What methodologies or frameworks (like NIST CSF, CMMC, etc.) are you using to assess and track your cybersecurity maturity level?

LeadershipArchitecture
75.9k viewscircle icon24 Upvotescircle icon90 Comments
Sort by:
Director of Marketing5 months ago

Hello everyone! My response to this question isn't based the activities of the organization that I work for; rather, it is based upon the many organizations that I confer with as a Cybersecurity Evangelist.

In my experience, most organizations gravitate to two sets of standards: 1) ISO 27001/27002 or 2) NIST 800-171/172-based standards, such as CMMC. Over time, it is also anticipated the US Federal agencies beyond the US Department of Defense (DoD) will more widely adopt CMMC-like standards. There are also longer-term standards out there- like PCI-DSS- that are required for specific use-cases such as protection of credit card data. 

Bigger-picture, it's in your best interest to select an achievable standard that's aligned with the ultimate cybersecurity goals of your company. Why is that? Because I have found that organizations that have adopted CMMC for their DoD business lines actually benefited from improved security protection in their "commercial" lines of business, as well. 

Information Security Manager in Banking5 months ago

We are using DORA - DevOps Research and Assessment  (custom version if I may say that). There is a capability called: Shift Left Security, based on all the experience from me and my colleagues I created custom questions and scenarios, based on our organization. 

Finance Manager6 months ago

NIST 2.0 for baseline and subsequently CIS leveraging IG1, IG2 and IG3 for deeper dives into domains/areas.

Lightbulb on2
Director of IT in Energy and Utilities7 months ago

C2M2

Chief Information Officer in Miscellaneous7 months ago

NIST CSF 2.0

Content you might like

Looking at users who have adopted self-serve analytics at your org, how many do you believe are getting the full value of it?

All active users4%

Most active users40%

Half of active users48%

Less than half of active users5%

Only a few active users

None

View Results

Do you expect your cybersecurity program budget to increase or decrease in the next year?

Significantly increase11%

Moderately increase58%

Neither (no change)24%

Moderately decrease4%

Significantly decrease1%

Unsure

View Results

The use of Generative AI in the textile and industrial sectors — for instance in fashion companies or in the creation of marketing content — carries significant risks if not supported by adequate detection and risk management tools. Generative models may unintentionally incorporate elements protected by intellectual property rights, such as registered styles, patented designs, or content belonging to other fashion houses.

A notable example is the “Studio Ghibli” case, where AI-generated works reproduced distinctive, protected features.

In this context, how should Risk Managers equip themselves to prevent and mitigate such risks, ensuring innovation while avoiding legal violations and reputational damage?

With AI adoption accelerating across enterprises, what do you view as the top information security challenge that leaders should address? How can CISOs, VPs and Director’s align governance, risk and security investments to enable AI innovation without creating new exposures?

Read More Comments

What’s your “hot take” when it comes to security questionnaires?

Read More Comments