Arlie Hartman: Applying a Security Framework to a Changing Infrastructure
Business value comes from using the framework to demonstrate that you are doing due diligence in a way that can be measured and that drives trust, and trust drives business. Many factors can be considered with a framework, including weighing risk against the cost of...
Oren Ben Shalom: Security Frameworks Require High-Level Collaboration
High-level internal collaboration is necessary for a business to successfully adopt a security framework. The work of improving your security is never done. A CISO must always stay up to date on new threats. “When you have a structure that says the CEO is responsible...
Caleb Sima: Building a Security Framework: An Enterprise-Wide Endeavor
Building a security framework must be a collaborative, organization-wide initiative, demonstrating how each person can do their part to ensure better security. A security framework also demonstrates due diligence and limits liability by making the regulatory process...
Alex Wood: Mapping Risk Directly to Framework Controls
A security framework provides a way to qualitatively and quantitatively talk about security, whether it relates to practices, budget discussions, or regulatory issues. With a security framework, it becomes possible to map specific IT risks to specific framework...
Russ Kirby: Adapt the Framework to the Business, not the Business to the Framework
Choosing a framework often means borrowing from different standards and adapting those to an operational framework designed to serve your business objectives. Adopting a framework that suits your business gives you visibility that enables you to anticipate what will...
Kalpesh Doshi: A Framework Is a Foundation
When you adopt a framework, you’re walking a road that many have walked before you, and they have all shared their experience. Frameworks help clients interpret the results of third-party assessments. If an assessment finds a compliance deviation, the client can...
Ole Frandsen: A Framework Enables a Consistent Security Practice in an Extended Global Enterprise
Without a framework, you have no basis for establishing controls in a consistent way across an extended enterprise. Having a maturity measurement makes it easier to determine where you are in relation to client requirements, and what you must invest to support a...
Javed Ikbal: Use a Framework to Map Client Requirements to Your Security Practices
Adopting a recognized security framework that has been tested and vetted enables a security posture that translates directly to client requirements. A framework serves as a basis for quickly complying with new regulatory requirements without having to start from...
Eric Bedell: The Framework Provides a Common Language for a Global Company
One example of how a framework based on the ISO standard must be modified to meet local compliance requirements is European operations needing to comply with GDPR. When implementing a framework, begin by focusing on goals and data that are most important, deliver on...
Gary Hayslip: Frameworks Provide an Excellent Way to Understanding Risk
Frameworks provide a central gathering point for important questions about the business that must be answered before moving forward. Adherence to a framework helps everyone in the organization see why their part is critical and that the actions they must take are not...