Geek-Guy.com

Month: August 2020

Comment on Free NIST CSF Maturity Tool by Stephen Lipka

John,
Thanks for this terrific tool! As a virtual CISO, I’ve also pressed the case that policy and practice should be measured separately. In less mature companies, I’m inclined to press practice first (documented with standards) to protect IP and employee (or personal) data, and to learn what’s both practical and effective before formalizing into policy. This tool should help help build maturity without the false sense offered by policies.

Comment on Free NIST CSF Maturity Tool by Stephen Lipka

John,
Thanks for this terrific tool! As a virtual CISO, I’ve also pressed the case that policy and practice should be measured separately. In less mature companies, I’m inclined to press practice first (documented with standards) to protect IP and employee (or personal) data, and to learn what’s both practical and effective before formalizing into policy. This tool should help help build maturity without the false sense offered by policies.