登录查看更多内容

How do you adapt IT security frameworks to your context?

由人工智能和领英社区提供技术支持

IT security frameworks are sets of best practices, standards, and guidelines that help organizations manage their IT risks, comply with regulations, and improve their performance. However, not every framework is suitable for every context. Depending on your industry, size, goals, and resources, you may need to adapt an existing framework or create your own. How do you do that? Here are some steps to follow.

此文章中的业界达人

由社区从 3 条内容中精选。了解更多

Jin Chong

I help companies implement Knowledge Management System | Digital Transformation Specialist | Founder of JET Workflow |…

1 Assess your needs

The first step is to understand your IT security needs and objectives. What are the main threats and vulnerabilities that you face? What are the legal and ethical requirements that you have to meet? What are the business outcomes that you want to achieve? You can use various tools and methods to conduct a risk assessment, such as SWOT analysis, gap analysis, or threat modeling. This will help you identify your strengths, weaknesses, opportunities, and threats, and prioritize your actions.

添加您的观点

Girish Ahuja
举报内容
You should document the current state of maturity in 3 dimensions - business outcomes, solutions/tools and people. This document should serve as foundation to all of your subsequent conversations so it must be written with people that are not security experts. (think CFO or CTO)

已翻译

赞

2 Choose a framework

The next step is to choose a framework that matches your needs and objectives. There are many IT security frameworks available, such as ISO 27001, NIST CSF, COBIT, or SANS. Each one has its own scope, structure, and focus, and may be more or less relevant for your context. You can compare different frameworks based on criteria such as coverage, complexity, compatibility, and credibility. You can also consult industry standards, benchmarks, or best practices to see what frameworks are commonly used by your peers or competitors.

添加您的观点

3 Customize the framework

The third step is to customize the framework to fit your context. This means that you can modify, add, or remove elements of the framework to suit your specific needs and objectives. For example, you can adjust the scope, level, or frequency of the controls, or create new ones based on your risk assessment. You can also align the framework with your existing policies, procedures, or processes, or create new ones to support the framework. You can use tools such as templates, checklists, or matrices to help you customize the framework.

添加您的观点

4 Implement the framework

The fourth step is to implement the framework in your organization. This means that you have to communicate, train, and monitor the framework to ensure that it is understood, followed, and effective. You can use various strategies and techniques to implement the framework, such as awareness campaigns, workshops, audits, or feedback mechanisms. You can also use tools such as dashboards, reports, or metrics to measure and track the progress and performance of the framework.

添加您的观点

Girish Ahuja
举报内容
Implementation should include governance model that will ensure changes to framework are reviewed and clear accountability is established towards business outcomes.

已翻译

赞

5 Review and update the framework

The final step is to review and update the framework regularly. This means that you have to evaluate the framework against your needs and objectives, and make changes as necessary. You can use various methods and sources to review the framework, such as surveys, interviews, or incidents. You can also use tools such as benchmarks, indicators, or trends to identify and analyze the changes in your context. You can then update the framework to reflect the new risks, requirements, or goals.

By following these steps, you can adapt IT security frameworks to your context and ensure that they are relevant, effective, and efficient for your organization.

添加您的观点

6 Here’s what else to consider

This is a space to share examples, stories, or insights that don’t fit into any of the previous sections. What else would you like to add?

添加您的观点

Jin Chong

I help companies implement Knowledge Management System | Digital Transformation Specialist | Founder of JET Workflow | CompTIA ASEAN Community Executive Council
举报内容
Most organisations omitted the importance of putting in place a strong steering committee, with a strong leadership of a chair person. In most cases, members of the steering committee are head of departments or managers whom are already given several responsibilities, thus putting a low priority on the implementation of the framework. This is just one of the causes of failed project. I have seen quite a few failed implementation due to the lack of commitment from the steering committee.

已翻译

赞

IT Management

+ 关注

给文章评分

我们借助人工智能创建了此文章。您认为这篇文章怎么样？

很棒不太好

举报此文章

查看全部

How do you adapt IT security frameworks to your context?

1

2

3

4

5

6

1 Assess your needs

2 Choose a framework

3 Customize the framework

4 Implement the framework

5 Review and update the framework

6 Here’s what else to consider

IT Management

给文章评分

感谢您的反馈

更多IT Management相关文章

更多相关阅读内容

How do you adapt IT security frameworks to your context?

1

2

3

4

5

6

1 Assess your needs

2 Choose a framework

3 Customize the framework

4 Implement the framework

5 Review and update the framework

6 Here’s what else to consider

IT Management

给文章评分

感谢您的反馈

查看其他技能