Peer-Driven Insights

Security Frameworks (NIST, CIS, CSF)

About this topic

Security frameworks (NIST, CIS, CSF) refer to industry-standard models and best practices for establishing, managing, and improving cybersecurity programs. They provide structured guidance to strengthen security posture and ensure compliance.

Featured One-Minute Insights

Sept 2024

How are U.S. CISOs Addressing Liability Risk?

New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?
How are U.S. CISOs Addressing Liability Risk?

Community Posts

If you’ve used the NIST incident response plan as a template, what elements required the most customization to suit your org?

Relative to phishing and ransomware. How confident is your organization, that the security controls you have place today will protect you?

Read More Comments

Which of these resources have you used to design cybersecurity programs?

Control frameworks20%

Program frameworks37%

Risk frameworks22%

Consultant services11%

Managed security service providers (MSSPs)5%

Other outsourcing services2%

Other

View Results

Are compliance checklists an effective way to improve cyber hygiene?

Read More Comments

What are organizations lacking in their cybersecurity posture?

Read More Comments

What are your thoughts on CMMC 2.0?

What are your views on the CIS Controls framework?

Read More Comments

What are some critical NIST controls to focus on when building a cyber program for a new software startup?

What is the most important role of corporate culture in addressing the psychological impact of digital security?

Corporate culture has no influence on digital security.16%

Prioritizing digital security above other aspects in corporate culture.50%

Creating a work environment that supports mental well-being.17%

All of the above.16%

Your own perspective (Comment).1%

View Results

I'm looking for a tool to manage application security requirements for our organization. The requirements need to include both regulatory requirements (healthcare) and threat-based requirements through a lightweight threat modeling component.  So far, SD Elements looks like a lone winner in this market segment. Does anyone have experience with them or one of their competitors? SD Elements is intriguing as it would also help us track compliance to the requirements thereby helping to measure progress and outcomes.

Does anyone have experience standing up a central organization that is responsible for resolving findings from audits? I am tasked with intaking findings from audits, organizing remediation projects/programs/teams to remediate those findings and track remediation to completion.

Read More Comments

What IS program evaluations is everyone using to evaluate their cyber-hygiene?

Read More Comments

My security analyst is recommending we shut off access to third-party personal email accounts to reduce the risk of attack as a result of phishing attempts through these platforms.  Is this something many companies do?

Read More Comments

We are looking at implementing role-based access controls on some of our SaaS platforms due to entry into emerging markets. Does anyone have best practices to share?

Read More Comments

What is the top data governance issue?

Limited resources10%

Siloed data39%

Lack of leadership24%

Poor data quality & context19%

Lack of data control5%

Other (please explain in the comments)

View Results

NIST cybersecurity framework 2.0 was just released – what do you think of the update so far?

Read More Comments