Standards & Regulatory Frameworks Are Static Security Isn't
Facebook Twitter LinkedIn

Standards & Regulatory Frameworks Are Static Security Isn't

Thursday, November 10, 2022 10:00—10:20
Location: Historic Kassenhalle

Current frameworks from Cyber Essentials in the UK, to the NIST Cyber Security Framework, HIPPA, PCI-DSS and even ISO27002:2022 often take at least 18-24 months to agree by their governance bodies. The world is much faster moving that that, the fact many regulatory frameworks will take years before the kinks are ironed out demonstrate that they are good for what they were designed for at inception, but after that many of them do not keep up with the changing threats and risks enterprises face, let alone the real controls that are required to protect the enterprise. This is why they are more than often just a tick-box exercise for many enterprises. This session will demonstrate with an analysis of several standards and frameworks, that they are a great starting point if you don't know where to start, but if your really want to protect your enterprise you need to go beyond using controls checklists designed for yesteryear's threats and risks. And what organisations can do to improve security to keep in touch with current threats and risks?

Sarb Sembhi
Sarb Sembhi
Virtually Informed
Sarb speaks, writes and contributes to global security events and publications. He was the Workstream Lead for Thought Leadership of UK Cyber Security Council Formation Project and is the Co-Vice...


On-Demand Access
Re-live CSLS 2022
Watch more than 90 sessions on-demand
Download all available presentations
Subscribe for updates
Please provide your email address