All Episodes
Displaying 1 - 20 of 113 in total
Introduction to the NIST CSF
In this episode of Bare Metal Cyber Presents: Framework, we introduce the National Institute of Standards and Technology (NIST) and its groundbreaking Cybersecurity Fr...
Introduction to Gap Assessments
In this episode of Bare Metal Cyber Presents: Framework, we dive into the importance of cybersecurity gap assessments—an essential process for identifying weaknesses, ...
The Fundamentals of Cybersecurity Controls
In this episode of Bare Metal Cyber Presents: Framework, we take a deep dive into cybersecurity controls—the fundamental safeguards that protect organizations from cyb...
Cybersecurity Maturity
In this episode of Bare Metal Cyber Presents: Framework, we break down the cybersecurity maturity tiers in NIST Cybersecurity Framework 2.0 (CSF 2.0) and how organizat...
Cybersecurity Risk Management
In this episode of Bare Metal Cyber Presents: Framework, we explore the critical role of risk management in the NIST Cybersecurity Framework 2.0 (CSF 2.0). Cyber threa...
Introduction to NIST 800-53
In this episode of Bare Metal Cyber Presents: Framework, we take a deep dive into NIST 800-53, one of the most comprehensive security frameworks for implementing struc...
Introduction to NIST CSF Profiles
Cybersecurity is not a one-size-fits-all approach, and that’s where N I S T C S F Profiles come in. In this episode, we break down how organizations can customize the ...
GV.OC-01 - Aligning Cybersecurity with Organizational Mission
The GV.OC-01 subcategory emphasizes the importance of aligning an organization’s cybersecurity risk management efforts with its overarching mission. It ensures that le...
GV.OC-02 - Understanding Stakeholder Needs in Cybersecurity
GV.OC-02 focuses on identifying and comprehending the stakeholders—both within and outside the organization—who influence or are impacted by cybersecurity risk managem...
GV.OC-03 - Navigating Legal and Regulatory Cybersecurity Requirements
GV.OC-03 addresses the need for organizations to fully grasp and manage the legal, regulatory, and contractual obligations that govern their cybersecurity practices. T...
GV.OC-04 - Prioritizing Critical Objectives and Services
GV.OC-04 centers on identifying and communicating the critical objectives, capabilities, and services that stakeholders rely on, ensuring they are prioritized in cyber...
GV.OC-05 - Mapping Organizational Dependencies
GV.OC-05 focuses on recognizing and sharing knowledge about the external outcomes, capabilities, and services the organization relies upon to function effectively. Thi...
GV.RM-01 - Setting Cybersecurity Risk Management Goals
GV.RM-01 involves setting clear, agreed-upon objectives for managing cybersecurity risks across the organization, ensuring alignment among stakeholders like leadership...
GV.RM-02 - Defining Risk Appetite and Tolerance
GV.RM-02 requires organizations to define and communicate their risk appetite—the level of risk they are willing to accept—and translate it into specific, measurable r...
GV.RM-03 - Integrating Cybersecurity into Enterprise Risk Management
GV.RM-03 integrates cybersecurity risk management into the broader enterprise risk management (ERM) framework, ensuring it is considered alongside other risks like fin...
GV.RM-04 - Crafting Strategic Risk Response Options
GV.RM-04 focuses on defining and sharing a strategic direction for responding to cybersecurity risks, outlining options like acceptance, mitigation, or transfer (e.g.,...
GV.RM-05 - Building Communication Channels for Cybersecurity Risks
GV.RM-05 emphasizes creating structured communication channels to share cybersecurity risk information across departments and with external parties like suppliers. Thi...
GV.RM-06 - Standardizing Cybersecurity Risk Assessment
GV.RM-06 establishes a consistent methodology for assessing and prioritizing cybersecurity risks, using tools like risk registers or quantitative formulas. This standa...
GV.RM-07 - Embracing Strategic Opportunities in Risk Management
GV.RM-07 recognizes that not all risks are negative, encouraging organizations to identify and discuss strategic opportunities, or “positive risks,” alongside threats....
GV.RR-01 - Leadership’s Role in Cybersecurity Accountability
GV.RR-01 assigns responsibility to leadership for overseeing cybersecurity risk, ensuring they are accountable for strategy development and execution. It emphasizes fo...