20. Lesson Conclusion
Lesson Conclusion
ND545 C1 L2 13 Lesson Conclusion
Lesson Summary
In the Maintaining a Secure Critical Infrastructure lesson, we evaluated specific security techniques used to administer a system that meets industry standards and core controls.
We covered the following areas:
- Governance and Compliance
- Security Regulations
- NIST Cybersecurity Framework
- Center for Internet Security Critical Security Controls
By now, you should be able to
- Explain cybersecurity governance concepts
- Apply method to enforce cybersecurity governance
- Identify common security regulations and frameworks
- Explain how current security laws, regulations and standards applied to cybersecurity and data privacy
- Recognize components of the NIST Cybersecurity Framework (CSF)
- Recognize components of the CIS Controls
Glossary
- Governance: A strategic planning responsibility providing organizational oversight that sets policies and establishes practices to enforcement
- Compliance: The requirements all affected parties follow the same rules.
- Audit: An independent review and examination of records and activities to assess the adequacy of system controls, to ensure compliance with established policies and operational procedures. (NIST Glossary)
- Policy: Statements, rules, or assertions that specify the correct or expected behavior of an entity. (NIST)
- ISMS: Information Security Management System
Source: https://csrc.nist.gov/glossary
Further research
- ISACA, IT Governance Institute: https://www.isaca.org/about-isaca/it-governance-institute/pages/default.aspx
- NIST Glossary: https://csrc.nist.gov/glossary/
- ISO/IEC 27000 Series - https://www.iso.org/isoiec-27001-information-security.html
- NIST CSRC - https://csrc.nist.gov/
- NIST Special Publications - https://csrc.nist.gov/publications
- HIPAA Privacy Rule - https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
- HIPAA Security Rule - https://www.hhs.gov/hipaa/for-professionals/security/laws-regulations/index.html
- PCI DSS - https://www.pcisecuritystandards.org/
- EU GDPR - https://gdpr-info.eu/
- NIST CSF, "An Introduction to the Components of the Framework" - https://www.nist.gov/cyberframework/online-learning/components-framework
- NIST CSF Five Functions - https://www.nist.gov/cyberframework/online-learning/five-functions
- CIS Best Practices: https://www.cisecurity.org/cybersecurity-best-practices/
- CIS Controls List: https://www.cisecurity.org/controls/cis-controls-list/