Jason Edwards
Framework: The NIST Cybersecurity Framework (CSF)
**Framework** is your go-to podcast for mastering the **NIST Cybersecurity Framework (CSF)**—the foundational model for building and improving organizational security programs. This series breaks down every function, category, and subcategory within the CSF, helping professionals, educators, and leaders understand how to apply the framework in real-world environments. Each episode delivers clear, practical explanations that connect framework concepts to daily security operations, governance, and risk management practices. Whether you’re new to cybersecurity or refining an established program,...
Autor
Jason Edwards
Kategorie
Podcast-Website
Neueste Folge
14. Okt 2025
Wo hören?
Podcasts in der App Replaio Radio Bald verfügbarPodcasts kommen bald in die App. Installiere sie jetzt und erlebe als Erster einen ganz neuen Blick auf Podcasts
Folgen
Welcome to Framework: The NIST CSF 14.10.2025 1:44
Dive into a fast, no-fluff overview of what this podcast delivers, who it’s for, and how each episode helps you level up with practical, real-world takeaways. In this trailer, you’ll hear the show’s promise, the format you can expect, and a sneak peek at the kinds of stories, tips, and expert insights coming your way. Hit follow to get new episodes as they drop and start listening smarter from day...
RC.CO-04 - Sharing Public Recovery Updates 25.02.2025 19:04
RC.CO-04 involves sharing public updates on incident recovery using approved channels and messaging, such as breach notifications or preventative steps, to inform affected parties or the broader community. This ensures transparency about recovery efforts and future safeguards, maintaining public trust. It addresses external expectations post-incident. This subcategory aligns with legal and risk re...
RC.CO-03 - Communicating Recovery Progress 25.02.2025 19:19
RC.CO-03 ensures recovery activities and progress are shared with designated stakeholders—like leadership and suppliers—consistent with response plans and agreements. This includes regular updates on restoration status, adhering to contractual protocols for information sharing. It keeps all parties informed and aligned during recovery. This subcategory aligns communication with risk and operationa...
RC.RP-06 - Declaring Recovery Completion 25.02.2025 19:18
RC.RP-06 declares the end of recovery once predefined criteria are met, finalizing the process with a comprehensive after-action report detailing the incident, actions, and lessons learned. This formal closure ensures all steps are documented for review and improvement. It marks the return to full normalcy. This subcategory aligns with risk management by tying closure to measurable outcomes, ensur...
RC.RP-05 - Confirming System Restoration 25.02.2025 18:56
RC.RP-05 verifies the integrity of restored assets—checking for lingering threats or root causes—before returning systems to production, confirming normal operations. This involves testing restoration adequacy to ensure functionality and security are fully restored. It finalizes recovery with assurance. This subcategory aligns with risk goals by ensuring restored systems are secure and operational...
RC.RP-04 - Restoring Critical Functions Post-Incident 25.02.2025 19:15
RC.RP-04 considers critical mission functions and cybersecurity risks to define post-incident operational norms, using impact records to prioritize restoration order. This involves collaboration with system owners to confirm successful recovery and monitor performance for adequacy. It ensures recovery aligns with strategic goals. This subcategory aligns restoration with risk and mission priorities...
RC.RP-03 - Verifying Backup Integrity 25.02.2025 18:29
RC.RP-03 ensures backups and restoration assets are checked for integrity—free of compromise or corruption—before use in recovery efforts. This verification prevents reintroducing threats or using unreliable data, safeguarding the restoration process. It guarantees a clean starting point for recovery. This subcategory aligns with risk management by prioritizing the reliability of recovery tools, r...
RC.RP-02 - Prioritizing Recovery Actions 25.02.2025 19:15
RC.RP-02 involves selecting, scoping, and prioritizing recovery actions based on incident response plan criteria and available resources, adapting as needs shift. This ensures efforts focus on critical systems first, balancing speed with effectiveness in execution. It operationalizes recovery with precision. This subcategory aligns actions with risk and operational goals, ensuring resources addres...
RC.RP-01 - Launching Incident Recovery Efforts 25.02.2025 18:02
RC.RP-01 initiates the recovery phase of the incident response plan once triggered, ensuring all responsible parties are aware of their roles and required authorizations. This begins during or after containment, focusing on restoring affected systems and services systematically. It transitions the organization from response to recovery. This subcategory aligns recovery with risk and operational pr...
RS.MI-02 - Eradicating Incident Threats 25.02.2025 18:38
RS.MI-02 ensures incidents are fully eradicated, removing threats like malware or unauthorized access through automated system features or manual responder actions. This can involve third-party support, such as MSSPs, to eliminate root causes and residual risks. It restores systems to a secure state. This subcategory aligns eradication with risk goals, ensuring complete threat removal to prevent r...
RS.MI-01 - Containing Cybersecurity Incidents 25.02.2025 18:09
RS.MI-01 focuses on containing incidents to prevent their expansion, using automated tools like antivirus or manual actions by responders to isolate threats. This can involve third-party assistance (e.g., ISPs) or redirecting compromised endpoints to remediation VLANs, limiting damage. It stops incidents from spreading further. This subcategory aligns containment with risk priorities, ensuring rap...
RS.CO-03 - Sharing Information with Stakeholders 25.02.2025 20:00
RS.CO-03 involves sharing incident information with designated stakeholders—both internal, like leadership, and external, like ISACs—consistent with response plans and agreements. This includes voluntary sharing of anonymized attack data or updates on insider threats with HR, enhancing situational awareness. It ensures relevant parties stay informed. This subcategory strengthens response by aligni...
RS.CO-02 - Notifying Stakeholders of Incidents 25.02.2025 18:55
RS.CO-02 ensures timely notification of internal and external stakeholders—like customers, partners, or regulators—about incidents, following breach procedures or contractual obligations. This includes notifying law enforcement when criteria and approvals dictate, maintaining transparency and compliance. It keeps affected parties informed and engaged. This subcategory aligns communication with leg...
RS.AN-08 - Assessing Incident Magnitude 25.02.2025 19:10
RS.AN-08 estimates and validates an incident’s magnitude by assessing its scope and impact, searching other targets for indicators of compromise or persistence. This involves manual reviews or automated tools to confirm the extent of damage or spread, refining initial assessments. It quantifies the incident’s true reach. This subcategory aligns analysis with risk priorities, ensuring resources tar...
RS.AN-07 - Preserving Incident Data Integrity 25.02.2025 19:08
RS.AN-07 focuses on collecting and preserving incident data and metadata—such as source and timestamps—using chain-of-custody procedures to ensure integrity. This comprehensive gathering supports forensic analysis and compliance, protecting evidence from alteration. It ensures data remains a trustworthy resource for investigation. This subcategory aligns with risk and legal requirements, safeguard...
RS.AN-06 - Recording Investigation Actions 25.02.2025 18:57
RS.AN-06 ensures that all investigative actions during an incident—like system checks or containment steps—are meticulously recorded, with integrity and provenance preserved. This involves immutable logs by responders and detailed documentation by the incident lead, safeguarding evidence for legal or audit purposes. It maintains a reliable investigation trail. This subcategory supports accountabil...
RS.AN-03 - Investigating Incident Causes 25.02.2025 18:21
RS.AN-03 conducts detailed analysis to reconstruct incident events, identify involved assets, and pinpoint root causes, such as exploited vulnerabilities or threat actors. This includes examining deception technologies for attacker behavior insights, aiming to understand both immediate triggers and systemic issues. It provides the foundation for effective response and prevention. This subcategory...
RS.MA-05 - Initiating Incident Recovery 25.02.2025 18:40
RS.MA-05 applies predefined criteria to determine when to shift from response to recovery, based on incident characteristics and operational considerations. This decision balances containment success with potential disruptions from recovery actions, ensuring a smooth transition. It marks the pivot to restoring normalcy. This subcategory aligns recovery initiation with risk and operational prioriti...
RS.MA-04 - Escalating Incidents When Needed 25.02.2025 19:39
RS.MA-04 ensures incidents are escalated or elevated to higher levels of authority or expertise when their complexity or impact exceeds initial handling capabilities. This involves tracking incident status and coordinating with designated stakeholders, both internal and external, for additional support. It maintains control over evolving incidents. This subcategory aligns escalation with risk thre...
RS.MA-03 - Categorizing and Prioritizing Incidents 25.02.2025 19:45
RS.MA-03 categorizes incidents—such as ransomware or data breaches—and prioritizes them based on scope, impact, and urgency, balancing rapid recovery with investigation needs. This detailed review assigns incidents to specific response strategies, ensuring appropriate resource allocation. It organizes chaos into actionable steps. This subcategory aligns response efforts with organizational priorit...
RS.MA-02 - Triaging and Validating Incident Reports 25.02.2025 19:00
RS.MA-02 involves triaging and validating incident reports to confirm their cybersecurity relevance and need for response, applying severity criteria to prioritize action. This preliminary review filters out non-issues, ensuring resources focus on genuine threats like breaches or malware. It streamlines the initial handling of reported events. This subcategory enhances efficiency by quickly assess...
RS.MA-01 - Executing the Incident Response Plan 25.02.2025 18:51
RS.MA-01 initiates the execution of the incident response plan in coordination with third parties—like outsourcers or suppliers—once an incident is confirmed. This includes designating an incident lead and activating additional plans (e.g., business continuity) as needed to support response efforts. It ensures a structured, collaborative approach to managing incidents. This subcategory aligns resp...
DE.AE-08 - Declaring Incidents Based on Criteria 25.02.2025 20:00
DE.AE-08 involves declaring incidents when adverse events meet predefined criteria, such as severity or scope, ensuring a formal response is triggered. This process accounts for known false positives to avoid unnecessary escalation, applying criteria to event characteristics systematically. It marks the transition from detection to response. This subcategory ensures consistency in incident identif...
DE.AE-07 - Enhancing Analysis with Threat Intelligence 25.02.2025 19:23
DE.AE-07 integrates cyber threat intelligence and contextual data—like asset inventories or vulnerability disclosures—into adverse event analysis to enhance accuracy and relevance. This involves securely feeding intelligence to detection technologies and personnel, enabling rapid analysis of supplier or third-party advisories. It enriches understanding of event significance. This subcategory stren...
DE.AE-06 - Sharing Adverse Event Information 25.02.2025 19:37
DE.AE-06 ensures that information about adverse events is promptly shared with authorized staff—such as SOC teams and incident responders—and integrated into response tools. This includes generating alerts, assigning tickets in ticketing systems, and providing access to analysis findings at all times. It enables swift, coordinated action against detected threats. This subcategory enhances response...
Ähnliche Podcasts
Replaio ist kein Herausgeber von Podcasts; die Namen der Sendungen, Cover und Audioinhalte gehören ihren Autoren und werden über öffentliche RSS-Feeds verbreitet