Paul Heffernan: Framework Benefits Tie Back to Reasons for Framework Adoption
The framework enables you to know what your partners and suppliers are doing in their security practice, and it makes it easier for suppliers to comply with your requirements. If it is taken seriously in the organization and given the proper resources, a security...
Nir Yizhak: Framework as an Instrument of Change
It’s not just the business that benefits from adopting a security framework. Customers benefit too, because the framework helps them meet their own legal and risk management obligations. With security embedded into many aspects of the business, a framework can...
Lee Eason: Frameworks Guide Both Product Development and Customer Engagement
As more security controls are managed at the app level, developers take on primary responsibility for creating processes that manage those controls. The development playbook, based on standards frameworks, presents security standards in a language developers...
Lee Bailey: A Framework Can Align Security Objectives with Business Goals
Implementing a framework forces you to make decisions about what your greatest risks are and what you need to protect most. Embedding security into business operations enables you to align security benefits with business benefits. "The framework helps drive alignment...
Lester Godsey: A Framework Provides a Baseline for Security that Supports Business Goals
Most businesses use the framework as a guideline to decide which controls and practices are most important to their business. The security metrics you measure and that map to framework controls are really driven by top-down business considerations. “If management...
Alex Wood: Mapping Risk Directly to Framework Controls
A security framework provides a way to qualitatively and quantitatively talk about security, whether it relates to practices, budget discussions, or regulatory issues. With a security framework, it becomes possible to map specific IT risks to specific framework...
Tenable: Economic, Operational and Strategic Benefits of Security Framework Adoption
The book includes insights from the following experts: Alex Wood, PulteGroup, Inc, VP, Information Security/Chief Information Security Officer, Mapping Risk Directly to Framework Controls >> Arlie Hartman, KAR Auction Services, Inc,...
Alex Wood: You Must Recognize Hidden Costs and Hidden Risks
Having more mature security processes in place puts you in a better position to define who’s responsible for what in this extended infrastructure. Any time you collect customer data, regardless of who your cloud provider is, you are still responsible for making sure...
Joshua Danielson: Automated Processes Become Your Configuration Items
First identify business objectives you want to meet by moving to the cloud. This will lead you to the kind of cloud partners you should look for, and the services you need from them. In an on-premises data center you might do a quarterly vulnerability audit. In a...
Jamie Norton: Dynamic Assets Require Continuous Monitoring
Automatic vulnerability scanning is commonly integrated into an agile app development process, but it does not end there. Many apps have built-in controls and self-validation routines. With literally billions of thinly secured connected things plugged into networks...