Starting my learning journey in the GRC space without any background in Cybersecurity. This is the second video I am watching on GRC and I must say you explained this framework in a way that is easy to understand. Thank you
Excellent material! So informative…! I must follow you in other social media’s to see what other lessons and advices. Thank you so much for your time and effort on the preparation of this webinar.
You are an Amazing Educator and Trainor. I really enjoyed watched your IT/Cybersecurity and CSF Tutorial videos. They are so perfect and easily digestible. Wish to watch your complete Tutorial video about IT Audit Fundamentals course.
Nice one again. Time to time post IT class as well. Too many NIST CSF 2.0 out there. Missing IT Audit session out there that last for 60 minutes and so. Thanks
Thanks for the video. So I have a very important question. With NIST CSF, without a community profile, how can you really determine the controls needed for your Target profile??? Or should organizations always look for a community profile to use as baseline? For example, with NIST RMF, I know that I would categorize the system, and based on the High Water mark, I will select my control baseline from 800-53, then tailor if need be. But atleast the categorize process would help me to know the controls or baseline or Target that applies. Moreover, with CIS baselines, I can decide that, perhaps, I want to select IG1, IG2, or IG3, depending on my cyber maturity, and Im confident about which controls those come with. Another example....with NIST 800-171 for instance, which pretty much is prescriptive, I know with Level 2, I have 110 controls to adhere to, so any gap analysis I would perform would be against that. However with NIST CSF, Im still not absolutely sure how we arrive at what the Target Proile is supposed to be. Or are you saying the security personnel can randomly pick what controls they think suit the organization?? I hope you understand my ask.
Starting my learning journey in the GRC space without any background in Cybersecurity. This is the second video I am watching on GRC and I must say you explained this framework in a way that is easy to understand. Thank you
Thanks!
Thanks a lot ma’am 🎉
Coming from the 3 days training
peju honestly your the best I like the way you break down the frameworks and give confidence to people listening to you. thank you
Excellent material! So informative…! I must follow you in other social media’s to see what other lessons and advices. Thank you so much for your time and effort on the preparation of this webinar.
You are an Amazing Educator and Trainor. I really enjoyed watched your IT/Cybersecurity and CSF Tutorial videos. They are so perfect and easily digestible. Wish to watch your complete Tutorial video about IT Audit Fundamentals course.
what a clear and concise presentation!
I love your commitment to share this content! Keep it up Peju!
Great content, great sharing!
Great presentation Peju,
I am currently scoping a Framework for a large project, so your presentation was very informative.
Keep up the good work 👍🏾😉
Extremely informative and very helpful!
Glad it was helpful!
Great delivery . More of your great works.
Great content and delivery! Thanks so much. Will have no choice but to subscribe to your channel. You're a great tutor!❤
She's awesome ❤
Brilliant Delivery
Nice one again. Time to time post IT class as well. Too many NIST CSF 2.0 out there. Missing IT Audit session out there that last for 60 minutes and so. Thanks
More to come! This NIST training is different from the others though.
Nice to hear ! Thanks 🙏
Thanks for the video. So I have a very important question. With NIST CSF, without a community profile, how can you really determine the controls needed for your Target profile??? Or should organizations always look for a community profile to use as baseline?
For example, with NIST RMF, I know that I would categorize the system, and based on the High Water mark, I will select my control baseline from 800-53, then tailor if need be. But atleast the categorize process would help me to know the controls or baseline or Target that applies.
Moreover, with CIS baselines, I can decide that, perhaps, I want to select IG1, IG2, or IG3, depending on my cyber maturity, and Im confident about which controls those come with.
Another example....with NIST 800-171 for instance, which pretty much is prescriptive, I know with Level 2, I have 110 controls to adhere to, so any gap analysis I would perform would be against that.
However with NIST CSF, Im still not absolutely sure how we arrive at what the Target Proile is supposed to be. Or are you saying the security personnel can randomly pick what controls they think suit the organization?? I hope you understand my ask.
Thank you peju
You're welcome
how can I get hands on IT Audit before joining to a job as they are asking about the hands on
Do you have a completed example risk assessment for a (updated on 10/11 for clarity) fictional customer you can share?
Sorry, I can't share customer information. Thanks.
@@YourITCareer I was referring to a fictional customer. If you have one, great, if not no worries.
Thank you
Can you share this ppt?
Hello. No, we can't. Thanks.
Grc