Welcome to the
CyberIQs Knowledge Centre

Technical Security ...
 
Notifications
Clear all

Technical Security Frameworks


alabba
(@alabba)
New Member
Joined: 2 years ago
Posts: 1
Topic starter  

Hi,

I am an independent consultant and most of my clients are in the small medium market.Their maturity isn't such that they can achieve big certifications such as ISO27001, and they are starting their security journey deploying technical controls.

My main challenge is to find a technical control framework that I can later scale up to achieve larger certifications such as ISO.

Any recommendations ? 


Quote
konsultant
(@konsultant)
Active Member
Joined: 2 years ago
Posts: 10
 

If your customers are not ready for ISO or other advanced frameworks is likely that their security practices are not risk driven?

I would suggest to guide yourself and them with the CIS 20 critical controls.

This framework is a good blueprint for larger security programs such as ISO, NIST, PCI etc

 

 


the_eagle liked
ReplyQuote
the_eagle
(@the_eagle)
Eminent Member
Joined: 2 years ago
Posts: 28
 

Check the following link,

https://www.cyber.gov.au/acsc/view-all-content/publications/strategies-mitigate-cyber-security-incidents

 

https://www.cyber.gov.au/sites/default/files/2020-06/PROTECT%20-%20Strategies%20to%20Mitigate%20Cyber%20Security%20Incidents%20%28February%202017%29.pdf

 

This framework as CIS 20 are top frameworks to scale up to NIST and ISO27001. Particularly I prefer ASD top35 but both of them will get you where you need to be with your clients.


ReplyQuote
Share: