Risk Frameworks: NIST CSF and ISO 27001
Map organizational security to NIST CSF functions and ISO 27001 controls for compliance and audits.
Why Risk Frameworks?
Security teams face infinite potential controls and limited resources. Risk frameworks provide structured vocabularies, control catalogs, and assessment methods that help organizations prioritize security investments, communicate risk to executives, and demonstrate compliance.
NIST Cybersecurity Framework Overview
The NIST CSF (version 2.0) organizes cybersecurity activities into six functions: Govern, Identify, Protect, Detect, Respond, and Recover. Each function contains categories and subcategories mapping to specific security outcomes. It is widely adopted across US critical infrastructure and beyond.
All lessons in this course
- Threat Modeling with STRIDE and PASTA
- Risk Frameworks: NIST CSF and ISO 27001
- Security Control Selection and Gap Analysis
- Security Audit and Compliance Reviews