Security Program Framework

#1

What framework are you basing your security program? I am trying to suggest the use of the CIS Critical Control framework due to its excellent mapping to other compliance requirements.

0 Likes

#2

I recommend the NIST Cyber Security Framework to my current/former clients. It maps to almost everything.
It was also recently updated to version 1.1 - available here:

Incidentally, AuditScripts has a nice security control cross-mapping spreadsheet that includes almost all US and many international control standards. You can download it here:
https://www.auditscripts.com/download/2742/

0 Likes

#3

I love the work from Auditscripts! The CSF is one of my other favorites, but I am partial to the CIS.

0 Likes

#4

If you like the CIS controls, then you might also want to check out the new Secure Controls Framework. Its in Beta, but is still useful.
https://drive.google.com/open?id=1xLfY4uI88K2AiA1mosWJ7jFyP100Jv5d

There is a small amount of overlap with CIS, but quite a bit of it is unique.
They seem to be trying to incorporate various best practices with security controls frameworks… which seems like a good idea in my book.
What I really like about it is that they show what is needed to meet the control objective; be it various corporate programs or steering committees, policies, metrics, etc.

0 Likes

unlisted #5
0 Likes

listed #6
0 Likes