ECONOMIC, OPERATIONAL & STRATEGIC BENEFITS OF SECURITY FRAMEWORK ADOPTION

INTRODUCTION: SECURITY FRAMEWORKS Not so many years ago, a standard security framework was something that large enterprises implemented. Most small and midsized organizations, particularly those in unregulated industries, cobbled together security strategies based on best practices that seemed important to them. More recently, however, security frameworks have gone mainstream. This is driven in part by the growth of cybercrime, a more demanding regulatory environment, and the increased complexity of the IT infrastructure. With all this newfound enthusiasm for security frameworks, how have businesses actually benefited by adopting them? With generous support from Tenable, we set out to discover the answers by asking 30 security experts from a wide range of industries and regions around the world the following question: What are the business and security benefits that come from adopting a security framework? In our discussions with the experts, we found that benefits relate to motivations for adopting a framework in the first place. Some businesses have legal requirements to show compliance with standards. For them, non-compliance is itself an important risk factor. Many businesses adopt frameworks to prove to their customers they are a safe business partner. But for all of them, the benefits typically run deeper and become embedded in the culture of their operation. We identified many businesses that take creative approaches to framework adoption, along with some good tips on how to sell management on the need for a framework. And once you win that battle, then the real work begins. Whether you are considering adopting a framework, or you have already implemented a framework and are facing an ever-changing security and regulatory landscape, I’m sure you will gain useful insights from these experts. Mighty Guides make you stronger. These authoritative and diverse guides provide a full view of a topic. They help you explore, compare, and contrast a variety of viewpoints so that you can determine what will work best for you. Reading a Mighty Guide is kind of like having your own team of experts. Each heartfelt and sincere piece of advice in this guide sits right next to the contributor’s name, biography, and links so that you can learn more about their work. This background information gives you the proper context for each expert’s independent perspective. Credible advice from top experts helps you make strong decisions. Strong decisions make you mighty. All the best, David Rogelberg Editor © 2017 Mighty Guides, Inc. I 62 Nassau Drive I Great Neck, NY 11021 I 516-360-2622 I www.mightyguides.com Sponsored by: 3 TABLE OF CONTENTS Foreword .........................................................................................................2 Introduction ....................................................................................................3 A Security Framework Combines Security and Business Goals A Framework Provides a Baseline for Security that Supports Business Goals | Lester Godsey...................................................................6 A Framework Can Align Security Objectives with Business Goals | Lee Bailey.......................................................................................................10 Frameworks Guide Both Product Development and Customer Engagement | Lee Eason............................................................................12 The Framework as an Instrument of Change | Nir Yizhak.................15 Framework Benefits Tie Back to Reasons for Framework Adoption | Paul Heffernan...........................................................................................18 A Framework Can Streamline Vendor Onboarding | Tero Lampiluoto...........................................................................................22 Business Benefits of a Security Framework A Security Framework Makes the Business Viable | Scott Estes.....................................................................................................26 Security Frameworks Must Serve Business Objectives | Floyd Fernandes...........................................................................................30 Security Frameworks Provide a Common Language | Curtis Letson.................................................................................................33 When Customers Require Compliance with Security Frameworks | Chad Lorenc..................................................................................................37 Frameworks Can Play a Role in Building Customer Confidence and Transparency | Erik Blomberg...................................................................39 Frameworks Provide Many Benefits, but Implementation Is Key | Avinash Tiwari..............................................................................................43 Sponsored by: Security Benefits of a Security Framework With a Framework, You Make Security Decisions Based on Collective Knowledge | Joshua Danielson.......................................................................47 Frameworks Strengthen a Collaborative Security Process | Carlos Lerma........................................................................................................51 Even for Sophisticated Companies, Frameworks Help With Navigation and Priority Setting | Daniel Cisowski...........................................................54 Frameworks Provide an Excellent Way to Understand Risk | Gary Hayslip........................................................................................................58 The Framework Provides a Common Language for a Global Company | Eric Bedell............................................................................................................61 Use a Framework to Map Client Requirements to Your Security Practices | Javed Ikbal.......................................................................................65 A Framework Enables a Consistent Security Practice in an Extended Global Enterprise | Ole Frandsen...................................................................68 Implementing a Security Framework A Framework Is a Foundation | Kalpesh Doshi...........................................72 Adapt the Framework to the Business, Not the Business to the Framework | Russ Kirby...................................................................................75 Mapping Risk Directly to Framework Controls | Alex Wood...........................................................................................................78 Building a Security Framework: An Enterprise-Wide Endeavor | Caleb Sima...........................................................................................................82 Security Frameworks Require High-Level Collaboration | Oren Ben Shalom...............................................................................................84 Applying a Sec
Please complete the form to gain access to this content