Part 1 – Getting Your Program Off the Ground
All too often I see organizations throwing hundreds, if not thousands of dollars, at cybersecurity problems. But is this really the right course of action, especially when you are only just starting to develop your program?
To start your endeavor in developing a cybersecurity program, you must understand where you are starting from. Often, this will require an assessment to be performed, one that helps you understand the current security posture. To perform an assessment, you must first choose the types of controls and cybersecurity standard you want to assess the organization against.
There are plenty of cybersecurity standards to choose from, but how do you choose? First, it requires you to understand the organization, its requirements, and where it conducts business. If it conducts business in Europe or other regions outside the U.S., it may be best to use an international standard such as ISO 27001/27002. In the U.S., many...