WEBVTT

1
00:00:00.090 --> 00:00:01.740
In this lesson, we will learn

2
00:00:01.740 --> 00:00:04.050
about the National Institute of Standards

3
00:00:04.050 --> 00:00:08.820
and Technology Cybersecurity Framework, or NIST CSF.

4
00:00:08.820 --> 00:00:11.460
The NIST Cybersecurity Framework was developed

5
00:00:11.460 --> 00:00:14.340
by the National Institute of Standards and Technology,

6
00:00:14.340 --> 00:00:17.010
or NIST, to help organizations manage

7
00:00:17.010 --> 00:00:19.380
and reduce cybersecurity risk.

8
00:00:19.380 --> 00:00:23.070
The framework is designed to be flexible across industries,

9
00:00:23.070 --> 00:00:25.530
providing a structured approach to managing

10
00:00:25.530 --> 00:00:27.780
and recovering from cyber events.

11
00:00:27.780 --> 00:00:29.370
In this structured approach,

12
00:00:29.370 --> 00:00:32.400
the NIST Cybersecurity Framework organizes

13
00:00:32.400 --> 00:00:35.610
cybersecurity activities into five core functions,

14
00:00:35.610 --> 00:00:40.590
identify, protect, detect, respond, and recover.

15
00:00:40.590 --> 00:00:42.900
Let's learn about the five core functions

16
00:00:42.900 --> 00:00:45.000
of the NIST Cybersecurity framework

17
00:00:45.000 --> 00:00:47.970
and how to apply them as an organization.

18
00:00:47.970 --> 00:00:50.340
First in the identify function,

19
00:00:50.340 --> 00:00:54.390
asset management software, such as SolarWinds or Lansweeper,

20
00:00:54.390 --> 00:00:58.440
is used to map out critical systems, hardware and data.

21
00:00:58.440 --> 00:01:02.340
Additionally, risk assessment platforms like RSA Archer

22
00:01:02.340 --> 00:01:06.510
or RiskLens are used to identify potential vulnerabilities

23
00:01:06.510 --> 00:01:07.950
and assess risks.

24
00:01:07.950 --> 00:01:10.920
These tools support the identity functions goal

25
00:01:10.920 --> 00:01:13.410
of understanding and managing risk

26
00:01:13.410 --> 00:01:15.570
to critical assets and data.

27
00:01:15.570 --> 00:01:17.880
Second, in the protect function,

28
00:01:17.880 --> 00:01:20.040
organizations rely on firewalls

29
00:01:20.040 --> 00:01:24.030
like the Cisco Adaptive Security Appliance or Palo Alto,

30
00:01:24.030 --> 00:01:25.650
along with the encryption tools,

31
00:01:25.650 --> 00:01:27.810
such as BitLocker or VeraCrypt,

32
00:01:27.810 --> 00:01:31.530
and the identity and access management solutions, like Okta,

33
00:01:31.530 --> 00:01:34.680
to control access and safeguard sensitive data.

34
00:01:34.680 --> 00:01:37.740
These tools ensure proper access controls,

35
00:01:37.740 --> 00:01:39.810
and protection measures are in place

36
00:01:39.810 --> 00:01:43.020
to prevent unauthorized access to systems.

37
00:01:43.020 --> 00:01:45.390
Third, in the detect function,

38
00:01:45.390 --> 00:01:48.690
businesses use intrusion detection systems, like Snort,

39
00:01:48.690 --> 00:01:51.330
and security information and event management,

40
00:01:51.330 --> 00:01:54.810
or SIEM solutions like Splunk to continuously monitor

41
00:01:54.810 --> 00:01:58.890
their networks for suspicious activity or potential threats,

42
00:01:58.890 --> 00:02:02.430
helping them quickly spot any signs of a breach.

43
00:02:02.430 --> 00:02:04.770
Fourth, in the respond function,

44
00:02:04.770 --> 00:02:08.280
platforms like IBM Resilient or CrowdStrike

45
00:02:08.280 --> 00:02:11.070
are used to contain security incidents,

46
00:02:11.070 --> 00:02:12.750
investigate the root cause,

47
00:02:12.750 --> 00:02:15.690
and ensure the right personnel are notified

48
00:02:15.690 --> 00:02:18.120
to handle the situation effectively.

49
00:02:18.120 --> 00:02:21.120
Fifth and finally, in the recover function,

50
00:02:21.120 --> 00:02:24.330
organizations rely on backup and recovery tools,

51
00:02:24.330 --> 00:02:29.310
such as Veeam or Acronis, to restore lost data and services

52
00:02:29.310 --> 00:02:33.360
after a security incident, while also analyzing the event

53
00:02:33.360 --> 00:02:34.980
to strengthen their defenses

54
00:02:34.980 --> 00:02:37.950
and improve resilience for future incidents.

55
00:02:37.950 --> 00:02:41.370
Now, let's learn how a fictitious healthcare provider,

56
00:02:41.370 --> 00:02:42.540
GreenTeaCare,

57
00:02:42.540 --> 00:02:45.660
could apply the NIST cybersecurity framework.

58
00:02:45.660 --> 00:02:48.210
GreenTeaCare would start by identifying

59
00:02:48.210 --> 00:02:51.270
all critical systems that store patient data

60
00:02:51.270 --> 00:02:53.190
by using asset management tools

61
00:02:53.190 --> 00:02:56.880
and assessing risks with platforms like RSA Archer.

62
00:02:56.880 --> 00:03:00.240
Next, they would protect this data by setting up firewalls,

63
00:03:00.240 --> 00:03:01.710
encrypting patient records,

64
00:03:01.710 --> 00:03:03.870
and controlling access with identity

65
00:03:03.870 --> 00:03:05.940
and access management tools to ensure

66
00:03:05.940 --> 00:03:10.410
that only authorized staff can access sensitive information.

67
00:03:10.410 --> 00:03:12.900
GreenTeaCare IT would then detect

68
00:03:12.900 --> 00:03:16.470
any suspicious activities by monitoring network traffic

69
00:03:16.470 --> 00:03:17.760
with SIEM tools.

70
00:03:17.760 --> 00:03:20.070
If a breach occurs, they would respond

71
00:03:20.070 --> 00:03:22.560
by activating their incident response plan,

72
00:03:22.560 --> 00:03:26.370
using platforms like CrowdStrike to isolate affected systems

73
00:03:26.370 --> 00:03:28.260
and investigate the incident.

74
00:03:28.260 --> 00:03:31.320
Finally, they would recover by restoring systems

75
00:03:31.320 --> 00:03:32.520
with backup tools

76
00:03:32.520 --> 00:03:35.130
and applying lessons learned from the event

77
00:03:35.130 --> 00:03:38.070
to strengthen their security for the future.

78
00:03:38.070 --> 00:03:42.570
So remember, the NIST Cybersecurity Framework was developed

79
00:03:42.570 --> 00:03:46.950
to help organizations manage and reduce cybersecurity risk.

80
00:03:46.950 --> 00:03:48.450
The framework is flexible

81
00:03:48.450 --> 00:03:50.730
and adaptable to various industries,

82
00:03:50.730 --> 00:03:53.160
offering a structured approach to managing

83
00:03:53.160 --> 00:03:55.560
and recovering from cyber incidents.

84
00:03:55.560 --> 00:03:59.880
It organizes cybersecurity efforts into five core functions,

85
00:03:59.880 --> 00:04:04.830
identify, protect, detect, respond, and recover.

86
00:04:04.830 --> 00:04:06.720
These functions work together

87
00:04:06.720 --> 00:04:09.660
to help organizations assess their risks,

88
00:04:09.660 --> 00:04:12.870
implement protective measures, detect threats,

89
00:04:12.870 --> 00:04:16.710
respond to incidents, and recover from any damage.

90
00:04:16.710 --> 00:04:19.680
By following the NIST Cybersecurity Framework,

91
00:04:19.680 --> 00:04:21.480
organizations can improve

92
00:04:21.480 --> 00:04:23.820
their overall cybersecurity posture

93
00:04:23.820 --> 00:04:26.463
and better safeguard their critical assets.