After establishing a risk assessment and risk management as the foundation for a cyber security program, many enterprises then turn to a control framework or set of standards to help streamline processes and reduce costs. Standards can help the organization define terminology, and manage systems, processes and controls in a more streamlined or uniform manner.
On the other hand, many enterprises have to comply with a mix of state, industry-specific and/or international cyber security regulations. When it comes to our recent “Cyber Security Mid-Year Snapshot 2019” survey respondents, Figure 16 (below) shows that most are using the ISO/IEC 27000 family of standards at 44.93%, which aims to help organizations ‘keep information assets secure.’
The next largest group is leveraging the NIST Cyber Security Framework (CSF) at 39.13%. As shown in the survey demographics, almost half of respondents are based in North America, so it comes as no surprise that the NIST CSF is high on the list. In the U.S., this Framework is widely pointed to as the go-to standard for security practices and development. While the use of the CSF is not mandatory for the…
