What IS program evaluations is everyone using to evaluate their cyber-hygiene?
Sort By:
Oldest
Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotecha year ago
This really depends upon what sector the company is, legal contract requirements, if you are global, size, etc. As a whole NIST CSF makes it easier to communicate with a variety of departments and business leaders. That is normally couples with for example Healthcare requires, PCI, if government services NIST 800-171, you see it used with CIS. Healthcare I use NIST CSF with HITRUST as an example. The government is usually NIST 800-53 or NIST 800-171 and NIST CSF for ease of communication. Startups NIST CSF and you may have PCI similar added. The EU likes ISO. There are great crosswalks out there so it doesn't have to be cumbersome knowing where the company stands in each one. Like I said, there are many factors. Start my knowing what the business is in business to do, what client contracts require, and future roadmap for the business. That will help narrow down what the company is obligated to be in compliance.Chief Technology Officer in Mediaa year ago
Many organizations are employing IS program evaluations to assess their cyber-hygiene, often utilizing frameworks like NIST Cybersecurity Framework or CIS Controls to ensure robust security practices and compliance with industry standards.