If you get hired by an SMB and you’re the company’s first/only security practitioner, where should you start? (Should you focus on SANS top 20 controls? Or start with the NIST framework?)
Sort By:
Oldest
Director of Information Security4 months ago
I would prefer to start with NIST framework to ensure comprehensive design of cybersecurity practice across the security with objective set to achieve business goals. Will need to first create the roadmap and structure to enhance security across the organization.Principle Consultant in IT Services3 months ago
I love NIST frameworks, but if you are just getting started, I prefer "Protecting Sensitive and Personal Information from Ransomware" from CISA as most organizations can get behind protecting against Ransomware. Check out https://www.cisa.gov/resources-tools/resources/protecting-sensitive-and-personal-information