Nist, A. Pi, Christoph discussed on Pwned: The Information Security Podcast


Now kind of hide. Your security postures not really something you can do anymore Yay under. Management as we all know is huge and so everyone starting to take a harder look at their vendors and getting confidence in them is is something that's really tough to do. On his kind of a big ass and I think just in general. I would imagine just having. I mean if you're dealing with any sort of. Information that you don't WanNa lose you know or or you know have released. You need something to measure your general security against anyway so as I so even just sort of say like. Tool to just sort of figure out where you stand, a good I mean is that does that make sense us I so as a tool for that purpose as well, it can certainly work for that and one of the benefits in that regard, or if you don't work. In a highly regulated industry for instance so like. Maybe you don't have credit card data or you don't have A. Pi or or tons of Pi and you're looking for something to do a security baseline. Is certainly works for that and actually I highly recommend it for that, because if you pick something like one of the nist standards, which you know, we all love the the nist eight hundred fifty three control framework with its hundreds and hundreds of controls, but those are written for the federal government right. So they can be adapted for industry. Obviously, we have a client to do that, but it's definitely not as intuitive as something like ice where it's going to be a lot easier to successfully implemented and adapted to to Your Business. What are some pieces of information that they can get to help guys out in who should who should from your team? You know kind of be contacted initially to help with us. You can reach out to me if you need assistance with. I'd say the biggest thing. Is You know any prospects who are looking war, a security framework, assessment or type of Third Party assurance I would ask them if it's driven by a contract or any sort of compliance or regulatory obligation. because. That's really gonNA drive what path we take them down and unless they have an explicit requirement to do Nist, XYZ or PTR HIPPO ISOS, Kinda the one-size-fits-all like everything else should go towards ice. Oh, because it's the most adaptable and then it's also a service where we're going to offer certification for it awesome. I think that's all I've got. Is there anything else you wanted to touch on now? I think that's a good. Start, all right? We'll Christoph thank you for your. Thoughts guidance on this and. Hopefully our folks that are listening in. If you have any questions, can go to you. Yeah, absolutely anytime work.

Coming up next