5 Establishing the foundation
This chapter covers
- Implementing effective cybersecurity governance
- Roles and responsibilities in securing your organization’s digital identity
- Risks associated with third-party vendors and supply chains
This chapter explores governance as a concept and examines identity in cybersecurity to determine which metrics can effectively measure these critical areas. A solid foundation rooted in an industry-trusted framework is essential for this analysis. Yet, with so many frameworks available, selecting the right one for your organization can feel overwhelming.
When starting in cybersecurity and conducting risk gap assessments, teams often need to investigate several frameworks to find the one that aligns with their processes and consistently delivers value. A well-chosen framework helps identify best practices and develop mitigation strategies to close identified gaps. To measure cybersecurity effectively, using a framework that resonates with your organization’s specific needs and goals is essential. While frameworks differ in structure and terminology, their core concepts are consistent across the industry. This ensures that the principles discussed in this book remain applicable, regardless of your chosen framework.
This chapter demonstrates how these foundational concepts shape cybersecurity through practical examples and scenario-based learning, preparing your organization to meet future challenges confidently.