Cybersecurity Frameworks and Governance

What You Need to Know

There are many Cybersecurity frameworks that can be leveraged to help guide your business through all the best practices and recommended controls that should be implemented and followed within an Information Security Program.

Cybersecurity Governance is about the management and oversight of an organization's Information Security or Cybersecurity Program. Governing bodies such as the SEC must ensure financial organizations under their regulation adhere to any Cybersecurity mandates and follow recommendations. Another example would be Federal or State Government Agencies that must comply with the NIST framework to ensure their information and systems are secure.

Here is a list of some of the top Frameworks and Standards. Some listed are the organization or governing body and provide numerous frameworks and/or standards within each.

NIST (Cybersecurity Framework, 800-53, etc.)
ISO 27001/27002
CIS Controls Version 8
SOC 2
PCI-DSS
HITRUST CSF
HIPAA
FedRAMP
NYDFS
SCAP
COBIT
COSO

See the articles below for additional information.

2 days ago

CYBERSECURITY GUIDES

Penetration Testing Guidelines

Has your business conducted a Penetration Test this year? Learn all the key points and objectives of Pen Testing for your business.

Sep 20

CYBERSECURITY GUIDES

Cybersecurity Incident Response Guide, Part 1

The goal of Incident Response is to identify threats, respond quickly before the threat spreads, and remediate before they cause damage.

Sep 5

CYBERSECURITY FRAMEWORKS

Integrating Application Security Practices, Part 1

Security is critical to the software development process. There are many frameworks, such as OWASP, that should be leveraged for this.

Aug 27

CYBERSECURITY FRAMEWORKS

Daily Security Control (DSC) - Use a Passive Asset Discovery Tool

Follow CIS Control 1.5 by using a Passive Asset Discovery Tool to update the company asset inventory and verify accuracy.

Aug 24

CYBERSECURITY FRAMEWORKS

Daily Security Control (DSC) - Use DHCP Logging to Update Asset Inventories

Configure DHCP logging on all DHCP servers or leverage IP address management tools to review and update the company's asset inventory.

Aug 22

CYBERSECURITY FRAMEWORKS

Daily Security Control (DSC) - Utilize an Active Discovery Tool

Utilize an active discovery tool to detect and identify assets/devices connected to the company's network that are unauthorized to do so.

Aug 20

CYBERSECURITY FRAMEWORKS

Daily Security Control (DSC) - Address Unauthorized Assets

Address unauthorized assets that are detected on the company network or connecting to company resources, which is part of CIS Control 01.

Aug 15

CYBERSECURITY FRAMEWORKS

Daily Security Control (DSC) - Manage and Maintain an Asset Inventory

Daily Security Control - Today we cover CIS Control 1.1, Manage and Maintain an Asset Inventory.

Aug 3

CYBERSECURITY GUIDES

Update your password policy following new best practices

The CIS created an excellent Password Policy Guide that all businesses should read through before making any changes to their own policy.

Jul 27

CYBERSECURITY FRAMEWORKS

New Security Directive from the Transportation Security Administration (TSA)

Anyone in critical infrastructure, specifically covered pipelines should be aware of this recent security directive from the TSA.

Jul 17

CYBERSECURITY FRAMEWORKS

New guidance from the SEC proposed for Cybersecurity requirements

The SEC has proposed new guidance formalizing management involvement and expertise around Cybersecurity.

blockchain concept illustration in 3d, connected blocks in blockchain_edited.jpg

Cybersecurity Frameworks and Governance

Check out our Twitter feed!

FOLLOW

FOLLOW