If you’re like most executives, you must feel positively inundated with the volumes of material made available to you about the challenges of enterprise cybersecurity and the serious consequences of malicious hacking on business and society. Indeed, every day we are treated to a stream of news articles, television reports and government advisories about cyber risk that are consistent with the warnings we receive during briefings from our chief information security officers.
To combat this risk, executives understand that a combination of security solutions is required to provide suitable prevention and mitigation. These solutions include technical and architectural controls, certainly, but also include compliance objectives, as dictated by a select requirements framework. Because many different frameworks have been published (e.g., NIST Framework for Cyber Security, Payment Card Industry Data
Security Standard (PCI DSS), and many more) this is also an area of dizzying complexity.