Does anyone have suggestions for research sources or templates for a Cyber Risk Governance Framework? I'm looking for resources to create a board-level document outlining our organization's governance processes and practices.
Sort By:
Oldest
VP of IT in Softwarea year ago
I don't have direct experience but I have heard that some customers use Artic Wolf.SVP - Software Engineering in Finance (non-banking)a year ago
NIST is pretty good and I have used resources from InfoTech for some helpful frameworks when you don’t have something on handMission Diplomatic Technology Officer in Governmenta year ago
Generally NIST comes top of mind. But I have also heard COBIT for best overall governance while taking training. Governance is one of those principles that I’ve always struggled with as the technologist. Specifically governance set X policy, but 1000 customers a day are frustrated with the ‘limits’ while the technologist comply with a policy. Some of the motivations do not appear aligned to data. Maybe more linked to karmas from a past compromise. However, one of the best forms of government I have experienced at a Director level was a C level created ITEC governance group inviting deputy chair and voters from the 35+ other business units. It is messy. More transparent. But a bit like politics where we can remained the customer that their leadership is a member of the council.
Head of Information Security in Services (non-Government)a year ago
Agree with NIST- Identify, Detect, Protect, Respond, Recover is an easy way to depict and describe.Chief Information Security Officer in Healthcare and Biotecha year ago
NIST is good and well-tested.