About Us

The executive cyber training room.  If you have a topic to discuss, let me know. 

The National Institute of Standards and Technology (NIST) Cybersecurity Framework includes a set of controls developed by the Center for Internet Security (CIS). These controls are known as the CIS Controls or the Critical Security Controls. They are a prioritized set of actions that organizations can take to improve their cybersecurity posture. There are 20 CIS Controls, which cover various aspects of cybersecurity, including asset management, vulnerability management, access control, and incident response. These controls are widely used by organizations as a benchmark to measure and improve their cybersecurity defenses.

https://www.nist.gov/cyberframework/framework

https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r5.pdf

A corporate security policy is a comprehensive document that outlines the rules, regulations, and procedures for ensuring the security of a company's data and information technology (IT) assets. It typically includes the following components: 

1. Scope: Defines the scope of the security policy, including the systems, assets, and data that are covered. 
2. Roles and Responsibilities: Outlines the roles and responsibilities of different stakeholders involved in the implementation of the security policy, including employees, IT staff, and management. 
3. Physical Security: Describes the measures that the company will take to secure its physical assets, such as data centers, servers, and other critical hardware. 
4. Access Control: Outlines the measures that the company will employ to ensure that only authorized personnel have access to its systems and data. 
5. Incident Management: Describes the procedures that the company will follow in the event of a security breach or incident. 
6. Network Security: Outlines the measures that the company will take to secure its network infrastructure, such as firewalls, intrusion detection and prevention systems, and encryption. 
7. Data Protection: Describes the measures that the company will take to protect its data, including backups, encryption, and secure data storage practices. 
8. Compliance: Outlines the company's compliance obligations, including legal and regulatory requirements, and sets out the measures that the company will take to ensure compliance. 
9. Training and Awareness: Describes the training and awareness programs that the company will implement to educate its employees about security risks and best practices. 

Overall, a corporate security policy is a crucial tool for ensuring the ongoing security of a company's data and IT assets.