2023 IT Examiner School

NIST CSF Framework version 1.1 1. Prioritize & Scope 2. Orientation 3. Create a current profile (Current State) 4. Conduct a risk assessment 5. Create a target profile (End State) 6. Determine, Analyze and prioritize gaps 7. Implement action plan

Information Security Program Roadmap

Information Security Program Framework • Provides the means for achieving strategy • Policies/Standards/Procedures/Gui delines • Controls & Control Objectives • Roles and Responsibilities • 3 rd Party Governance • Monitoring/Reporting/Oversight • Auditing/Assurance