Lee Eason: Frameworks Guide Both Product Development and Customer Engagement
As more security controls are managed at the app level, developers take on primary responsibility for creating processes that manage those controls. The development playbook, based on standards frameworks, presents security standards in a language developers...
Lee Bailey: A Framework Can Align Security Objectives with Business Goals
Implementing a framework forces you to make decisions about what your greatest risks are and what you need to protect most. Embedding security into business operations enables you to align security benefits with business benefits. "The framework helps drive alignment...
Lester Godsey: A Framework Provides a Baseline for Security that Supports Business Goals
Most businesses use the framework as a guideline to decide which controls and practices are most important to their business. The security metrics you measure and that map to framework controls are really driven by top-down business considerations. “If management...
Alex Wood: Mapping Risk Directly to Framework Controls
A security framework provides a way to qualitatively and quantitatively talk about security, whether it relates to practices, budget discussions, or regulatory issues. With a security framework, it becomes possible to map specific IT risks to specific framework...
Tenable: Economic, Operational and Strategic Benefits of Security Framework Adoption
The book includes insights from the following experts: Alex Wood, PulteGroup, Inc, VP, Information Security/Chief Information Security Officer, Mapping Risk Directly to Framework Controls >> Arlie Hartman, KAR Auction Services, Inc,...
Alex Wood: You Must Recognize Hidden Costs and Hidden Risks
Having more mature security processes in place puts you in a better position to define who’s responsible for what in this extended infrastructure. Any time you collect customer data, regardless of who your cloud provider is, you are still responsible for making sure...
Joshua Danielson: Automated Processes Become Your Configuration Items
First identify business objectives you want to meet by moving to the cloud. This will lead you to the kind of cloud partners you should look for, and the services you need from them. In an on-premises data center you might do a quarterly vulnerability audit. In a...
Jamie Norton: Dynamic Assets Require Continuous Monitoring
Automatic vulnerability scanning is commonly integrated into an agile app development process, but it does not end there. Many apps have built-in controls and self-validation routines. With literally billions of thinly secured connected things plugged into networks...
Russ Kirby: Automate as Many Regularly Occurring Events as Possible
With cloud assets in the infrastructure, you must ensure that service providers are delivering a secure service, and the processes you run there are secure. Whether validating the server image or enforcing proper view and function states, you need to adopt a process...
Michael Capicotto: Protect Modern Assets with Standards and Automation
Businesses can better protect their modern assets by setting standards that apply to a range of technologies and providers. Security automation helps a business keep up with a changing landscape while also increasing its overall security posture. “Security will be...
