:54.120
And for defense contractors,

43
00:01:54.120 --> 00:01:58.770
the Cybersecurity Maturity Model Certification, or CMMC,

44
00:01:58.770 --> 00:02:01.440
outlines specific security requirements

45
00:02:01.440 --> 00:02:03.360
to protect sensitive information,

46
00:02:03.360 --> 00:02:08.010
such as Controlled Unclassified Information, or CUI.

47
00:02:08.010 --> 00:02:09.660
Lastly, in healthcare,

48
00:02:09.660 --> 00:02:12.540
the Health Insurance Portability and Accountability Act

49
00:02:12.540 --> 00:02:14.850
ensures the protection of patient data.

50
00:02:14.850 --> 00:02:17.760
Together, these foundational best practice frameworks

51
00:02:17.760 --> 00:02:20.550
and others like them enable organizations

52
00:02:20.550 --> 00:02:24.060
to implement the right controls, reduce security risks,

53
00:02:24.060 --> 00:02:26.910
and stay compliant with relevant regulations.

54
00:02:26.910 --> 00:02:29.250
Second, we have benchmarks.

55
00:02:29.250 --> 00:02:31.320
In order to understand a benchmark,

56
00:02:31.320 --> 00:02:33.720
we need to also understand baselines.

57
00:02:33.720 --> 00:02:35.250
A configuration baseline

58
00:02:35.250 --> 00:02:38.940
is the minimum set of security configurations or standards

59
00:02:38.940 --> 00:02:41.160
an organization puts in place.

60
00:02:41.160 --> 00:02:44.010
Think of it as the foundation or starting point

61
00:02:44.010 --> 00:02:47.160
that defines what good enough security looks like

62
00:02:47.160 --> 00:02:48.480
within the company.

63
00:02:48.480 --> 00:02:51.750
A benchmark, on the other hand, is an external standard

64
00:02:51.750 --> 00:02:53.430
that provides a reference point

65
00:02:53.430 --> 00:02:55.710
for how well our baseline measures up

66
00:02:55.710 --> 00:02:57.660
to industry best practices.

67
00:02:57.660 --> 00:03:01.050
In other words, once set our internal baseline,

68
00:03:01.050 --> 00:03:02.460
we can use a benchmark

69
00:03:02.460 --> 00:03:06.060
to compare it against what's recommended by industry experts

70
00:03:06.060 --> 00:03:07.980
to see if we need to improve.

71
00:03:07.980 --> 00:03:09.690
The relationship between the two

72
00:03:09.690 --> 00:03:12.630
is that a baseline sets our internal standards

73
00:03:12.630 --> 00:03:15.780
and a benchmark helps us verify if those standards

74
00:03:15.780 --> 00:03:18.120
are up to the level that they should be.

75
00:03:18.120 --> 00:03:20.460
Outside of configuration baselines,

76
00:03:20.460 --> 00:03:23.430
we can also establish operational baselines.

77
00:03:23.430 --> 00:03:25.320
Operational baselines establish

78
00:03:25.320 --> 00:03:27.990
what normal operational traffic looks like

79
00:03:27.990 --> 00:03:29.700
in our organization.

80
00:03:29.700 --> 00:03:32.670
So if we're looking at our network utilization

81
00:03:32.670 --> 00:03:35.790
and it's averaging 80% during working hours,

82
00:03:35.790 --> 00:03:37.800
that becomes our baseline.

83
00:03:37.800 --> 00:03:40.260
To effectively use operational baselines,

84
00:03:40.260 --> 00:03:43.050
we need to be monitoring current network status

85
00:03:43.050 --> 00:03:45.210
and looking for trends over time.

86
00:03:45.210 --> 00:03:48.180
One way to do that is through continuous monitoring.

87
00:03:48.180 --> 00:03:50.220
Continuous monitoring is essential

88
00:03:50.220 --> 00:03:52.230
to good organizational security,

89
00:03:52.230 --> 00:03:55.290
and it helps us identify abnormal events.

90
00:03:55.290 --> 00:03:57.840
However, if we only look for abnormalities

91
00:03:57.840 --> 00:04:00.810
once every six months, then our organization

92
00:04:00.810 --> 00:04:03.120
could have been under attack for a long time

93
00:04:03.120 --> 00:04:05.070
before we ever even discover it.

94
00:04:05.070 --> 00:04:07.770
So in order to know what abnormal looks like

95
00:04:07.770 --> 00:04:09.690
during our continuous monitoring,

96
00:04:09.690 --> 00:04:11.820
we have to know what normal looks like,

97
00:04:11.820 --> 00:04:15.420
and that's why we create a good operational baseline.

98
00:04:15.420 --> 00:04:19.950
Now, our baseline isn't set in stone and it can be modified

99
00:04:19.950 --> 00:04:23.880
and changed over time as our network or services change.

100
00:04:23.880 --> 00:04:27.180
For example, if we look at our network utilization today

101
00:04:27.180 --> 00:04:30.030
and it's 95% above the baseline,

102
00:04:30.030 --> 00:04:32.130
we should analyze why that's the case.

103
00:04:32.130 --> 00:04:35.250
Maybe somebody's exfiltrating data out of our network

104
00:04:35.250 --> 00:04:37.350
and is causing a spike in usage,

105
00:04:37.350 --> 00:04:40.980
or maybe it's because we just hired 20 new employees

106
00:04:40.980 --> 00:04:43.830
and there are a lot more people using the network.

107
00:04:43.830 --> 00:04:46.530
If the increase is due to explainable reasons

108
00:04:46.530 --> 00:04:49.770
like hiring new employees who are using more bandwidth,

109
00:04:49.770 --> 00:04:51.660
then we should update our baseline.

110
00:04:51.660 --> 00:04:54.930
Continuous monitoring can detect all kinds of issues

111
00:04:54.930 --> 00:04:56.400
in your organization.

112
00:04:56.400 --> 00:04:59.550
For example, if your users are normally logged in

113
00:04:59.550 --> 00:05:02.100
from 8:00 AM to 5:00 PM each day,

114
00:05:02.100 --> 00:05:04.500
but we see through continuous monitoring

115
00:05:04.500 --> 00:05:05.880
there's a new user account

116
00:05:05.880 --> 00:05:09.900
that's logging in every night between 1:00 AM and 3:00 AM,

117
00:05:09.900 --> 00:05:12.000
well, that could be a sign of foul play,

118
00:05:12.000 --> 00:05:14.970
either from an attacker or an insider threat.

119
00:05:14.970 --> 00:05:17.910
Third, we have the Center for Internet Security

120
00:05:17.910 --> 00:05:20.190
or CIS Benchmarks.

121
00:05:20.190 --> 00:05:23.850
CIS Benchmarks are a set of globally recognized,

122
00:05:23.850 --> 00:05:26.280
best practice security configurations

123
00:05:26.280 --> 00:05:29.460
that help organizations secure their systems and data

124
00:05:29.460 --> 00:05:31.500
against cyber threats.

125
00:05:31.500 --> 00:05:33.240
Once we've established a baseline

126
00:05:33.240 --> 00:05:36.030
for our internal security configurations,

127
00:05:36.030 --> 00:05:40.470
we can use CIS Benchmarks to see how well our setup aligns

128
00:05:40.470 --> 00:05:42.570
with industry best practices.

129
00:05:42.570 --> 00:05:46.020
CIS Benchmarks provide step-by-step guidelines

130
00:05:46.020 --> 00:05:49.110
on how to secure different systems and applications.

131
00:05:49.110 --> 00:05:51.660
They cover everything from operating systems

132
00:05:51.660 --> 00:05:53.370
to cloud environments.

133
00:05:53.370 --> 00:05:57.360
For example, if we're running Windows Server 2022,

134
00:05:57.360 --> 00:05:59.760
there's a specific CIS Benchmark

135
00:05:59.760 --> 00:06:02.760
that outlines all the recommended security settings

136
00:06:02.760 --> 00:06:03.990
for that system.

137
00:06:03.990 --> 00:06:07.500
It might include steps like configuring password policies,

138
00:06:07.500 --> 00:06:10.380
ensuring unnecessary services are disabled,

139
00:06:10.380 --> 00:06:13.080
and tightening user access controls.

140
00:06:13.080 --> 00:06:15.630
These benchmarks act as a checklist

141
00:06:15.630 --> 00:06:17.670
to help us secure our system

142
00:06:17.670 --> 00:06:21.060
based on proven, widely tested configurations.

143
00:06:21.060 --> 00:06:25.230
So remember, security frameworks guide organizations

144
00:06:25.230 --> 00:06:28.020
in protecting their data, managing risks,

145
00:06:28.020 --> 00:06:30.690
and staying compliant with regulations.

146
00:06:30.690 --> 00:06:35.160
Foundational best practices, like the ISO 27000 series

147
00:06:35.160 --> 00:06:39.000
and NIST Cybersecurity Framework, provide core principles

148
00:06:39.000 --> 00:06:41.670
for security across various industries,

149
00:06:41.670 --> 00:06:44.790
ensuring organizations have the right controls in place

150
00:06:44.790 --> 00:06:47.370
to secure their information systems.

151
00:06:47.370 --> 00:06:49.890
Benchmarks are measurable standards

152
00:06:49.890 --> 00:06:52.560
often derived from these best practices,

153
00:06:52.560 --> 00:06:54.210
and they help organizations

154
00:06:54.210 --> 00:06:57.630
compare their internal security configuration baselines

155
00:06:57.630 --> 00:06:59.610
against industry standards.

156
00:06:59.610 --> 00:07:03.510
For example, the Center for Internet Security Benchmarks

157
00:07:03.510 --> 00:07:06.990
offer detailed guidance on securing specific systems,

158
00:07:06.990 --> 00:07:10.920
providing step-by-step instructions to align internal setups

159
00:07:10.920 --> 00:07:13.170
with external best practices.

160
00:07:13.170 --> 00:07:15.480
By applying these security standards

161
00:07:15.480 --> 00:07:18.270
and using tools like CIS Benchmarks,

162
00:07:18.270 --> 00:07:21.660
you can not only strengthen your organizational defenses,

163
00:07:21.660 --> 00:07:25.650
but also provide clear, reportable evidence of compliance

164
00:07:25.650 --> 00:07:27.663
with industry regulations.