Hello, The defense-in-depth is based on technology deployment, and its purpose establishing 10 layers of defense.

@mbernard9456 thank you for clarifying that.

Start with the country that you work in and gather the regional and national laws, then regulations, contract knowledge will come from the company that you work for.

Thank you for your support and positive comments Maya. ☺👌

Good afternoon Alexander, Thank you for your message. I hope that you are well and in good spirits. I agree and completely understand your observation. There are two measuring sticks, the CMMI and the Target Profile, not to be confused. There are 108 control objectives, and the goal is to set a target profile and move 108 control objectives from 1 to 5 on the CMMI. It's possible to set out a strategy where you achieve target profile #1 initially, the Target Profile in 12 months, Target Profile #3 in 24 months, and finally, Target Profile #4 in 36 months. BTW: Your organization may not need to achieve Target Profile #4. The Target Profile goal depends on your organization's role within USA Critical Infrastructure. I hope this explains the NIST CSF adoption process. Sincerely, Mark.

@@mbernard9456 thank you, Mark! Do you sell any tools or tracking sheets for this?

​@mbernard9456 I'm still confused. You see, with CIS controls for example, I know there is IG1, IG2, and IG3. So when I'm selecting, I know which controls applies to me. On the contrary with CSF, it still seem confusing. Are there certain controls that correspond to the tier levels 1 -4? Pls explain to me like a 5 year old.

You are very welcome Jean! Please keep in touch by subscribing I have new material coming soon.

Thank you Balaji ;)

Thank you C Davis 😊

Thank you, Optimus! I hope so too... please help by sharing.

Thank you, Optimus! Please share! ;-)

Thank you Hiriadka! I really appreciate your feedback.

I hope very soon! Thank you for your comments - please subscribe, like, and share! ;-)

@@Cyber_security_COE thank you so much for the knowledge you shared. I didn't find the lesson from 9-23.

Thank you Sagar! Please share.

Also straight after that its Virtual LAN not Virtual Logical network :) (don't mean to criticize and thanks for the vids!)

Just watched further and you clear it up! Nice thanks!

Confidential to me and the people I share it with and my subscribers can share the links freely. My materials are not for downloading copying and redistribution under another name which is why the confidential label has been applied.

Thank you Zohaib! I created my first playlist and learned a lot about the process so I can make more. Thank you for the encouragement. ;-)

Thank you Numan. I appreciate you taking the time to watch my video and share your comments. ;-)

Thank you Shak! I am happy that you found it useful.

Glad it was helpful!

Thank you for that suggestion. I am looking at making playlists. Do you have any suggestions regarding their design or focus?

@@Cyber_security_COE If you can create separate playlist for ISO 27001, it'll be great. I have gone through one lecture and it's been explained very well. If someone not having prior experience will watch these vedios will be quite helpful. Please make a vedio risk assessment considering an organizations scenario, I've studied many books and articles but it's quite difficult to relate as that content is generic. Many thanks!

@@SundasLatif Thank you, Sundas. Great feedback. I will be creating a playlist for ISO 27001 and NIST CSF. I am trying to clean up and re-organize as I go, so the playlist has a logical flow of content. I will create a new risk management slide deck covering the top to bottom of the RM process to help connect the dots. I have case studies from my course content.

@@Cyber_security_COE Waiting for RM, and thanks for considering feedback.