What IS program evaluations is everyone using to evaluate their cyber-hygiene?

Security & GRCAwareness & TrainingSecurity Frameworks (NIST, CIS, CSF)
2.1k views1 Upvote2 Comments
Sort By:
Oldest
Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotecha year ago
This really depends upon what sector the company is, legal contract requirements, if you are global, size, etc. As a whole NIST CSF makes it easier to communicate with a variety of departments and business leaders. That is normally couples with for example Healthcare requires, PCI, if government services NIST 800-171, you see it used with CIS. Healthcare I use NIST CSF with HITRUST as an example. The government is usually NIST 800-53 or NIST 800-171 and NIST CSF for ease of communication. Startups NIST CSF and you may have PCI similar added. The EU likes ISO. There are great crosswalks out there so it doesn't have to be cumbersome knowing where the company stands in each one. Like I said, there are many factors. Start my knowing what the business is in business to do, what client contracts require, and future roadmap for the business. That will help narrow down what the company is obligated to be in compliance.
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Chief Technology Officer in Mediaa year ago
Many organizations are employing IS program evaluations to assess their cyber-hygiene, often utilizing frameworks like NIST Cybersecurity Framework or CIS Controls to ensure robust security practices and compliance with industry standards.

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

What cybersecurity topics do you think are critical for CIOs to be more involved in, even in orgs that have a CISO?

Relationship ManagementSecurity & GRCSecurity Strategy & Roadmap+1 more
Director of IT in Healthcare and Biotech9 days ago
Cybersecurity governance and risk management (setting up monitoring of emerging threats), data protection and privacy compliance (standardize on data protection across all channels), incident response and recovery planning ...read more
Read More Comments
1.3k views3 Comments

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
Director of Information Security9 days ago
We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this ...read more
Read More Comments
364 views3 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote