A lot of organizations create policies, strategies and architecture up front, and then struggle to map an assessment process to the structures that have been created. By basing the structures on the assessments you can get a head start and have better luck tying everything together.
I will walk through NIST CSF 2.0 and will explain my reasoning behind trimming the set of controls down to create a "Bonehead CSF".
The people behind standards and frameworks have spent Thousands of hours to make sure that their structures are as complete as possible.
Why not use this to our favor when we author governance documentation?
A new dimension in Cybersecurity.
By looking at different properties of controls more standalone we are able to reduce the control set drastically, and the resulting analysis gives very clear guidance in priorities, recommendations and how a strategic roadmap may look.
Yeah, I'm going to write about that too.
80/20 Cybersecurity
Copyright © 2023 80/20 Cybersecurity
Powered by GoDaddy