Lester Godsey, Chief Information Security Officer, City of Mesa, Arizona

A Framework Provides a Baseline for Security that Supports Business Goals

  • Most businesses use the framework as a guideline to decide which controls and practices are most important to their business.
  • The security metrics you measure and that map to framework controls are really driven by top-down business considerations.

“If management requests something that deviates from standards associated with the framework, then the framework is a good starting point for discussing that idea.”

Lester Godsey, Chief Information Security Officer (CISO) for the City of Mesa, says there are several distinct benefits to adopting a security framework:

  • “A security framework is another way of establishing a baseline of what’s acceptable in your organization,” says Godsey. And if there’s a request for a mitigating control, the framework gives you a context for discussing the value and impact of that control.

This is an excerpt from Economic, Operational and Strategic Benefits of Security Framework Adoption. The eBook was generously sponsored by Tenable.