Cyber security fills the headlines with reports of data breaches and cyber attacks from all corners of the globe. Board rooms and executive management are more aware of the need for effective Cybersecurity today then they every have been. This awareness is driving action as many organizations look to frameworks for guidance on building effective security programs. The Critical Security Controls provides a Cybersecurity controls-based framework designed to directly address the actions attackers are taking. Creating a plan and gaining support for implementing a security program based on a control framework can be a daunting task. This paper will discuss a method for using the Critical Security Controls framework in conjunction with the NIST Cybersecurity framework to plan, budget and communicate the implementation project to senior executives.
2015 Energy Industry Cybersecurity Report
Strategic Cybersecurity: A Toolkit for Prioritizing, Coordinating, and Transforming Your Cybersecurity Program