I am writing this in 2024 and automation is the fashionable IT alleged panacea. In my opinion, it’s the automated systems you must monitor even more than non- automated ones. All it takes is for someone to mess with the automated ‘trusted’ systems and processes including the automated alerts that are supposed to flag bad things.
This was very helpful. You have a super super cool channel. I'm looking through all of your videos and I know I'm going to be going through quite a few of them in the near future.
Hi Richard, glad you liked the video! I've added a link NIST's 800-53 webpage in the video description. Let us know if you have any other questions and be sure to check out our other videos!
The level determination must be given by the information system owners... I believe that this example shows how to evaluate the criteria: The risk for a supermarket information system isn't as high as the risk for a bank information system. That said, a Bank information system has to be classified as a High level and the supermarket as moderate/low.