Related Posts
More Posts
What are you most insecure about?
Hlw, on the 1st day how much time they will take to complete onbording process in IBM KOLKATA, Monday i am hving onbording with ibm also i need to return train reservation thats why i need to know this Please let me know, if anyone joined recently in ibm Kolkata?? Thanks in advance😊 IBM Cognizant Deloitte Tata Consultancy
Additional Posts in Cyber Security Bowl
Which siems are you guys playing with for fun?
New to Fishbowl?
unlock all discussions on Fishbowl.
Boring but it's stuff that is good to learn.
- You have to know the policies, so you will be reading them
- lots of writing/making charts
What type of cyber work revolves around creating strategies and doesn’t have the bogus name “strategy” that should actually be “assessments”?
Been on a couple tech strategy teams where we think of the “Future of Technology” and bid using some strategic start up partners but that’s definitely a minority of the work I get to do
Have the policies been mapped to SOC2? I’ve got something mapping SOC2 to ISO I can send you.
Hey I can’t find it at the moment. Go to CSA website and search for the CCM.. it’s basically a huge controls mapping.
How does one start with this? Currently on a project where my team has to define policies. New to the field (Staff 2).
Depends on what system you’re working on. Once you can classify the system you can determine what control families apply and then the fun starts.
Ez: You can bring in the controls and policies already in place then cross reference them with NIST/ISO/FedRAMP/etc standards then show the deficient areas (usually classified as Category 1-4 in severity). Then you go back to the client and get funding to build a team to tackle and implement changes, etc.
On one right now! It’s rough😅
Typical strategy project, i.e. boring and not much to learn. Can be executed by pretty much anyone willing to put the hours in.
That’s classic assurance project
Don’t get lost in the weeds. Nobody is going to scrutinise the details. More importantly remember to summarise for execs at each step of the way and refine the call to action
Should be easy. Most modern policies and procedures have been adapted from modern standards and best practices.
I've done a couple of these, DM me.
Anyone know where we can download the ISO for free?
https://www.iso27001security.com/ISO27k_Standards_listing.pdf
Not bad, but tedious. It helps if you can use offshore support
Hell no....
lol