Mini-Capsules - NIST Cybersecurity Framework (NIST CSF) - Episode 11 - Protect – Information Protection Processes and Procedures (PR.IP) 

Dans l'épisode d'aujourd'hui, Frederic Deneault vulgarise les contrôles de la catégorie Information Protection Processes and Procedures (PR.IP) de la fonction Protect  du NIST cybersecurity framework.

NIST CSF PR.IP-1: A baseline configuration of information technology/industrial control systems is created and maintained incorporating security principles (e.g. concept of least functionality

NIST CSF PR.IP-2: A System Development Life Cycle to manage systems is implemented

NIST CSF PR.IP-3: Configuration change control processes are in place

NIST CSF PR.IP-4: Backups of information are conducted, maintained, and tested 

NIST CSF PR.IP-5: Policy and regulations regarding the physical operating environment for organizational assets are met

NIST CSF PR.IP-6: Data is destroyed according to policy

NIST CSF PR.IP-7: Protection processes are improved

NIST CSF PR.IP-8: Effectiveness of protection technologies is shared 

NIST CSF PR.IP-9: Response plans (Incident Response and Business Continuity) and recovery plans (Incident Recovery and Disaster Recovery) are in place and managed

NIST CSF PR.IP-10: Response and recovery plans are tested

NIST CSF PR.IP-11: Cybersecurity is included in human resources practices (e.g., deprovisioning, personnel screening)

NIST CSF PR.IP-12: A vulnerability management plan is developed and implemented

Si vous avez des questions ou vous voulez partager votre opinion, n'hésitez pas!

Suivez-moi sur LinkedIn: - Frederic Deneault https://bit.ly/38BEZp2  

Le podcast Discutons Gouvernance https://bit.ly/2YdfJn4