Introduction to security frameworks and controls

 

Imagine you're working as a security analyst and receive 
multiple alerts about suspicious activity on the network. 
You realize that you'll need to implement 
additional security measures to keep 
these alerts from becoming 
serious incidents. But where do you start?
As an analyst, you'll start by identifying 
your organization's critical assets and risks. 
Then you'll implement 
the necessary frameworks and controls.
In this video, we'll discuss how security professionals 
use frameworks to continuously identify and manage risk. 
We'll also cover how to use 
security controls to manage or reduce specific risks.
Security frameworks are guidelines 
used for building plans 
to help mitigate risks and threats to data and privacy. 
Security frameworks provide a structured approach 
to implementing a security lifecycle. 
The security lifecycle is 
a constantly evolving set of policies 
and standards that define 
how an organization manages risks, 
follows established guidelines, 
and meets regulatory compliance, or laws.
There are several security frameworks 
that may be used to manage 
different types of organizational 
and regulatory compliance risks. 
The purpose of security frameworks include protecting 
personally identifiable information, known as PII, 
securing financial information, 
identifying security weaknesses, 
managing organizational risks, 
and aligning security with business goals.
Frameworks have four core components and 
understanding them will allow you to 
better manage potential risks. 
The first core component is 
identifying and documenting security goals. 
For example, an organization may have a goal to 
align with the E.U.'s General Data Protection Regulation, 
also known as GDPR. 
GDPR is a data protection law established to 
grant European citizens more control 
over their personal data. 
A security analyst may be asked to identify and document 
areas where an organization 
is out of compliance with GDPR.
The second core component is setting 
guidelines to achieve security goals. 
For example, when implementing 
guidelines to achieve GDPR compliance, 
your organization may need to develop 
new policies for how to handle 
data requests from individual users.
The third core component of security frameworks is 
implementing strong security processes. 
In the case of GDPR, 
a security analyst working for 
a social media company may help design 
procedures to ensure the organization 
complies with verified user data requests. 
An example of this type of request is when a user 
attempts to update or delete their profile information.
The last core component of 
security frameworks is 
monitoring and communicating results. 
As an example, you may monitor 
your organization's internal network and report 
a potential security issue affecting 
GDPR to your manager or regulatory compliance officer.
Now that we've introduced 
the four core components of security frameworks, 
let's tie them all together. 
Frameworks allow analysts to work alongside 
other members of the security team to document, 
implement, and use the policies 
and procedures that have been created. 
It's essential for an entry-level analyst to understand 
this process because it directly affects 
the work they do and how they collaborate with others. 
Next, we'll discuss security controls.
Security controls are safeguards 
designed to reduce specific security risks. 
For example, your company 
may have a guideline that requires 
all employees to complete 
a privacy training to reduce the risk of data breaches. 
As a security analyst, 
you may use a software tool to automatically 
assign and track which 
employees have completed this training.
Security frameworks and controls are 
vital to managing security for all types of 
organizations and ensuring that everyone is 
doing their part to maintain a low level of risk.
Understanding their purpose and how 
they are used allows analysts to 
support an organization's security goals 
and protect the people it serves.
In the following videos, 
we'll discuss some well-known frameworks 
and principles that analysts need to 
be aware of to minimize risk and protect data and users.

Comments

Post a Comment

Popular posts from this blog

Grid Search

  Grid search is a powerful technique used for hyperparameter tuning in machine learning models. It allows us to systematically search through a grid of hyperparameter values and select the combination that yields the best performance on a validation set. Here's how grid search works: Define Hyperparameter Grid: First, we specify a grid of hyperparameter values that we want to explore. This grid is typically defined as a Python dictionary, where each key represents a hyperparameter name, and the corresponding value is a list of possible values for that hyperparameter. Model Selection: Next, we select the machine learning model or estimator that we want to tune using grid search. This could be any model that has hyperparameters, such as ridge regression, support vector machines, random forests, etc. Cross-Validation: We split our dataset into three parts: training set, validation set, and test set. The training set is used to train the models with different hyperparameter values, th...
Read more

Common cybersecurity terminology

  As you’ve learned, cybersecurity (also known as security) is the practice of ensuring confidentiality, integrity, and availability of information by protecting networks, devices, people, and data from unauthorized access or criminal exploitation. In this reading, you’ll be introduced to some key terms used in the cybersecurity profession. Then, you’ll be provided with a resource that’s useful for staying informed about changes to cybersecurity terminology. Key cybersecurity terms and concepts There are many terms and concepts that are important for security professionals to know. Being familiar with them can help you better identify the threats that can harm organizations and people alike. A security analyst or cybersecurity analyst focuses on monitoring networks for breaches. They also help develop strategies to secure an organization and research information technology (IT) security trends to remain alert and informed about potential threats. Additionally, an analyst work...
Read more