https://community.isc2.org/t5/Governance-Risk-Compliance/Zero-Trust-Architecture-ISO-vs-MITRE-ATTACK/m-p/73533#M1206 <P>Hi Caute,</P><P>&nbsp;</P><P>Thank you for the great resource. I have a question: what are your thoughts on adding AI-based network detection and response to NIST 800-53 and the MITRE framework? Is it feasible for SMBs to do that, though? Thank you in advance.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 02 Sep 2024 19:07:37 GMT CST71 2024-09-02T19:07:37Z https://community.isc2.org/t5/Governance-Risk-Compliance/Zero-Trust-Architecture-ISO-vs-MITRE-ATTACK/m-p/73282#M1202 <P>Hi All</P><P>&nbsp;</P><P>A great resource:</P><P>&nbsp;</P><P><A href="https://jasonlayton.com/cybersecurity/8-2024/zero-trust-architecture-iso-vs-mitre-attack" target="_blank">https://jasonlayton.com/cybersecurity/8-2024/zero-trust-architecture-iso-vs-mitre-attack</A></P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Wed, 21 Aug 2024 02:48:34 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Zero-Trust-Architecture-ISO-vs-MITRE-ATTACK/m-p/73282#M1202 Caute_cautim 2024-08-21T02:48:34Z https://community.isc2.org/t5/Governance-Risk-Compliance/Zero-Trust-Architecture-ISO-vs-MITRE-ATTACK/m-p/73533#M1206 <P>Hi Caute,</P><P>&nbsp;</P><P>Thank you for the great resource. I have a question: what are your thoughts on adding AI-based network detection and response to NIST 800-53 and the MITRE framework? Is it feasible for SMBs to do that, though? Thank you in advance.</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 02 Sep 2024 19:07:37 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Zero-Trust-Architecture-ISO-vs-MITRE-ATTACK/m-p/73533#M1206 CST71 2024-09-02T19:07:37Z https://community.isc2.org/t5/Governance-Risk-Compliance/Zero-Trust-Architecture-ISO-vs-MITRE-ATTACK/m-p/73882#M1208 <P><a href="https://community.isc2.org/t5/user/viewprofilepage/user-id/530537555">@CST71</a>&nbsp;&nbsp;&nbsp;&nbsp; First of all apologies for my tardy response - I was changing organisations and going through the disruption process of handing back equipment and being terminated as one should be when you leave one organisation and go to another.</P><P>&nbsp;</P><P>My thoughts, a good idea - depending on what perspective you are coming from - from a Cloud Provider perspective, they are likely to add it as a service or a feature.&nbsp;&nbsp; Azure Well Architected Framework - provides a self assessment tool, as long as you enable the paid subscription version of Defender for Cloud.&nbsp;&nbsp;</P><P>&nbsp;</P><P>Given the availability of various AI models, it would not surprise me that will feed NIST SP800-53 and compare with the MITRE framework and experiment with it.&nbsp;&nbsp; Early models would have to be thoroughly tested to ensure they work corrected or adjusted accordingly.</P><P>&nbsp;</P><P>Regards</P><P>&nbsp;</P><P>Caute_Cautim</P> Tue, 17 Sep 2024 02:48:27 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Zero-Trust-Architecture-ISO-vs-MITRE-ATTACK/m-p/73882#M1208 Caute_cautim 2024-09-17T02:48:27Z https://community.isc2.org/t5/Governance-Risk-Compliance/Zero-Trust-Architecture-ISO-vs-MITRE-ATTACK/m-p/73933#M1209 <P>Hi Caute,</P><P>&nbsp;</P><P>Thank you so much for your response. I hope you are enjoying your new role!</P><P>&nbsp;</P><P>What I find helpful is your perspective on cloud providers adding AI-based network detection and response as a service or feature.</P><P>&nbsp;</P><P>Thanks again!</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 18 Sep 2024 12:37:34 GMT https://community.isc2.org/t5/Governance-Risk-Compliance/Zero-Trust-Architecture-ISO-vs-MITRE-ATTACK/m-p/73933#M1209 CST71 2024-09-18T12:37:34Z