Cybersecurity frameworks, requirements, regulations, and standards must be wonderful, because we have so many of them. But enterprises today often need to report to several of them, each with its own focus, language, level of abstraction, and assessment or audit approach. Cross-mapping among them has become a way of life for many enterprises, and has led to a sea of mappings that include commercial services, vendor tools, volunteer donated, hand-crafted one-offs, and everything else you can imagine. While some of this is inevitable, such frameworks are a problem that need to be simplified for adopters.
- The importance, value, and challenge of cross-mapping security frameworks
- The rationale and process used by CIS to create and support mapping, and some real-world examples
- The larger implications for the entire cyber ecosystem and how this work provides benefits beyond solving any one specific mapping problem