Access your Pro+ Content below.
Fitting cybersecurity frameworks into your security strategy
This article is part of the Information Security issue of August 2019, Vol. 20, No. 3
The development of new cybersecurity frameworks has increased dramatically over the past few years. It wasn't too long ago that the choice of frameworks was limited to NIST Special Publication (SP) 800-53 or the International Organization for Standardization (ISO) 27000 series. There are now a multitude of potential options that can range from general security requirements to detailed controls for specific industry verticals. Many frameworks are still available for free, while some have moved to subscription fees and expensive certification programs. Frameworks have evolved to fill the niche requirements of any organizational security program. The wide range of available options could make it difficult for any CISO to select a framework for their security organization. However, the deciding factors are not usually technical in nature. Most of these new cybersecurity frameworks have common controls and technical requirements. The biggest differences involve how the frameworks can be integrated into overall business goals and ...
Features in this issue
IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets.
IoT's vast vendor landscape drives innovation, but working with so many third parties also comes with baggage in the form of third-party cybersecurity issues.
Whatever an organization's culture, effective use of a security framework requires understanding business goals and program metrics, and demands leadership communication.
News in this issue
IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle.
Columns in this issue
For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way.
The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change.