You’ve Been Framed! Using Frameworks to Improve and Defend your Security Program

Date: May 30, 2019

Recorded May 30, 2019 at 1 P.M. EST

The majority of organizations that are in the process of building a security program are starting with a security framework. Frameworks seek to provide a reference for planning but also ensure that an organization can benefit from the learnings and successes of the security community at large. The problem is that each one uses different terminology and has different approaches to getting desired outcomes, which makes comparisons difficult.

Maturity, tiers, levels, and conformity, oh my!

In this webinar, we will discuss the different frameworks and standards that are often used to guide Information Security programs, including the ISO 27000 family, NIST Cybersecurity Framework, NIST 800 series, PCI DSS, and CIS Top 20.

How do I show progress and gain budget?  

As security continues to grow as a large risk to organizations, executives and board members are sharing notes about their security challenges. Often, there is still no enterprise risk function to align to, so it falls on the security team to demonstrate maturity in their programs and give executives the information they need to make decisions. In order to be in a defensible position, security professionals must use the frameworks properly to gain critical resources and enable value creation.

Choosing the right framework—which is the one true path?

It is important to understand the pros and cons of each, even if you have already started with one. With combined decades of experience, Director of Practice Development Steve Marchewitz and GRC Practice Lead Alex Hamerstone have seen how countless organizations have applied these standards and frameworks. They will provide their insight into what they have seen work well in different industries and situations, as well as some of the challenges they have seen organizations go through. We will strive to make an often-dry subject interesting, and—dare we say—even fun!