After this lesson, you will be able to: Apply all five (six) functions to a real scenario, and crosswalk to ISO 27001 / CIS Controls.
Capstone lesson. Take a fictional org, walk every function, identify maturity gaps, and translate to ISO 27001 + CIS Controls language for stakeholders who use those frameworks.
FinTech startup, 50 employees, processes payment cards. Recently moved to AWS. No formal security program. CEO wants 'something compliant'.
Identify. Asset inventory? Probably no. SaaS list? Maybe. Vendor list? Yes (procurement).
Protect. MFA enforced? Probably partial. Patching? Auto in cloud, manual on laptops.
Detect. Logs centralized? Often no. SIEM? Probably no.
Respond. IR plan? Likely not.
Recover. Backups? Probably yes (cloud-managed). Tested restore? Probably no.
Govern. CISO? Probably not. Policies? Sparse.
Quarter 1. MFA, asset inventory, IR plan draft. Q2. SIEM, patch SLA, vendor reviews. Q3. IR exercise, training program, SOC 2 readiness. Q4. SOC 2 Type 1, lessons learned.
Pick.
Sign in and purchase access to unlock this lesson.