Information Security Management Frameworks by Chris Lincoln

Описание: Information Security Management Frameworks Explained | CIC Webinar with Chris Lincoln (Bell Canada)

In this Canadian Institute for Cybersecurity (#CIC) webinar, Chris Lincoln—Principal Consultant for Bell Security Professional Services and leader of Bell’s security integration practice in Atlantic Canada—provides a deep dive into information security management frameworks, how they work, and how organisations can use them to strengthen governance, reduce risk, and improve cybersecurity maturity.

With over 20 years of experience in IT security, governance, risk, compliance (GRC), and technical testing, Chris walks through major industry frameworks, when to use each one, and how to choose the right approach for your organisation.

🔍 What You’ll Learn
This webinar covers:
✔️ Why use a security framework? Understanding business drivers, risk reduction, compliance pressures, and security maturity roadmaps.
✔️ How frameworks support governance & protection: Asset identification, risk assessment, control selection, ongoing monitoring, and operations hardening.
✔️ Deep overview of major security frameworks:
ISO/IEC 27000 family (e.g., ISO 27001, 27002, 27005)
NIST 800 Series (incl. SP 800‑53, SP 800‑171, NIST cryptographic standards)
ITSG‑33 (Government of Canada security controls)
NIST Cybersecurity Framework (CSF) – Identify / Protect / Detect / Respond / Recover
CIS Critical Security Controls (formerly SANS Top 20)
COBIT (IT governance and enterprise risk alignment)
Cyber Kill Chain (Lockheed Martin threat‑focused model)
PCI DSS, NERC CIP, ISA/IEC 62443, and industry‑specific requirements
Cloud Security Alliance CCM for cloud providers
Cyber Essentials Canada (SMB‑focused baseline controls)
Standard of Good Practice (ISF)
Unified Compliance Framework (UCF)
✔️ How to select the right framework: Factors include regulatory requirements, industry obligations, organisational size, technology environment, risk appetite, and desired assurance level.
✔️ Practical challenges & recommendations: Security as an afterthought, documentation, control ownership, segregation of duties, cloud complexity, and communicating risk to senior leadership.

🧠 Key Takeaways
Frameworks provide structure, clarity, and measurable maturity for cybersecurity programs.
Organisations may use multiple frameworks simultaneously (ISO + PCI + NIST), depending on obligations.
Controls focus on preventing unauthorised access, misuse, disclosure, alteration, or destruction of information assets.
Some frameworks are technology‑driven (CIS Controls), others risk‑based (ISO 27001), and others regulatory (PCI DSS, NERC CIP).
Small and medium‑sized businesses can start with Cyber Essentials Canada or the NIST CSF before moving to more advanced frameworks.

👩‍💻 Who Should Watch
Cybersecurity managers & directors
GRC professionals
IT auditors & risk analysts
Systems administrators & technical security teams
Small business owners preparing for security certification
Students and researchers learning about cybersecurity governance

🔒 About CIC
The Canadian Institute for Cybersecurity at the University of New Brunswick is a global leader in cybersecurity research, datasets, and industry collaboration. CIC hosts frequent webinars featuring experts in governance, AI security, digital forensics, data analytics, cloud security, and more.
-------------------------------
To learn more about the Canadian Institute for Cybersecurity watch,    • Inside the Canadian Institute for Cybersec...  

🔖 If you found this webinar helpful, please like, subscribe, and turn on notifications for future CIC sessions.

#Cybersecurity #InformationSecurity #ISO27001 #NIST #CISControls #COBIT #RiskManagement #GRC #Compliance #BigDataSecurity #CIC #UNB #Infosec #SecurityFrameworks #Governance

Stay connected with us!
Twitter:   / cic_unb  
Facebook: https://fb.me/cicunbca
LinkedIn:   / canadian_institute_cybersecurity  
Blog: https://cyberdailyreport.com/blog
Website: https://www.unb.ca/cic/

Canadian Institute for Cybersecurity
University of New Brunswick
46 Dineen Drive, Fredericton, NB E3B 9W4 Canada

0:00 Introduction
0:01 Canadian Institute for Cybersecurity
1:22 Outline
1:41 Why Frameworks?
3:19 Common Goals of Frameworks
5:04 Major Frameworks
6:47 ISO/IEC 27000 Family Oldest and most popular framework
9:27 NIST Special Publication 800 Series Gold standard for best practices NIST
13:54 ITSG-33 Standard for federal government
15:49 NIST Cybersecurity Framework Simplified version based on SP 300-53
19:10 CIS Controls
23:03 COBITO Control Objectives for Information and Related Technologies
29:36 Cyber Essentials Canada Low cost certification program for SMBS
31:12 The Standard of Good Practice for Information Security
32:58 Unified Compliance Framework
34:49 Selecting Frameworks