In order to follow best practices, a knowledge base fed by community and academic expertise, a systematic and structured approach to consider and propose options for controls to prevent, detect, respond and recover to cyber security incidents involving an organization system, data or network, which control frameworks have worked better for you?

Topic

[chandadd68Participant]

From my experience the Unified Control Framework (UCF) has worked well. I have in retail and financial industries, with so many regulations to adhere to and so many security measures to implement to ensure security of data, systems and network and to be compliant to all regulations and Unified Control Framework has work well. The UCF can be challenging in part due to the volume of this framework however, when implemented well and becomes part of your BAU it can reduce compliance fatigue. Considering frameworks are not the ultimate, one must build on what the framework specifies to be maximize security to your infrastructure

[bassamtaParticipant]

we have been using NIST framework for a while over our IT and OT systems and networks, this year with consulting firm engagement as third party experience, we have just started the process of adopting the CMMI model via area of practices concepts. the main objective is to verify we are able to meet different models and frameworks, the CMMI model will apply NIST and Cobit frameworks as combinations with two different tastes.

[Author]

Replies