Joel ’SCADAHacker’ Langill of amentum (formerly AECOM) gives the session on ICS Security Frameworks and Maturity Models.
The main focus is on the US NIST Cybersecurity Framework. While this is a US developed Framework, it is being used in other countries as well. Joel not only covers what the Framework is. Importantly he goes into detail on how he uses the NISF CSF and shows another freely available tool. The video also provides some detail on C2M2 and CMMC and compares them to NIST CSF.
Joel closes with information on the DHS CISA CSET tool, how to customize it, and then some Q&A.
Questions:
1) Do you use a Framework to structure your cyber security program? If yes, which Framework and why? Does your industry have a Profile for the NIST CSF?
2) Can you be compliant to a Framework? Why or why not? (admittedly there is disagreement on the answer to this question)
Note - I have some more detailed info on how I use the NIST CSF coming out here on Tuesday in an audio file, and I'll be happy to answer any questions.
- 3. NIST CSF and Maturity Models with Joel Langill ( Download)
- Jumpstart Your NIST CSF Maturity ( Download)
- NIST CSF - Measuring Your Cybersecurity Maturity ( Download)
- What are the NIST CSF Implementation Tiers ( Download)
- Measuring Cybersecurity Maturity with the NIST CSF - Josh Sokol ( Download)
- What is the Cybersecurity Maturity Model Certification (CMMC) ( Download)
- NIST CSF: Profiles, Tiers, & Core Functions Explained ( Download)
- Infrastructure Cybersecurity Trends and Developments - Joel Langill, AECOM - ARC Orlando 2018 Forum ( Download)
- 2018 - How to Assess the Maturity of your Security Program ( Download)
- NIST CSF Overview ( Download)
- Lesson 3 - Why Use the NIST Framework for Risk Management ( Download)
- MHA NIST CSF Assessment Tool training ( Download)
- NIST ( Download)
- Implementing the NIST CSF - 4 Step Summary ( Download)
- Cybersecurity Maturity ( Download)
