Foundational Frameworks

Description

Outcomes

• Clients will be able to identify the areas of their security program that are succeeding, adequate, or need review.
• Clients are able to prioritize these findings to meet their needs.
• Clients are better protected against cyberattacks.
• Organizations have a documented understanding of their organization’s risk profile.
• Clients have access to tools and expertise available to quickly identify, analyze, and respond to security incidents and breaches.
• Action plans are developed to manage detected cybersecurity incidents and breaches, and strategies to contain cybersecurity threats.

Resources

Defensible Security
Defensible Security is a collection of control groups you can use to help support your security program. Defensible Security helps organizations know what they need to be doing at a minimum to achieve a security posture that is defensible.

Assessment Tool (Excel)
Provides a quick and easy way for organizations to assess their security posture and view changes over time. It can also be used for executive reporting.

CIS Critical Security Controls (cisecurity.org)
The Center for Internet Security's Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture.

ISO/IEC 27000 family (iso.org)
ISO/IEC 27001 is the world’s best-known standard for information security management systems (ISMS) and their requirements. Additional best practice in data protection and cyber resilience are covered by more than a dozen standards in the ISO/IEC 27000 family.

NIST Cybersecurity (nist.gov)
NIST develops cybersecurity standards, guidelines, best practices, and other resources to meet the needs of U.S. industry, federal agencies and the broader public. Our activities range from producing specific information that organizations can put into practice immediately to longer-term research that anticipates advances in technologies and future challenges.