• Login
    • Proximity
    • ClearDB
    • ServiceNow
    • NaviVue
      (Formerly Velocity Zoom)
    • Privo Service Desk
  • Support
  • Contact Us
  • Login
    • Proximity
    • ClearDB
    • ServiceNow
    • NaviVue
      (Formerly Velocity Zoom)
    • Privo Service Desk
  • Support
  • Contact Us
  • Industries
    • Healthcare
    • Life Sciences
    • Manufacturing
    • ISV/SaaS
  • Services
    • Application Services
      • Oracle
      • SAP
        • SAP Analytics
        • SAP Business Technology Platform
        • SAP Data Management Services
        • SAP ECC
        • SAP Intelligent Technologies
        • SAP Managed Services
        • SAP Professional Services
        • SAP S/4HANA
        • RISE with SAP
      • Microsoft
      • Infor
      • Salesforce
      • Custom Application Development
    • Cloud Marketplaces
      • AWS
      • Azure
      • Heroku
    • Cloud Services
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Oracle Cloud
      • Cloud Migration
      • Cloud Optimization
      • Cloud DevOps
      • Virtual Desktops
    • Data Intelligence & Automation
      • Business Intelligence
      • Blockchain
      • CPM
      • Data Architecture & Design
      • Predictive Analytics & AI
      • Robotic Process Automation
      • SAP Analytics
    • Database Services
      • Managed DBA
      • SAP HANA
      • Database Refactoring
      • Database as a Service
    • Infrastructure Services
      • Managed Hosting
      • IBM i Power Systems (AS/400)
      • Colocation
      • Disaster Recovery
    • Security Services
      • Advisory Services
      • Managed Security Services
      • Virtual CISO
    • Supply Chain
  • Resources
    • Blog
    • Resource Center
    • Events
    • Case Studies
  • Partners
    • AWS
    • Google
    • Microsoft
    • Oracle
    • Salesforce
    • SAP
    • ServiceNow
    • Stripe
  • Company
    • About
    • NaviVerse
    • Careers
    • Leadership
    • News
    • Press Releases
    • Awards & Recognition
    • Trust & Transparency
    • #NaviGivesBack
    • Contact

From the Desk of the vCISO: Using Security Frameworks to Build Your Cybersecurity Program

Aaron Boissonnault
  • All Posts
  • News
  • Events
  • Tips
  • Insights
  • Spotlight
  • Company

With the number of cyber threats increasing, companies need to ensure they have robust cybersecurity frameworks in place. However, finding the right program is often easier said than done in an increasingly complex cybersecurity landscape that’s filled with a myriad of tools and services—each promising to solve different pieces and parts of the security puzzle.

Instead of helping, many IT teams find themselves faced with analysis-paralysis—unsure of the best option and concerned about the impact of making a wrong decision. And that generally leads to the following two scenarios:

Nothing happens. IT pros are overwhelmed, causing some to throw up their hands in defeat. The reality, however, is that doing nothing is the worst possible path because it leaves organizations vulnerable to cyberattacks.

Point solutions are deployed on a threat-by-threat basis. IT pros take a reactive approach to cybersecurity—i.e., every time a new threat emerges, they purchase a new point solution. But rather than mitigate risk, this approach actually introduces it, because purchasing and implementing numerous point solutions results in isolated, complex and costly IT infrastructures that are difficult to manage and maintain.

Establishing a Security Foundation

The best approach, of course, is to establish a strong security posture from the start—a foundation upon which to build, based on stringent industry standards, with controls in place that you can measure, track and report on as part of an overall governance framework.

The right security framework serves as your blueprint for building a robust IT security program—and provides much-needed guidance to your team as you consider new tools and technologies.

There are many security frameworks available and in use—so where do you begin?  

The first place to start is by looking at your industry. Are you required to follow an industry-specific security mandate? For instance, the Payment Card Industry Data Security Standard (PCI DSS) or the Health Information Trust Alliance (HITRUST) framework.

Additionally, I’d recommend looking at one of the commonly used security frameworks—each of which provides different levels of granularity and maturity that can either augment what you already have in place, or serve as your starting point. Consider the following:

  • CIS Controls: CIS Controls are a set of guidelines that provide specific and actionable ways to protect your business from pervasive cyberattacks. These controls are a short list of high-priority defensive actions that provide a “do this first” starting point for businesses looking to improve their cybersecurity. I typically advise clients starting from ground zero to follow the CIS framework because it is a high-level security roadmap, providing easy-to-understand controls, best practices and advice. CIS Controls provide a solid security foundation for companies just getting started—with the ability to further mature your program as you check those cybersecurity boxes.
  • NIST: NIST is a voluntary, flexible framework that aims to ensure critical infrastructure is secure. NIST’s framework does this by providing guidance, standards and best practices for protecting critical digital assets. The framework also provides a systematic methodology for managing cybersecurity risk, and it can be customized to complement your existing cybersecurity and risk management processes.
  • ISO 27001: ISO 27001 has become a gold standard for security excellence. The goal of ISO 27001 is to provide a framework of policies for how a modern organization should manage its data. Risk management is a key part of this framework, ensuring that a company understands its security strengths and weaknesses. The ISO 27001 framework is broad and can be applied across a wide array of businesses, regardless of their size or industry.

Many Cybersecurity Frameworks to Choose From, One Goal

Though there are many security frameworks to choose from, they are all designed with the same goal in mind: to bring sense and order to what often feels like an overwhelming task. Choosing a framework is the first step toward building a governance-based cybersecurity program that produces measurable outcomes and mitigates business-specific risks.

As you embark on your cybersecurity journey, remember this: Security frameworks are a great foundation on which to build your cybersecurity program, but they aren’t a magic wand. To effectively protect your business against today’s sophisticated cyberthreat landscape, you must continually build upon and evolve your strong foundation with a multi-tiered security strategy that is proactive, risk-based and followed by everyone in your organization. Managed service providers like Navisite offer services to help you boost your security posture with ongoing threat protection. From assessing the current state of your security to providing ongoing and proactive managed security services, we deliver the security expertise and protection you need using the latest technologies and security controls to catch threats before they cause a disruption to your business.

Learn more about our security services

You May Also Like

How to Choose the Right SAP S/4HANA Implementation Path for Your Business

Tips
by Megan Ferringer  

From the Desk of the vCISO: How to Protect Your Business from Third-Party Risk

Tips
by Aaron Boissonnault  
About the Author
Aaron Boissonnault
Aaron Boissonnault

Aaron is the Chief Information Security Officer at Navisite and is responsible for security and compliance programs and the delivery of our managed security and advisory services to help customers implement and maintain the highest levels of cybersecurity protection and best practices. Aaron has more than 18 years of experience in the industry, holding various leadership and consulting roles in cloud security, infrastructure security and security operations.

Categories

  • Blog
  • Events
  • Insights
  • News
  • Spotlight
  • Tips

About Us

Navisite is a trusted IT services partner for mid-market and smaller enterprise companies. We help our customers maximize business value and accelerate digital transformation with a comprehensive portfolio of enterprise application, data management, security and managed cloud services.

Follow Us & Share

Press Releases

  • U.S. Tech Company Navisite Expands Globally with Presence in Costa Rica
    March 9, 2023
  • Navisite Receives SAP® North America Partner Excellence Award 2023 for Highest Cloud Revenue and Net-New Names
    February 21, 2023
  • Navisite Named on CRN’s 2023 MSP 500 List as an Elite 150 Company
    February 17, 2023
  • Navisite Announces Inaugural Winners of Steminist Scholarship Program in India Supporting Young Women in STEM
    February 8, 2023
  • Navisite SAP Services for Cannabis Wins 2023 BIG Innovation Award
    January 11, 2023
  • Information Services Group (ISG) Names Navisite a Leader in Public Cloud – Solutions & Services 2022 U.S. Report
    December 8, 2022
How to Choose the Right SAP S/4HANA Implementation Path for Your Business
by Megan Ferringer  
            Previous Post
AWS Cloud Security: A Few Best Practices to Help You Take Control
by Peter Berry  
Next Post      

Industries

  • Healthcare
  • Life Sciences
  • Manufacturing
  • ISV/SaaS

Services

  • Application Services
  • Cloud Marketplaces
  • Cloud Services
  • Data Intelligence & Automation
  • Database Services
  • Infrastructure Services
  • Security Services
  • Supply Chain

Resources

  • Blog
  • Resource Center
  • Events
  • Case Studies

Partners

  • AWS
  • Google
  • Microsoft
  • Oracle
  • Salesforce
  • SAP
  • Service Now
  • Stripe

Company

  • About
  • NaviVerse
  • Careers
  • Leadership
  • News
  • Press Releases
  • Awards & Recognition
  • Trust & Transparency
  • #NaviGivesBack
  • Contact
  • Modern Slavery
We use cookies
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Accept Cookies
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT