All Episodes
Displaying 91 - 114 of 114 in total
GV.RR-04 - Embedding Cybersecurity in HR Practices
GV.RR-04 integrates cybersecurity considerations into human resources processes, such as hiring, onboarding, training, and offboarding, to enhance organizational secur...
GV.RR-03 - Allocating Resources for Cybersecurity Success
GV.RR-03 ensures that sufficient resources—people, processes, and technology—are allocated to support the organization’s cybersecurity risk strategy and assigned roles...
GV.RR-02 - Clarifying Cybersecurity Roles and Responsibilities
GV.RR-02 focuses on defining and disseminating clear roles, responsibilities, and authorities for cybersecurity risk management across the organization. This clarity e...
GV.RR-01 - Leadership’s Role in Cybersecurity Accountability
GV.RR-01 assigns responsibility to leadership for overseeing cybersecurity risk, ensuring they are accountable for strategy development and execution. It emphasizes fo...
GV.RM-07 - Embracing Strategic Opportunities in Risk Management
GV.RM-07 recognizes that not all risks are negative, encouraging organizations to identify and discuss strategic opportunities, or “positive risks,” alongside threats....
GV.RM-06 - Standardizing Cybersecurity Risk Assessment
GV.RM-06 establishes a consistent methodology for assessing and prioritizing cybersecurity risks, using tools like risk registers or quantitative formulas. This standa...
GV.RM-05 - Building Communication Channels for Cybersecurity Risks
GV.RM-05 emphasizes creating structured communication channels to share cybersecurity risk information across departments and with external parties like suppliers. Thi...
GV.RM-04 - Crafting Strategic Risk Response Options
GV.RM-04 focuses on defining and sharing a strategic direction for responding to cybersecurity risks, outlining options like acceptance, mitigation, or transfer (e.g.,...
GV.RM-03 - Integrating Cybersecurity into Enterprise Risk Management
GV.RM-03 integrates cybersecurity risk management into the broader enterprise risk management (ERM) framework, ensuring it is considered alongside other risks like fin...
GV.RM-02 - Defining Risk Appetite and Tolerance
GV.RM-02 requires organizations to define and communicate their risk appetite—the level of risk they are willing to accept—and translate it into specific, measurable r...
GV.RM-01 - Setting Cybersecurity Risk Management Goals
GV.RM-01 involves setting clear, agreed-upon objectives for managing cybersecurity risks across the organization, ensuring alignment among stakeholders like leadership...
GV.OC-05 - Mapping Organizational Dependencies
GV.OC-05 focuses on recognizing and sharing knowledge about the external outcomes, capabilities, and services the organization relies upon to function effectively. Thi...
GV.OC-04 - Prioritizing Critical Objectives and Services
GV.OC-04 centers on identifying and communicating the critical objectives, capabilities, and services that stakeholders rely on, ensuring they are prioritized in cyber...
GV.OC-03 - Navigating Legal and Regulatory Cybersecurity Requirements
GV.OC-03 addresses the need for organizations to fully grasp and manage the legal, regulatory, and contractual obligations that govern their cybersecurity practices. T...
GV.OC-02 - Understanding Stakeholder Needs in Cybersecurity
GV.OC-02 focuses on identifying and comprehending the stakeholders—both within and outside the organization—who influence or are impacted by cybersecurity risk managem...
GV.OC-01 - Aligning Cybersecurity with Organizational Mission
The GV.OC-01 subcategory emphasizes the importance of aligning an organization’s cybersecurity risk management efforts with its overarching mission. It ensures that le...
Introduction to NIST CSF Profiles
Cybersecurity is not a one-size-fits-all approach, and that’s where N I S T C S F Profiles come in. In this episode, we break down how organizations can customize the ...
Introduction to NIST 800-53
In this episode of Bare Metal Cyber Presents: Framework, we take a deep dive into NIST 800-53, one of the most comprehensive security frameworks for implementing struc...
Cybersecurity Risk Management
In this episode of Bare Metal Cyber Presents: Framework, we explore the critical role of risk management in the NIST Cybersecurity Framework 2.0 (CSF 2.0). Cyber threa...
Cybersecurity Maturity
In this episode of Bare Metal Cyber Presents: Framework, we break down the cybersecurity maturity tiers in NIST Cybersecurity Framework 2.0 (CSF 2.0) and how organizat...
The Fundamentals of Cybersecurity Controls
In this episode of Bare Metal Cyber Presents: Framework, we take a deep dive into cybersecurity controls—the fundamental safeguards that protect organizations from cyb...
Introduction to Gap Assessments
In this episode of Bare Metal Cyber Presents: Framework, we dive into the importance of cybersecurity gap assessments—an essential process for identifying weaknesses, ...
Introduction to the NIST CSF
In this episode of Bare Metal Cyber Presents: Framework, we introduce the National Institute of Standards and Technology (NIST) and its groundbreaking Cybersecurity Fr...
Welcome to Framework! Coming Soon!
Cybersecurity frameworks can feel complex, but they don’t have to be. Bare Metal Cyber Presents: Framework is here to break them down—especially the NIST Cybersecurit...
