Event Recording
Standards & Regulatory Frameworks Are Static, Security Isn't
Click here to watch the recording of this session. You'll need to log in to watch it.
Current frameworks from Cyber Essentials in the UK, to the NIST Cyber Security Framework, HIPPA, PCI-DSS and even ISO27002:2022 often take at least 18-24 months to agree by their governance bodies. The world is much faster moving that that, the fact many regulatory frameworks will take years before the kinks are ironed out demonstrate that they are good for what they were designed for at inception, but after that many of them do not keep up with the changing threats and risks enterprises face, let alone the real controls that are required to protect the enterprise. This is why they are more than often just a tick-box exercise for many enterprises. This session will demonstrate with an analysis of several standards and frameworks, that they are a great starting point if you don't know where to start, but if your really want to protect your enterprise you need to go beyond using controls checklists designed for yesteryear's threats and risks. And what organisations can do to improve security to keep in touch with current threats and risks?
