In today’s environment we have multiple Information Security Frameworks (ISO/IEC 27001, NIST CSF, COBIT, etc.) and multiple control catalogs ((ISO/IEC 27002, NIST 800-53, etc.). These two items are often a source of confusion as to how they are different and how they are both needed to ensure your organization has a solid foundation for your Information Security Management Program. This session dives into some of the more common frameworks and catalogs that may be in parts of an organization. We will also cover how to select and implement a framework and catalog that meets the needs of your organization. Learn how selecting a single control catalog has the ability to meet the needs of multiple regulatory entities to reduce the amount of compliance activities and streamlines the efforts within an organization.
Technical Level: Low