Security Program Management This article is the first in a series of articles organized by the concepts framed out in the National Institute for Standards and Technology (NIST) Special Publication 800-53, the Security and Privacy Control Catalog that is used as part of NIST’s Risk Management Framework (RMF) to specify the granular areas of Security and Privacy to be addressed in Enterprise Risk Management strategiesRead more about Security Program Management[…]
Read more Security Program Management
Our Story
The Office of The CISO is an organization that firmly believes that all organizational risk should be assessed and addressed. Businesses around the globe forgo proper security measures due to the exuberant costs being placed on security and risk services. The businesses that do have the money to go about assessing their environment usually don’t have the knowledge or capabilities to properly deploy what is necessary for their risks to be properly assessed and mitigated.
The public sector by itself seems to be in a completely hopeless situation that is a culmination of both items mentioned above. States and local governments do not pay the salaries skilled security and risk assessment engineers are demanding. This makes the recruitment of skilled labor in this field very difficult. Majority of the staff on the payroll have no idea about these items or, even worse, ignore it completely because it requires something additional of them. The few that do care have no idea how to move forward. After all, this requires leadership buy in to be successful. Office of The CISO, LLC focuses on assisting these organizations. No one should go without proper security because of incredible costs or lack of knowledge.