Critical Start CTO and Forbes Technology Council Member Publishes Benefits and Cautions of Aligning With Cybersecurity Frameworks

In his latest piece for Forbes, Benefits and Cautions of Aligning With Cybersecurity Frameworks, Critical Start CTO and Forbes Technology Council member, Randy Watkins, emphasizes the significance of adopting cybersecurity frameworks and explores the top three benefits—as well as one warning—for enterprise security teams working with the NIST CSF, ISO/IEC 27001, and other frameworks.

“Many practitioners often conflate cybersecurity frameworks with regulatory compliance, such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability (HIPAA), and others,” Watkins writes. What gets overlooked, though, is that, “While those criteria are a framework of their own, regulatory compliance frameworks focus on specific operational requirements with often limited scopes, and do not reflect a holistic view of security maturity or posture across the entire organization. An organization can pass a regulatory compliance audit and still be at risk in other areas.”

Enterprise security teams are continually assessing shifting concerns and implementing mitigation controls to reduce organizational risk and align risk appetite. Unfortunately, the pressing need to respond to threats results in implementing risk-specific controls, creating potentially dangerous coverage gaps. Watkins walks readers through:

• What cybersecurity frameworks are and the role they play in best practices 
• The top three benefits gained by aligning with a framework 
• One warning to help eliminate blind spots in framework adoption 
• How Critical Start enables framework alignment to deliver risk reduction over time 

Watkins joined the Forbes Technology Council, an invitation-only community for world-class CIOs, CTOs, and technology executives, in 2019.

To read the full article and learn how “… security leaders can make data-informed decisions with confidence that reduce risk and continually improve security posture,” click here.