Security Frameworks (NIST, CIS, CSF)
Community Posts
What frameworks are you using for AI risk management?
We have a new GRC tool and we're selecting frameworks like NYDFS, SOC2, NIST CSF, COSO, etc. We have financial, IT, and operational controls. What frameworks are other companies implementing with their GRC tools to map operational controls?
Our organization is embarking on ISO certification for security and privacy in the cloud. We are looking for best practices to implement ISO whilst being mindful of the rigor needed to manage with multiple standards. From our initial review we were informed of BSI's PAS 99 and wanted to understand: 1. Pros and Cons 2. Adoption i.e. has it been widely adopted across business landscape, specifically in the insurance sector embarking on ISO certifications? 3. Are there alternatives or best practice recommendations when embarking on cloud ISO security and privacy certifications? Also, we understood that the current certification I.e. ISO/IEC 27017:2015 looks to be replaced by ISO/IEC DIS 27017 - Information security, cybersecurity and privacy protection — Information security controls based on ISO/IEC 27002 for cloud services. Do you recommend waiting for the revision in its current stage or progress with the incumbent certification and have a subsequent review once the new version is published?
Is the NIST indicator of one company comparable to the NIST indicator of another company in a different industry?
Limited resources11%
Siloed data40%
Lack of leadership23%
Poor data quality & context18%
Lack of data control5%
Other (please explain in the comments)
Corporate culture has no influence on digital security.15%
Prioritizing digital security above other aspects in corporate culture.50%
Creating a work environment that supports mental well-being.18%
All of the above.16%
Your own perspective (Comment).1%
Drata5%
Vanta20%
Secureframe17%
KnowBe414%
Ostendio9%
AuditBoard4%
Something else -- I'll tell you in the comments6%
We’re not using a GRC platform22%