In the 1990s, government agencies, industry groups, and cybersecurity researchers started creating cybersecurity standards, and these standards led to cybersecurity regulations and laws that dictate to organizations what they must do to protect their data. Today, there are dozens of standards dictating thousands of cybersecurity controls that organizations can consider when building their cybersecurity plans. Every year more standards are released, and the confusion grows. To make the problem even more challenging, no two standards are the same, nor do they even cover the same scope of defenses.
This reality has led to confusion and frustration for organizations seeking to build comprehensive cybersecurity programs. What should we do, what can we do, or what must we do to protect our information systems? Until recently, there has not been a Cyber Rosetta Stone for security and privacy professionals to use to compare these standards. Most organizations have limited resources and must choose which controls to implement and which to ignore. We haven't had risk or threat models to demonstrate why specific cybersecurity controls are essential and what should be prioritized.
For the third year in a row, James Tarala, Senior Faculty at the SANS Institute and Principal Consultant at Enclave Security, will explain the state of cybersecurity standards in 2023 with a scorecard comparison of popular standards based on specific, measurable research. This presentation is an annual report which will focus primarily on the changes to the cybersecurity standards space over the past year. He will also introduce a Cyber Rosetta Stone that simplifies building cybersecurity control libraries across all the standards. Attendees will leave this webcast with a clear understanding of the differences and gaps in cybersecurity standards that will support their informed decisions about which standards to use when building their cybersecurity programs.
Learning Objectives:
- Students will learn about the major updates to the cybersecurity landscape that occurred in 2023.
- Students will learn about the relationship between the most popular cybersecurity standards used in 2023 and how they relate to comprehensive cybersecurity safeguard models.
- Students will learn the differences between the most popular cybersecurity standards so they can make informed decisions regarding which are the best suited to help their organizations achieve their cybersecurity goals.
The content of this webcast supports materials and concepts from LDR419: Performing a Cybersecurity Risk Assessment, https://www.sans.org/cyber-security-courses/performing-cybersecurity-risk-assessment-training/ and SEC566: Implementing and Auditing CIS Controls, https://www.sans.org/cyber-security-courses/implementing-auditing-cis-controls/
About the Speaker:
James Tarala is a principal consultant with Enclave Security based out of Venice, Florida, and a SANS Senior Instructor. As a consultant, he has spent the past several years designing large enterprise security and infrastructure architectures, helping organizations to perform security assessments, and communicating enterprise risk to senior leadership teams. He is the author of the brand new LDR419: Performing a Cybersecurity Risk Assessment, as well a number of previous SANS courses. Learn more about James at https://www.sans.org/profiles/james-tarala/
Learn more about SANS Cybersecurity Leadership Curriculum at www.sans.org/cybersercurity-leadership
Connect with us on social:
LinkedIn - SANS Security Leadership
Twitter - @secleadership
SANS is the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - the Internet Storm Center.