The book includes insights from the following experts:
- Alex Wood, PulteGroup, Inc, VP, Information Security/Chief Information Security Officer, Mapping Risk Directly to Framework Controls >>
- Arlie Hartman, KAR Auction Services, Inc, Information Security Architect, Applying a Security Framework to a Changing Infrastructure >>
- Avinash Tiwari, Ocwen Financial Corporation – US, Senior Manager – Information Security, Frameworks Provide Many Benefits, but Implementation Is Key >>
- Caleb Sima, Capital One, Managing Vice President, Security, Building a Security Framework: An Enterprise-Wide Endeavor >>
- Carlos Lerma, Beam Suntory Inc, Senior Information Security Architect, Frameworks Strengthen a Collaborative Security Process >>
- Chad Lorenc, Keysight Technologies, Sr. Infrastructure Security Architect, When Customers Require Compliance with Security Frameworks >>
- Curtis Letson, SANS, Director, IT Operations & Security, Security Frameworks Provide a Common Language >>
- Daniel Cisowski, Vorwerk Group, Corporate Information Security Officer, Even for Sophisticated Companies, Frameworks Help With Navigation and Priority Setting >>
- Eric Bedell, MUFG, Chief Information Security Officer, The Framework Provides a Common Language for a Global Company >>
- Oren Ben Shalom, Tel Aviv University, CISO, Security Frameworks Require High-Level Collaboration >>
- Paul Heffernan, Unipart Group, Group Chief Information Security Officer, Framework Benefits Tie Back to Reasons for Framework Adoption >>
- Russ Kirby, Creditsafe, CISO, Adapt the Framework to the Business, not the Business to the Framework >>
- Scott Estes, Dycom Industries, Inc., Director – IT Infrastructure and Security, A Security Framework Makes the Business Viable >>
- Tero Lampiluoto, Outokumpu, Chief Information Security Officer, A Framework Can Streamline Vendor Onboarding >>
- Erik Blomberg, Handelsbanken, Head of Information- & IT-security, Frameworks Can Play a Role in Building Customer Confidence and Transparency >>
- Floyd Fernandes, CBS Interactive, Vice President & Chief Information Security Officer, Security Frameworks Must Serve Business Objectives >>
- Gary Hayslip, Webroot Inc., Vice President & CISO, Frameworks Provide an Excellent Way to Understanding Risk >>
- Javed Ikbal, Bright Horizons Family Solutions, Vice President Information Security, Risk Management & Compliance CISO, Use a Framework to Map Client Requirements to Your Security Practices >>
- Jayesh Patel, Save the Children International, Head of Global InfoSec / CISO, Security Frameworks Require a Focused, Dedicated Approach >>
- Joshua Danielson, Copart, Chief Information Security Officer, With a Framework, You Make Security Decisions Based on Collective Knowledge >>
- Kalpesh Doshi, Capgemini, CISO – APAC | Group IT, A Framework Is a Foundation >>
- Lee Bailey, ABC Fine Wine & Spirits, IT Director, Security & Operations, A Framework Can Align Security Objectives with Business Goals >>
- Lee Eason, Ipreo, Director of DevOps, Frameworks Guide Both Product Development and Customer Engagement >>
- Lester Godsey, City of Mesa, CISO, A Framework Provides a Baseline for Security that Supports Business Goals >>
- Luis Brown, CNM Community College, Chief Information Security Officer, Frameworks Need to Adapt >>
- Nir Yizhak, Micro Focus, SaaS CISO, Framework as an Instrument of Change >>
- Ole Frandsen, ISS A/S, Group CISO and Head of Group Information Security, A Framework Enables a Consistent Security Practice in an Extended Global Enterprise >>
Economic, Operational and Strategic Benefits of Security Framework Adoption was generously sponsored by Tenable.
Not so many years ago, a standard security framework was something that large enterprises implemented. Most small and midsized organizations, particularly those in unregulated industries, cobbled together security strategies based on best practices that seemed important to them. More recently, however, security frameworks have gone mainstream. This is driven in part by the growth of cybercrime, a more demanding regulatory environment, and the increased complexity of the IT infrastructure. With all this newfound enthusiasm for security frameworks, how have businesses actually benefited by adopting them?
With generous support from Tenable, we set out to discover the answers by asking 30 security experts from a wide range of industries and regions around the world the following question:
What are the business and security benefits that come from adopting a security framework?
In our discussions with the experts, we found that benefits relate to motivations for adopting a framework in the first place. Some businesses have legal requirements to show compliance with standards. For them, non-compliance is itself an important risk factor. Many businesses adopt frameworks to prove to their customers they are a safe business partner. But for all of them, the benefits typically run deeper and become embedded in the culture of their operation. We identified many businesses that take creative approaches to framework adoption, along with some good tips on how to sell management on the need for a framework. And once you win that battle, then the real work begins.
Whether you are considering adopting a framework, or you have already implemented a framework and are facing an ever-changing security and regulatory landscape, I’m sure you will gain useful insights from these experts.