1. Are you smart enough?
This part will explain why people create standards. The challenge is that some security professionals are trying to create their own rules, solutions etc. and from our experience, they all have shortcomings. So, it is better to follow one of the cybersecurity standards; since standard creators seriously concentrate on this subject, collaborating with multiple professionals and going through multiple tests before approval. So, the question is, are you smarter than a group of people that are widely respected that have been analyzing cybersecurity for many years?
2. What Cyber Security Standards are and what they are not?
Standards are basic recommendations that are very flexible and can be easily adapted. Many organizations are afraid to adapt a standard as they think that they are hard or complex and would require them to change their business processes. However, standards do not require companies to change their processes. Standards do not recommend physical technology or methods as a solution. We will show some standard techniques to demonstrate how it can be implemented in your day-to-day operations.
3. Comparison
We will be comparing NIST, ISO27001, PCI, SOC2 standards. Similarities and differences. Pros and Cons. What to adapt and when.
- Certifiable standards
- Self-attestation standards
- Auditors
- How to communicate with auditing organizations
- Relationship between auditors and certifying bodies.
4. Selecting the right framework for you
- Types of organizations and legal requirements
- Industry accepted standards
- Cost
- Terms of certification
- Self-attestation
|