What IS program evaluations is everyone using to evaluate their cyber-hygiene?

2.1k views1 Upvote2 Comments

Sort by:

Chief Technology Officer in Media2 years ago

Many organizations are employing IS program evaluations to assess their cyber-hygiene, often utilizing frameworks like NIST Cybersecurity Framework or CIS Controls to ensure robust security practices and compliance with industry standards.

Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech2 years ago

This really depends upon what sector the company is, legal contract requirements, if you are global, size, etc. As a whole NIST CSF makes it easier to communicate with a variety of departments and business leaders. That is normally couples with for example Healthcare requires, PCI, if government services NIST 800-171, you see it used with CIS. Healthcare I use NIST CSF with HITRUST as an example. The government is usually NIST 800-53 or NIST 800-171 and NIST CSF for ease of communication. Startups NIST CSF and you may have PCI similar added. The EU likes ISO. There are great crosswalks out there so it doesn't have to be cumbersome knowing where the company stands in each one. Like I said, there are many factors. Start my knowing what the business is in business to do, what client contracts require, and future roadmap for the business. That will help narrow down what the company is obligated to be in compliance.

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

If two RFP bids are neck-to-neck on core requirements, which factor becomes the ultimate tie-breaker?

Proven outcomes – Documented success stories and measurable KPIs39%

Implementation confidence – Detailed plan, risk mitigation, and resource readiness45%

Total cost – Clear TCO, price protections, and exit terms38%

Innovation & future readiness – Ability to scale, adapt, and support emerging needs16%

Vendor relationship strength – Cultural fit, governance model, and executive commitment13%

View Results

What topics would you like to learn more about / be most likely to attend a webinar on?

Ransomware / Malware / Phishing36%

Privacy27%

Cloud Security57%

Network Security36%

Zero Trust vs. VPN34%

Remote Workforce Security26%

Seamless User Experience15%

Legal and Regulatory Compliance7%

View Results

I would like to hear from others that have implemented SailPoint Identity Security Cloud how they staffed after go-live and skills needed. Were there added duties, change in roles, etc. We have provisioners currently and going live with ISC in a few weeks. I am looking ahead to where I can implement role changes with the team. Any help would be appreciated.

Our organization is subject to data retention requirements over very long periods (50 years or more). Do your organizations face similar constraints? If so, what long-term retention strategy have you implemented for these regulated data, and what technologies or solutions do you use to ensure their durability and compliance?

What IS program evaluations is everyone using to evaluate their cyber-hygiene?

Sort by:

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

If two RFP bids are neck-to-neck on core requirements, which factor becomes the ultimate tie-breaker?

What topics would you like to learn more about / be most likely to attend a webinar on?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go