With a Framework, You Make Security Decisions Based on Collective Knowledge
- A security framework enables you to build a process for making cyber risk decisions based on a collective body of knowledge.
- One of the key elements in selecting a security framework is its ability to adapt to the business at hand. Flexibility is important.
“It gives you a basis for describing the same risk whether you are talking to IT people or boardroom decision makers.”
With a large portion of its revenue-generating activities directly tied to online processes, Copart depends on an IT infrastructure that is perfectly adapted to its needs. “For us, it’s all about availability and reliability, because that’s critical to the business,” says Joshua Danielson, the chief information security officer (CISO) at Copart. When he joined the company, which is a provider of online vehicle auction and remarketing services, it had an effective security program that was adequately serving the IT infrastructure, but part of the challenge was justifying it to non-technical business stakeholders. “There’s no way you can throw a 50-page security program document at the C-level folks and expect them to absorb it,” he says.