Security

Hey Security-minded folks,

Good to see a group just on this topic...maybe it will develop more focus in this area for associations.

I recently discovered and dig into the CIS security framework, or Center for Internet Security Controls (CIS Controls).  Previously, I had been conducting security assessments following the NIST 800 framework and I had no real concerns or complaints about it.  But, after reviewing the CIS controls, I really like their approach, it's organization, and the thoroughness in their descriptions.  I appreciate that they organize the controls in three different levels to try to match varying sizes of organizations and security 'needs'.

Has anyone else been using this CIS framework?  What frameworks have you been using?  If you've not been using one, I highly recommend this one.

Brian

------------------------------
Brian Scott
President / CIO
ClearTone Consulting LLC
Frederick MD
678-643-5593
------------------------------

Original Message:
Sent: 7/28/2022 3:46:00 PM
From: Brian Scott
Subject: Security Frameworks Used

Hey Security-minded folks,

Good to see a group just on this topic...maybe it will develop more focus in this area for associations.

I recently discovered and dig into the CIS security framework, or Center for Internet Security Controls (CIS Controls).  Previously, I had been conducting security assessments following the NIST 800 framework and I had no real concerns or complaints about it.  But, after reviewing the CIS controls, I really like their approach, it's organization, and the thoroughness in their descriptions.  I appreciate that they organize the controls in three different levels to try to match varying sizes of organizations and security 'needs'.

Has anyone else been using this CIS framework?  What frameworks have you been using?  If you've not been using one, I highly recommend this one.

Brian

------------------------------
Brian Scott
President / CIO
ClearTone Consulting LLC
Frederick MD
678-643-5593
------------------------------