All Episodes
Displaying 1 - 30 of 113 in total
Introduction to the NIST CSF
In this episode of Bare Metal Cyber Presents: Framework, we introduce the National Institute of Standards and Technology (NIST) and its groundbreaking Cybersecurity Fr...
Introduction to Gap Assessments
In this episode of Bare Metal Cyber Presents: Framework, we dive into the importance of cybersecurity gap assessments—an essential process for identifying weaknesses, ...
The Fundamentals of Cybersecurity Controls
In this episode of Bare Metal Cyber Presents: Framework, we take a deep dive into cybersecurity controls—the fundamental safeguards that protect organizations from cyb...
Cybersecurity Maturity
In this episode of Bare Metal Cyber Presents: Framework, we break down the cybersecurity maturity tiers in NIST Cybersecurity Framework 2.0 (CSF 2.0) and how organizat...
Cybersecurity Risk Management
In this episode of Bare Metal Cyber Presents: Framework, we explore the critical role of risk management in the NIST Cybersecurity Framework 2.0 (CSF 2.0). Cyber threa...
Introduction to NIST 800-53
In this episode of Bare Metal Cyber Presents: Framework, we take a deep dive into NIST 800-53, one of the most comprehensive security frameworks for implementing struc...
Introduction to NIST CSF Profiles
Cybersecurity is not a one-size-fits-all approach, and that’s where N I S T C S F Profiles come in. In this episode, we break down how organizations can customize the ...
GV.OC-01 - Aligning Cybersecurity with Organizational Mission
The GV.OC-01 subcategory emphasizes the importance of aligning an organization’s cybersecurity risk management efforts with its overarching mission. It ensures that le...
GV.OC-02 - Understanding Stakeholder Needs in Cybersecurity
GV.OC-02 focuses on identifying and comprehending the stakeholders—both within and outside the organization—who influence or are impacted by cybersecurity risk managem...
GV.OC-03 - Navigating Legal and Regulatory Cybersecurity Requirements
GV.OC-03 addresses the need for organizations to fully grasp and manage the legal, regulatory, and contractual obligations that govern their cybersecurity practices. T...
GV.OC-04 - Prioritizing Critical Objectives and Services
GV.OC-04 centers on identifying and communicating the critical objectives, capabilities, and services that stakeholders rely on, ensuring they are prioritized in cyber...
GV.OC-05 - Mapping Organizational Dependencies
GV.OC-05 focuses on recognizing and sharing knowledge about the external outcomes, capabilities, and services the organization relies upon to function effectively. Thi...
GV.RM-01 - Setting Cybersecurity Risk Management Goals
GV.RM-01 involves setting clear, agreed-upon objectives for managing cybersecurity risks across the organization, ensuring alignment among stakeholders like leadership...
GV.RM-02 - Defining Risk Appetite and Tolerance
GV.RM-02 requires organizations to define and communicate their risk appetite—the level of risk they are willing to accept—and translate it into specific, measurable r...
GV.RM-03 - Integrating Cybersecurity into Enterprise Risk Management
GV.RM-03 integrates cybersecurity risk management into the broader enterprise risk management (ERM) framework, ensuring it is considered alongside other risks like fin...
GV.RM-04 - Crafting Strategic Risk Response Options
GV.RM-04 focuses on defining and sharing a strategic direction for responding to cybersecurity risks, outlining options like acceptance, mitigation, or transfer (e.g.,...
GV.RM-05 - Building Communication Channels for Cybersecurity Risks
GV.RM-05 emphasizes creating structured communication channels to share cybersecurity risk information across departments and with external parties like suppliers. Thi...
GV.RM-06 - Standardizing Cybersecurity Risk Assessment
GV.RM-06 establishes a consistent methodology for assessing and prioritizing cybersecurity risks, using tools like risk registers or quantitative formulas. This standa...
GV.RM-07 - Embracing Strategic Opportunities in Risk Management
GV.RM-07 recognizes that not all risks are negative, encouraging organizations to identify and discuss strategic opportunities, or “positive risks,” alongside threats....
GV.RR-01 - Leadership’s Role in Cybersecurity Accountability
GV.RR-01 assigns responsibility to leadership for overseeing cybersecurity risk, ensuring they are accountable for strategy development and execution. It emphasizes fo...
GV.RR-02 - Clarifying Cybersecurity Roles and Responsibilities
GV.RR-02 focuses on defining and disseminating clear roles, responsibilities, and authorities for cybersecurity risk management across the organization. This clarity e...
GV.RR-03 - Allocating Resources for Cybersecurity Success
GV.RR-03 ensures that sufficient resources—people, processes, and technology—are allocated to support the organization’s cybersecurity risk strategy and assigned roles...
GV.RR-04 - Embedding Cybersecurity in HR Practices
GV.RR-04 integrates cybersecurity considerations into human resources processes, such as hiring, onboarding, training, and offboarding, to enhance organizational secur...
GV.PO-01 - Establishing a Cybersecurity Risk Management Policy
GV.PO-01 involves creating a formal cybersecurity risk management policy that reflects the organization’s unique context, strategy, and priorities. This policy outline...
GV.PO-02 - Keeping Cybersecurity Policies Current
GV.PO-02 ensures that the cybersecurity risk management policy remains dynamic, undergoing regular reviews to adapt to evolving threats, technologies, legal requiremen...
GV.OV-01 - Reviewing Cybersecurity Strategy Outcomes
GV.OV-01 focuses on evaluating the outcomes of the cybersecurity risk management strategy to refine its direction and effectiveness. This involves measuring how well t...
GV.OV-02 - Adjusting Strategies for Comprehensive Risk Coverage
GV.OV-02 involves periodic reviews of the cybersecurity risk management strategy to confirm it addresses all organizational requirements and emerging risks. This inclu...
GV.OV-03 - Evaluating Cybersecurity Performance
GV.OV-03 emphasizes measuring and reviewing the organization’s cybersecurity risk management performance using indicators like KPIs and KRIs. This evaluation identifie...
GV.SC-01 - Building a Supply Chain Risk Management Program
GV.SC-01 focuses on creating a structured cybersecurity supply chain risk management program that includes a clear strategy, objectives, policies, and processes, all e...
GV.SC-02 - Defining Cybersecurity Roles in the Supply Chain
GV.SC-02 emphasizes defining and sharing cybersecurity roles and responsibilities for all parties in the supply chain—suppliers, customers, and partners—as well as wit...
