Sign up to save your podcasts
Or
Share Best Starting Security Framework
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Best Starting Security Framework
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-best-starting-security-framework/)
If you were building a security program from scratch, which many of our listeners have done, which framework would be your starting point?
Check out this post initiated by Sean Walls, vp, CISO of Visionworks, who asked, "If you were building a security program from scratch, would you align with ISO 27001, NIST CSF, or another framework, and why?"
That conversation sparked this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Omar Khawaja (@smallersecurity), CISO, Highmark Health.
Thanks to this week's podcast sponsor, Palo Alto Networks.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. On this episode of Defense in Depth, you'll learn:
- When determining a starting security framework, always lead with the "Why?" What are you trying to accomplish and achieve?
- In some cases you're building a framework to build trust.
- Although most in security take a risk-based approach. That's not always necessary when picking a framework. Frameworks are often very regulatory driven.
- Framework decisions will be built on both internal and external pressures.
- If you don't have a specific security problem, a specific security solution makes no sense.
- The Secure Controls Framework is a free meta-framework that allows users to pick and choose elements from multiple frameworks.
- Check out Allan Alford's four-year mapping of NIST CSF, CIS CSC 20, and ISO 27001.
- While there are plenty of great frameworks out there, for someone who is truly starting from scratch, many security professionals pointed to the CIS top 20 because it maps to frameworks like NIST and ISO.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-best-starting-security-framework/)
If you were building a security program from scratch, which many of our listeners have done, which framework would be your starting point?
Check out this post initiated by Sean Walls, vp, CISO of Visionworks, who asked, "If you were building a security program from scratch, would you align with ISO 27001, NIST CSF, or another framework, and why?"
That conversation sparked this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Omar Khawaja (@smallersecurity), CISO, Highmark Health.
Thanks to this week's podcast sponsor, Palo Alto Networks.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. On this episode of Defense in Depth, you'll learn:
- When determining a starting security framework, always lead with the "Why?" What are you trying to accomplish and achieve?
- In some cases you're building a framework to build trust.
- Although most in security take a risk-based approach. That's not always necessary when picking a framework. Frameworks are often very regulatory driven.
- Framework decisions will be built on both internal and external pressures.
- If you don't have a specific security problem, a specific security solution makes no sense.
- The Secure Controls Framework is a free meta-framework that allows users to pick and choose elements from multiple frameworks.
- Check out Allan Alford's four-year mapping of NIST CSF, CIS CSC 20, and ISO 27001.
- While there are plenty of great frameworks out there, for someone who is truly starting from scratch, many security professionals pointed to the CIS top 20 because it maps to frameworks like NIST and ISO.
More shows like Defense in Depth
View all
Hacked
187 Listeners
Security Now (Audio)
2,008 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,021 Listeners
Smashing Security
319 Listeners
Click Here
415 Listeners
Darknet Diaries
8,061 Listeners
Cybersecurity Today
179 Listeners
Hacking Humans
315 Listeners
CISO Series Podcast
188 Listeners
Cyber Security Headlines
139 Listeners
Risky Bulletin
44 Listeners
Hacker And The Fed
168 Listeners