Wednesday, March 20, 2019

How does a company get started with cybersecurity when they’ve never addressed it seriously?

To get started with cybersecurity, companies must understand what data they have, what regulations apply to them, and the overall leadership attitude towards risk, cybersecurity, and protecting information assets.  From here, the company needs to pick a cybersecurity framework such as HIPAA, PCI, NIST, or ISO that most closely aligns with their goals.  Once a framework is selected, a gap analysis should be performed.  Then the company can proceed with implementing controls to address the unique weaknesses and vulnerabilities that face it.

No comments:

Post a Comment