In today’s environment we have multiple Information Security Frameworks (ISO/IEC 27001, NIST CSF, COBIT, etc.) and multiple control catalogs ((ISO/IEC 27002, NIST 800-53, etc.). These two items are often a source of confusion as to how they are different and how they are both needed to ensure your organization has a solid foundation for your Information Security Management Program. This session dives into some of the more common frameworks and catalogs that may be in parts of an organization. We will also cover how to select and implement a framework and catalog that meets the needs of your organization. Learn how selecting a single control catalog has the ability to meet the needs of multiple regulatory entities to reduce the amount of compliance activities and streamlines the efforts within an organization.
- A basic understanding of an Information Security Framework and a Control Catalog as well as how they complement each other
- Pros and cons of popular frameworks (ISO/IEC 27001, NIST CSF, COBIT, etc.)
- Pros and cons of popular controls catalogs (ISO/IEC 27002, NIST 800-53, etc.)
- How to select and implement an Information Security Framework and a Control Catalog that meets your needs
- How a single control catalog can meet multiple regulatory requirements to reduce rework
Technical Level: Low