Does anyone have suggestions for research sources or templates for a Cyber Risk Governance Framework? I'm looking for resources to create a board-level document outlining our organization's governance processes and practices.

Security Strategy & RoadmapSecurity & GRC
12.1k views14 Comments
Sort By:
Oldest
VP of IT in Softwarea year ago
I don't have direct experience but I have heard that some customers use Artic Wolf.
1
SVP - Software Engineering in Finance (non-banking)a year ago
NIST is pretty good and I have used resources from InfoTech for some helpful frameworks when you don’t have something on hand
Mission Diplomatic Technology Officer in Governmenta year ago
Generally NIST comes top of mind. But I have also heard COBIT for best overall governance while taking training.

Governance is one of those principles that I’ve always struggled with as the technologist. Specifically governance set X policy, but 1000 customers a day are frustrated with the ‘limits’ while the technologist comply with a policy. Some of the motivations do not appear aligned to data. Maybe more linked to karmas from a past compromise. However, one of the best forms of government I have experienced at a Director level was a C level created ITEC governance group inviting deputy chair and voters from the 35+ other business units. It is messy. More transparent. But a bit like politics where we can remained the customer that their leadership is a member of the council.
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Head of Information Security in Services (non-Government)a year ago
Agree with NIST- Identify, Detect, Protect, Respond, Recover is an easy way to depict and describe.
Chief Information Security Officer in Healthcare and Biotecha year ago
NIST is good and well-tested. 

Content you might like

What’s on your IAM roadmap for the next 18-24 months?

Identity & Access Management (IAM)Threat & Vulnerability ManagementSecurity Strategy & Roadmap
Director of IT in IT Services4 days ago
Implementation of Zero trust architecture, its modules across the organisation is a priority for us. So, we will be implementing zero trust strategies in IAM, inline with overall strategy.
1.4k views1 Comment

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

How can CISOs influence (or perhaps even contribute to) the business’s AI adoption strategy?

Security Strategy & RoadmapSecurityDisruptive & Emerging Technologies+3 more
CISO in Manufacturinga month ago
CISOs have a unique opportunity to proactively shape their organization's AI adoption strategy, Because AI adoption is either in the process of emerging or companies that have already gone down a path are readjusting their ...read more
1
Read More Comments
701 views6 Comments

What's a greater concern for returning to the office? Comment how you are prioritizing...

People & LeadershipStrategy & ArchitectureCloud+29 more

Human Factors (fears, mental health, physical spacing)85%

Technical / IT Factors (on-premise tools, pivoting back away from remote)14%

3.7k views3 Upvotes2 Comments