2 Establishing the foundation
This chapter covers
- Implementing effective cybersecurity governance
- Roles and responsibilities in securing your organization's digital identity
- Risks associated with third-party vendors and supply chains
In this chapter, we will examine governance as a concept and discuss identity in cybersecurity to better understand what metrics we could effectively use to measure these concepts. To do that, we need a solid foundation based on an industry-trusted framework. It can be easy to get overwhelmed by the number of frameworks to choose from.
When starting out in cybersecurity conducting risk gap assessments, our team had to investigate several cybersecurity frameworks to choose one that we could consistently repeat—while adding value—to determine specific best practices and mitigation strategies to close those gaps. To measure cybersecurity effectively we need to use a framework that resonates with your organization. The concepts are shared among all cybersecurity frameworks so even if you choose a framework that better suits your needs, the concepts we will discuss in this book will remain consistent among all cybersecurity frameworks.
Let’s discover how these concepts form the foundation of cybersecurity through practical examples and scenario-based learning, ensuring your organization is prepared for the challenges ahead.