What IS program evaluations is everyone using to evaluate their cyber-hygiene?

Security & GRCAwareness & TrainingSecurity Frameworks (NIST, CIS, CSF)
1.9k views1 Upvote3 Comments
Director of IT in Manufacturing, 5,001 - 10,000 employees
I recommended to evaluate  cyber-hygiene, please use ISO 27001 framework to implement your IT Management system
Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech, Self-employed
This really depends upon what sector the company is, legal contract requirements, if you are global, size, etc. As a whole NIST CSF makes it easier to communicate with a variety of departments and business leaders. That is normally couples with for example Healthcare requires, PCI, if government services NIST 800-171, you see it used with CIS. Healthcare I use NIST CSF with HITRUST as an example. The government is usually NIST 800-53 or NIST 800-171 and NIST CSF for ease of communication. Startups NIST CSF and you may have PCI similar added. The EU likes ISO. There are great crosswalks out there so it doesn't have to be cumbersome knowing where the company stands in each one. Like I said, there are many factors. Start my knowing what the business is in business to do, what client contracts require, and future roadmap for the business. That will help narrow down what the company is obligated to be in compliance.
Chief Technology Officer in Media, 2 - 10 employees
Many organizations are employing IS program evaluations to assess their cyber-hygiene, often utilizing frameworks like NIST Cybersecurity Framework or CIS Controls to ensure robust security practices and compliance with industry standards.

Content you might like

So far this year, $210 Million worth of ransomware payments have been tracked by analytics firm Chainalsyis. How much will have been spent in ransomware transactions by the end of the year?

Governance, Risk & ComplianceSecurity & GRCRisk Management+7 more

$300 - $400 Million30%

$401 - $500 Million45%

$501-$600 Million6%

$600 Million +7%

Unsure11%


175 PARTICIPANTS
490 views

A recently reported security vulnerability in Microsoft's MSHTML browser engine is being detected all over the world. It affects everyone with a Windows machine of any kind, as it's based on the victim opening an infected MS document attachment. Has your organization been targeted by this attack in the last 3 months?

Security & GRCThreat & Vulnerability ManagementNews

Yes55%

No32%

Unsure12%


514 PARTICIPANTS
1.4k views1 Upvote

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
41.1k views131 Upvotes319 Comments

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRCThreat & Vulnerability Management
Read More Comments
2.8k views5 Upvotes5 Comments

Any recommendations on OT security product? I tried pushing Crowdstrike but it wasn't approved by OEMs. Other two are Claroty and Nozomi. Any feedback either on above two or any other as per your experience?

Security & GRCStrategy & Architecture
Read More Comments
1.8k views1 Upvote2 Comments