Peer-Driven Insights

Security Frameworks (NIST, CIS, CSF)

Featured One-Minute Insights

Sept 2024

How are U.S. CISOs Addressing Liability Risk?

New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?
How are U.S. CISOs Addressing Liability Risk?

Community Posts

If you’ve used the NIST incident response plan as a template, what elements required the most customization to suit your org?

Relative to phishing and ransomware. How confident is your organization, that the security controls you have place today will protect you?

Read More Comments

Are compliance checklists an effective way to improve cyber hygiene?

Read More Comments

What are organizations lacking in their cybersecurity posture?

Read More Comments

What are your thoughts on CMMC 2.0?

Which of these resources have you used to design cybersecurity programs?

Control frameworks18%

Program frameworks38%

Risk frameworks22%

Consultant services11%

Managed security service providers (MSSPs)5%

Other outsourcing services3%

Other

View Results

What platform are you using for GRC?

Drata5%

Vanta20%

Secureframe16%

KnowBe415%

Ostendio8%

AuditBoard4%

Something else -- I'll tell you in the comments6%

We’re not using a GRC platform22%

View Results

What are your views on the CIS Controls framework?

Read More Comments

What are some critical NIST controls to focus on when building a cyber program for a new software startup?

I'm looking for a tool to manage application security requirements for our organization. The requirements need to include both regulatory requirements (healthcare) and threat-based requirements through a lightweight threat modeling component.  So far, SD Elements looks like a lone winner in this market segment. Does anyone have experience with them or one of their competitors? SD Elements is intriguing as it would also help us track compliance to the requirements thereby helping to measure progress and outcomes.

Does anyone have experience standing up a central organization that is responsible for resolving findings from audits? I am tasked with intaking findings from audits, organizing remediation projects/programs/teams to remediate those findings and track remediation to completion.

Read More Comments

What is the top data governance issue?

Limited resources11%

Siloed data40%

Lack of leadership23%

Poor data quality & context18%

Lack of data control5%

Other (please explain in the comments)

View Results

What IS program evaluations is everyone using to evaluate their cyber-hygiene?

Read More Comments

My security analyst is recommending we shut off access to third-party personal email accounts to reduce the risk of attack as a result of phishing attempts through these platforms.  Is this something many companies do?

Read More Comments

We are looking at implementing role-based access controls on some of our SaaS platforms due to entry into emerging markets. Does anyone have best practices to share?

Read More Comments

NIST cybersecurity framework 2.0 was just released – what do you think of the update so far?

Read More Comments