What IS program evaluations is everyone using to evaluate their cyber-hygiene?

1.9k views1 Upvote3 Comments

Director of IT in Manufacturing, 5,001 - 10,000 employees
I recommended to evaluate  cyber-hygiene, please use ISO 27001 framework to implement your IT Management system
Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech, Self-employed
This really depends upon what sector the company is, legal contract requirements, if you are global, size, etc. As a whole NIST CSF makes it easier to communicate with a variety of departments and business leaders. That is normally couples with for example Healthcare requires, PCI, if government services NIST 800-171, you see it used with CIS. Healthcare I use NIST CSF with HITRUST as an example. The government is usually NIST 800-53 or NIST 800-171 and NIST CSF for ease of communication. Startups NIST CSF and you may have PCI similar added. The EU likes ISO. There are great crosswalks out there so it doesn't have to be cumbersome knowing where the company stands in each one. Like I said, there are many factors. Start my knowing what the business is in business to do, what client contracts require, and future roadmap for the business. That will help narrow down what the company is obligated to be in compliance.
Chief Technology Officer in Media, 2 - 10 employees
Many organizations are employing IS program evaluations to assess their cyber-hygiene, often utilizing frameworks like NIST Cybersecurity Framework or CIS Controls to ensure robust security practices and compliance with industry standards.

Content you might like

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
41.1k views131 Upvotes319 Comments