Resources to create Cyber security strategy, for CISOs

Say you're a CISO or a consultant helping a CISO to create a cyber security strategy
Do you have any good resources? frameworks? industry standards/benchmarks?
keen to hear your thoughts and I'll share mine as well!
Tagged:
Comments
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
So all in all it depends on the problem domain, what the root cause issues are. From this apply the framework when you speak to the "lower level staff."
I would throw in, "and the business goals and objectives of the organization."
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
CISO Hotline is a CISO interview podcast hosted by Todd Neilson that published four episodes in 2019 and none since. (I contacted Todd via LinkedIn and he said that he got too busy to continue.) While you won't be seeing any new episodes soon, I think those available now are worth listening to for anyone with CISO information collection interests.
Global CISO Forum Podcast is the official EC-Council CISO Forum podcast. This podcast contains only interviews with CISOs and only publishes about five or six, 30-minutes episodes per year, making it easy to stay current. The host, Amber Pedroncelli, is a generic interviewer personality and does not seem to have any specific insights into the CISO role or needs. Interview questions are fairly checklist (e.g., 'How did you get into cybersecurity?") and follow-up questions are generic (e.g., "I read on your blog that..."), so the real value here is whatever the CISO interviewee decides to say. I am a little surprised that the episodes do not contain a trailing marketing blurb for the the EC-Council's CCISO certification.
Global CISO Forum Podcast Website
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray
Vision statement for a cyber security strategy, so for the cyber security part of the org
Now once you have understood this, perhaps done a SWOT, PEST analysis you can comprehend the organisation’s threats, enablement objectives and opportunities to pursue.
once done, create vision statement which will bring out the business purpose/opportunities and threats and how the security objectives of confidentiality, integrity, availability, accountability, privacy will map to those threats and opportunities.
hopefully this helps in some way.
Forum Admin at www.techexams.net
--
LinkedIn: www.linkedin.com/in/jamesdmurray
Twitter: www.twitter.com/jdmurray