PRO+ Premium Content/Information Security
Access your Pro+ Content below.
Fitting cybersecurity frameworks into your security strategy
This article is part of the Information Security issue of August 2019, Vol. 20, No. 3
The development of new cybersecurity frameworks has increased dramatically over the past few years. It wasn't too long ago that the choice of frameworks was limited to NIST Special Publication (SP) 800-53 or the International Organization for Standardization (ISO) 27000 series. There are now a multitude of potential options that can range from general security requirements to detailed controls for specific industry verticals. Many frameworks are still available for free, while some have moved to subscription fees and expensive certification programs. Frameworks have evolved to fill the niche requirements of any organizational security program. The wide range of available options could make it difficult for any CISO to select a framework for their security organization. However, the deciding factors are not usually technical in nature. Most of these new cybersecurity frameworks have common controls and technical requirements. The biggest differences involve how the frameworks can be integrated into overall business goals and ...
Features in this issue
-
New tech steers identity and access management evolution
IAM is evolving to incorporate new technologies -- like cloud-based services and containerization -- promising more secure, granular management of access to company IT assets.
-
IoT cybersecurity: Do third parties leave you exposed?
IoT's vast vendor landscape drives innovation, but working with so many third parties also comes with baggage in the form of third-party cybersecurity issues.
News in this issue
-
Is your identity management up to the task?
IAM is an organization's best defense for its weakest link, end users. Make sure you're following the right framework and keeping your tools honed and ready for battle.
Columns in this issue
-
For board of directors, cybersecurity literacy is essential
For boards of directors to meet their business goals, CISOs need a seat at the table. Through her initiative BoardSuited, Joyce Brocaglia aims to pave the way.
-
The must-have skills for cybersecurity aren't what you think
The most critical skills that cybersecurity lacks -- like leadership buy-in, people skills and the ability to communicate -- are not the ones you hear about. That needs to change.