Just came upon a new company that appears to be pursuing a good part of the SGSB playbook, though they appear to have found their way to these ideas by following their own path.
A few of the principles we seem to share include:
- You must measure security if you're ever going to manage it well
- Similarly, you must measure security if you're ever going to align security investments and policies with business or mission objectives
- Compliance-based approaches provide at best a false sense of security
- Significant attention by and involvement of Senior Management and Board is important
In a recent WSJ article, this company, BitSight, noted a correlation between its findings re: the observable technical security indicators it tracks and the companies that scored the best in its recent study. Top performers had: "a greater focus on cybersecurity by senior management." But of course.
And here's its critique of compliance approaches to security, published in Risk Management Monitor last week. Sounds as if they're channeling many of our thoughts about compliance regimes like the NERC CIPs:
And here's its critique of compliance approaches to security, published in Risk Management Monitor last week. Sounds as if they're channeling many of our thoughts about compliance regimes like the NERC CIPs:
A company may be compliant with all the appropriate regulations and have excellent security policies but may be completely ineffective in the day-to-day implementation of these policies .... Also, no matter how complete a checklist or audit is, its results are only a point in time reflection and can’t measure the dynamic nature of the risks it is meant to assess ....Please note the security measurement techniques developed by BitSight in their early days are neither comprehensive nor perfect. But they needn't be to be of great value to orgs (or their partners, suppliers, regulators, etc.) trying to figure out how they are doing and how to improve over time. Recommend you/we keep an eye on them.
10 comments:
Security for these semi-rural areas is a growing concern. Trespassing, theft and burglary are major concerns for rural property owners and residents as sometimes crooks view these rural isolated areas as easy marks. 메이저놀이터
wow....amazing post.It was really helpful.Continue Blogging.Warehouse Audit | Fixed Assets Audit | Customer Reconciliation
I have to voice my passion for your kindness giving support to those
Thanks for one marvelous posting!.... Continuous Monitoring
Profit Recovery
Duplicate Payment
Great informative blog... I found this blog content very helpful. Thanks for sharing details of industrial control systems cyber security.
I ‘d mention that most of us visitors are endowed to exist in a fabulous place with very many wonderful individuals with very helpful things.external audit services in dubai
Nice Blog, Thanks for sharing
Team auditing firms in uae and aroma diffuser
Your blog is great. It’s very interesting
odzyskiwanie danych Warszawa
great and approaching content for blogging purpose.
ERP Software Dubai
This web site is very popular, educated and intended to benefit.
Great and approaching content.
Cheque Printing Software UAE
Post a Comment