Sunday, June 16, 2019 03:45 PM|Sunday, June 16, 2019 04:30 PM
Tutorial: Security Program Management 101 — Pick a Framework, Already
Have you ever questioned the following? -- What Security Framework is appropriate for my enterprise? Can I just align and implement controls found in ISO27001, CIS CSC, HITRUST or NIST CSF? How do I begin to measure my progress in terms of Maturity? How do I map all of this back to my business needs? If so, you are not alone.
Security and Risk Management leaders are often faced with the continuous challenge of developing and (re)shaping their cybersecurity program strategy based on changing business needs and risk appetite. To complement this, leaders are often tasked with picking a defensible framework that aligns with an appropriate controls catalog based on repeatable and scalable processes. However, Gartner Research continues to show a cultural disconnect between foundational elements of program management and changing business needs. This presentation will define the basic elements of a security program , describes the differences between each layer, and tie them into an overall strategy planning process that will ensure a defensible security program that facilitates business needs.