Does anyone use a commercially available Control library and also us the same for audit management/policy and effectiveness metrics. If yes would also like to discuss and brainstorm on how are you using the same for threat modeling and any other area?
Sort By:
Oldest
Head of AI in Finance (non-banking)a year ago
I have some idea around Azure auditing, can brainstorm on your use case.Deputy CISOa year ago
Thanks Avljieet,
would you suggest that the Azure auditing maybe sing something like Sentinel or azure 's other securty tool are an example of control library and can be used in other assessments (as a principle) and in threat model? i reckon the configuration elements might be too specific to Azure? keen to learn and discuss
IT Manager in IT Servicesa year ago
Yes, we use it to quickly assess the security posture of our assets and threat landscape. We also use it to define our policy, develop effective metrics, and then measure and monitor threat mitigation.Deputy CISOa year ago
Thanks Sabir, Could you elaborate a little bit.
Would i right be inferring that there is this list of controls (not oA type) and thier configuration requirement in a xl or a tool/portal and we can map how we fare and even measure against its sucess? Could you suggest a couple of commercial ones you evaluated?