Part 3: Advanced Topics and Best Practices

Here we are – the final part. So far, we’ve covered the entire framework, but you may be asking, “How do we put it all together? What if my environment is radically different than what has been described so far?” That’s what this part is all about. We’re going to discuss how to monitor your environment and your own practices so that you and your organization can continue to get better. Your implementation of the framework should be a living, breathing document. You’ll need to figure out what is working in your environment and what is not and make the appropriate changes as you go.

Too many times we write a policy only to never revisit it. In cybersecurity, that cannot be the case. Nor can it be that we’re learning new technology, policies, and so on after hours. There must be time in the workday, and cybersecurity must be a priority enough that you can do the research, implementation...