ISC2CT Chapter Meeting April

Program Maturity - Cybersecurity and Operational Risk Management

Business executives leverage cybersecurity programs to understand residual risk. That helps them make informed decisions to mitigate risk to an acceptable level. This session provides guidance to improve program maturity in stages.

Maturity Level 1.

Minimal Compliance Development of an information security program should begin with a reputable baseline such as the NIST Cybersecurity Framework.

A framework communicates the minimum controls required to protect an organization. It is also necessary to include control requirements from applicable laws, regulations and contractual obligations. Compliance with external requirements is also a minimalistic approach when designing a program.

Maturity Level 2.