ZARZA We are Zarza, the prestigious firm behind major projects in information technology.
Listen "#5 - Cyber Frameworks"
Episode Synopsis
Cyber Frameworks help CISOs build, measure, and execute top-notch information security programs. This podcast overviews the differences between Cyber Control Frameworks (CIS Controls & NIST 800-53), Program Frameworks (ISO 27001 & NIST CSF), and Risk Frameworks (FAIR, ISO 27005, & NIST 800-39) as well as provides useful tips on how to implement them.
Chapters
00:00 Introductions
03:29 Creating a Framework for Cyber Security Programs
06:48 What are the Most Important Controls
11:08 Having an Inventory of Your Network Assets
14:01 Patch Tuesday and Remediation
18:20 Penetration Testing - The Last of the 20 SANS Controls
20:58 What's the NIST Cyber Security Framework
29:17 The Evolution of Security Controls
35:03 ISO 27000 Series Gap Analysis
40:03 Cyber is in the Business of Revenue Protection
44:53 The Risk Matrix - Likelihood and Impact
49:32 Risk Management & Continuous Vulnerability Management
51:41 Your four options? (Accept, Mitigate, Avoid, or Assign)
Chapters
00:00 Introductions
03:29 Creating a Framework for Cyber Security Programs
06:48 What are the Most Important Controls
11:08 Having an Inventory of Your Network Assets
14:01 Patch Tuesday and Remediation
18:20 Penetration Testing - The Last of the 20 SANS Controls
20:58 What's the NIST Cyber Security Framework
29:17 The Evolution of Security Controls
35:03 ISO 27000 Series Gap Analysis
40:03 Cyber is in the Business of Revenue Protection
44:53 The Risk Matrix - Likelihood and Impact
49:32 Risk Management & Continuous Vulnerability Management
51:41 Your four options? (Accept, Mitigate, Avoid, or Assign)
More episodes of the podcast CISO Tradecraft®
#265 - 12 CISO Templates (with Ross Young)
29/12/2025
#257 - Patch or Perish (with Ross Young)
03/11/2025
In God we trust