Mapping policies and procedures to NIST and ISO. Anyone ever been on a project like this? How is it?

likefunny
Posting as :
works at
You are currently posting as works at

Boring but it's stuff that is good to learn.
- You have to know the policies, so you will be reading them
- lots of writing/making charts

likesmart

What type of cyber work revolves around creating strategies and doesn’t have the bogus name “strategy” that should actually be “assessments”?

like

Been on a couple tech strategy teams where we think of the “Future of Technology” and bid using some strategic start up partners but that’s definitely a minority of the work I get to do

Have the policies been mapped to SOC2? I’ve got something mapping SOC2 to ISO I can send you.

like

Hey I can’t find it at the moment. Go to CSA website and search for the CCM.. it’s basically a huge controls mapping.

How does one start with this? Currently on a project where my team has to define policies. New to the field (Staff 2).

like

Depends on what system you’re working on. Once you can classify the system you can determine what control families apply and then the fun starts.

Ez: You can bring in the controls and policies already in place then cross reference them with NIST/ISO/FedRAMP/etc standards then show the deficient areas (usually classified as Category 1-4 in severity). Then you go back to the client and get funding to build a team to tackle and implement changes, etc.

like

On one right now! It’s rough😅

like

Typical strategy project, i.e. boring and not much to learn. Can be executed by pretty much anyone willing to put the hours in.

like

That’s classic assurance project

Don’t get lost in the weeds. Nobody is going to scrutinise the details. More importantly remember to summarise for execs at each step of the way and refine the call to action

like

Should be easy. Most modern policies and procedures have been adapted from modern standards and best practices.

I've done a couple of these, DM me.

Anyone know where we can download the ISO for free?

https://www.iso27001security.com/ISO27k_Standards_listing.pdf

Not bad, but tedious. It helps if you can use offshore support

Hell no....

lol

Related Posts

Now I'm in a client location, My manager is a good person but he told me, I should report to Lead.

Lead is a psycho. He shows hell to the team members including me.
What should I do ?

like

What matters more early in your career, agency name recognition or project experience?

i am going to join coforge banglore location in december and got info from HR that im gonna work for banking project, so please help me how will be WLB and banking project names?pls help me with this info.Thanks in advance.!!

🐠 🐟 Share your amazing hotel stories . I miss business travel … last time I met a client face to face was in Feb 2020. My most amazing hotel stay was in Toronto June 2018… checked into a Westin hotel and I was upgraded to a presidential suite ! I couldn’t believe it until I went to my room .

like

Deloitte folks - does anyone have any insight into the Strategic Finance team that sits within Corporate Development? It’s a non client facing role, and a small group that I think is 100% remote. Would love to hear anything and everything you know.

like

Looking to hire for the following roles:

• Director of Performance Marketing - fulltime salary + benefits (Illinois preferable - can discuss remote options)

• Google Ads Specialist / Media Buyer (UAC/user acquisition specialist) - part-time/contractor (remote)

• Google Ads Specialist / Media Buyer (Search, Shop, Video/Display) - part-time/contractor (remote)

• Facebook Ads Specialist / Media Buyer - part-time/contractor (remote)

If you have account/client-facing ability, big plus.

DM me

4 Years of experience in wipro and recently,
Promoted to Project Lead.

How much CTC can i expect for the current role ?
Waiting for the MSI later.

like

I’m a home infusion nurse previously with CVS looking to get into clinical project management. Have PM skill set, just no experience. Anyone have advice on who’s hiring entry level? Any advice in general? It’s rather competitive out there

like

What’s the average project delivery specialist compensation in GPS like?

like

How long does it typically take to get staffed on your first project? Feel like I'm going crazy and its only been a week. I finished all my compliance and updated my profiles and everything, just waiting for my RM.

likehelpful

Open to new opportunities as a project manager, however, the options I am finding are all 6 month contract or contract to hire.
Anyone else running into this or is it my area?

like

Hi All, I was offered a role with Aecoms San Francisco office working with an energy client for a midlevel associate environmental planner. I wanted to gauge what is a general salary that ones been offered on this team. I felt lowballed at $79k/annual, initially offered 74k. This is given that I had 1.5 years in land use planning and a recent masters graduate in urban planning.

like

Moving from consulting to industry (with 8 years of experience) as a project manager. What is the minimum salary I should accept?

like

Happy day. Firing a client that is a time suck and emotional drain today. Life is already better.

likeupliftingsmart

I worked on a project with Leap by McKinsey and enjoyed it. It's basically planning and launching digital projects from 0 to 1(strategy to MVP).
What are the best consulting companies doing this type of work?

like

Hi everyone, I am currently looking to get into project management in Vancouver or Toronto. Any opportunity would be amazing, thank you in advanced!

like

Do you break down your experience on a project by project basis? Any good samples of doing this?

like

Anyone have suggestion on good sources a little shorter in duration and more real life scenario based, to pickup Consulting Excel, Project Mgmt and HR cliffnotes or know-hows. Im looking into all these HR Certificates (SHRM, PHR, HRM etc.) Im entering a new field and want to he able to be savvy enough not to look like a complete beginner in the practical side on how to actually do the theoretical part. Advice and suggestions much appreciated.

like

Transitioning from full time agency life to be a freelancer and/or part timer. How have folks negotiated their rate, hourly vs day? For reference, I’m in the Account/Project Management space and have 8+ years of experience. And I’d ideally like the rate to result in more $$ than what I was making when salaried. Thanks!

like

More Posts

Anyone on here from DD Canada? Currently with PWC digital and looking at making a move into the Digital Studio

like

What are you most insecure about?

like

Sometimes I wonder if I’m really a consultant considering how I’ve never once travelled for work! No planes, not even trains!! 😀

like

I have an opportunity to be a Food and Beverage manager for a hotel I have been for 6 years. Currently I am overseeing all operations but want to focus more on the F&B world. Would anyone know how much salary I should be asking for this role?

what is considered a good clinical staff pharmacist salary in Austin, TX?

like

I just got offered equity for the first time and I definitely don’t fully understand how it works. Anyone care to dumb it down for me?

Which job would pay more in the future? Business Intelligence or Proposal Writing? I am a government contractor so you know what sector in.

like

how is Visas SF vs foster city office? trying to decide which i want to live closer to.

like

Anyone work at Mekanism? What's it like? Specifically interested in the SF office.

like

Anyone here that uses Verizon as a carrier on their cellphone? If so, how do you like it? Thinking of moving from AT&T to Verizon

like

Did anyone disappoint their parent(s) when deciding to work in advertising?

like

Hi everyone! I’m a communications/PR professional with 10 years experience in the same field, I am looking for a job in Vancouver. Any assistance would be greatly appreciated!

like

Urgent!!
I currently have a offer letter- 15.5 CTC (fixed)( profile- security Researcher)
Cleared all interviews of another company and they are asking “expected ctc” . How much should I ask??( profile- threat researcher)
Current ctc - 8.5 lpa ( profile- risk & compliance)
Basically I am changing my profile.

like

Anyone have any experience moving from a retail broker to a wholesale brokerage? No offers, have not started looking but considering the change.

like

How is C&M in deloitte? How is the work ,bench period, hikes,any layoffs in past in c&m .One of my friend will soon be joining!

like

Citi Hello all,

I joined citi in December, and I haven't added any dependent details for insurance now. I am unable to add dependents, so can anyone suggest how can I get insurance for my in-laws

like

Hlw, on the 1st day how much time they will take to complete onbording process in IBM KOLKATA, Monday i am hving onbording with ibm also i need to return train reservation thats why i need to know this Please let me know, if anyone joined recently in ibm Kolkata?? Thanks in advance😊 IBM Cognizant Deloitte Tata Consultancy

like

Would love to work towards “Chief Culture Officer” - focusing mostly on the employee experience.

Acknowledging it’s not super common - what does this role pay? (Boston based)

like

Does anyone have experience with cyber capabilities @Charles River Associates?

like

Additional Posts in Cyber Security Bowl

Does anyone have experience with cyber capabilities @Charles River Associates?

Any general insight on WLB between PWC and KPMG regarding cyber practices

like

Anyone from Unit 42 willing to provide a referral? Happy to share my resume/background

like

What's the industry's view on the CISM cert? I know the CISSP is like the gold standard but what about the CISM? Lots of higher level roles require one or the either so it seems like there is value?

likehelpful

Do we have professionals from Brisbane, or other Australian cities here?

I wanted to know what do you guys think I should ask for expected compensation - my profile is :

3 Years into InfoSec compliance around ISO27001; SSAE-18; CIS

1 Year into Identity and Access Management (PAM focussed)

Holding ISO27001LA, CompTIA Security+, AZ900.

In next 4 months I target to achieve AZ500, and CISSP.

Can someone please evaluate and tell me what can I ask in AUD ? Pre and Post CISSP

Thanks in Advance

like

Which siems are you guys playing with for fun?

likefunny

Can someone shed light on the culture, pay, work, etc at EY TSA Cyber for a senior Consultant role?

like

🐟 any suggestions on next move? Have offers from following
1) Deloitte - 175K
2) PwC - 160K
3) EY - 165K
Role - M , HCOL, PAM/IAM.
Which one to go with? D has better comp but not sure how WLB is ?

likehelpful

Been stuck in the framework side of cyber doing assessments and so far every new project or company that says they’re going to offer me a different path, i end up in the same place. Is it hard to pivot to a different career path once you have a lot of experience in one area?

like

Is IAM cybersecurity? Seems just like glorified IT work

likefunny

How are DBA privileges provisioned within AWS? How do you prevent SOD conflicts???

like

Anybody that works in Penetration Testing and can tell a bit how it is, what is your day-to-day and do you recommend it?

like

Has anyone worked at Protiviti’s cybersecurity team? Looking into positions there and got reached out to by a recruiter for cyber. Looking to avoid any type of IT audit and staff aug work though.

like

Anyone work in any of the MBB and do security work? I am shifting over and would like some insight. Thanks!

like

Can anyone recommend a good book/materials to prep for the CIPP/CIPM? 🙏🏽

Anyone here a cloud expert? Looking to learn a new skill.

like

Mcafee DB Security Virtual Patching as a compensating control for Oracle DBs that can no longer be patched - lots of PII..sufficient compensating control..thoughts?

Would a company give me a chance in cloud with aws SAA and aws security specialty in your opinion ?

Interested in opportunities in pen testing. Anyone who could give me more information/a referral?

New to Fishbowl?

Download the Fishbowl app to
unlock all discussions on Fishbowl.
That was just a preview…
Sign Up to see all discussions
  • Discover what it’s like to work at companies from real professionals
  • Get candid advice from people in your field in a safe space
  • Chat and network with other professionals in your field
Sign up in seconds to unlock all discussions on Fishbowl.

Already a user?
Login here

Share

Embed this post

Copy and paste embed code on your site

Preview

Download the
Fishbowl app

See what’s happening in your industry
from the palm of your hand.

A phone with Fishbowl app

Send download link to your phone

OR

Scan your QR code to download
Fishbowl app on your mobile

By continuing you agree to Terms of Use and Privacy Policy.

Messaging rates may apply

Download app

Sign up for free to view this conversation on Fishbowl

By continuing you agree to Terms of Use and Privacy Policy

Already have an account? Log in

Sign up for free to continue using Fishbowl

By continuing you agree to Terms of Use(New) and Privacy Policy(New)
Messaging rates may apply

Already have an account? Log in

For account settings, visit Fishbowl on Desktop Browser or

General

Legal