"Our mission is to provide a powerful catalyst that will advance how cybersecurity and privacy controls are utilized at the strategic, operational and tactical layers of an organization, regardless of its size or industry."
TUALATIN, Ore. (PRWEB) February 22, 2018
Hackers share information on attack methods with other hackers, so why shouldn’t the good guys share information on how to best protect an organization? We decided to take action and make a difference by creating the Secure Controls Framework (SCF). The SCF as a free resource to businesses to quickly and easily obtain necessary control sets for their cybersecurity and privacy compliance needs.
At the heart of it, the SCF is a comprehensive set of cybersecurity and privacy controls that spans 100 statutory, regulatory and contractual frameworks. This allows cybersecurity, privacy, operations and project teams to speak the same language for controls by using a standardized control taxonomy. Control sets are the “glue” that tie Governance, Risk and Compliance (GRC) together and unfortunately for most organizations there is no set of shared controls for cybersecurity and privacy. The lack of comprehensive and usable control sets can lead to poor governance practices and an overall weaker state of security and privacy.
“Our mission is to provide a powerful catalyst that will advance how cybersecurity and privacy controls are utilized at the strategic, operational and tactical layers of an organization, regardless of its size or industry” says Tom Cornelius, senior partner at ComplianceForge and founder of the Secure Controls Framework.
"Like it or not, cybersecurity is a protracted war on an asymmetric battlefield - the threats are everywhere and as defenders we have to make the effort to work together to help improve cybersecurity and privacy practices, since we all suffer when massive data breaches occur or when cyber-attacks have physical impacts," says Cornelius. The SCF has the ambitious goal of providing cybersecurity and privacy control guidance to cover the strategic, operational and tactical needs of organizations, regardless of its size, industry or country of origin. The end state is to help companies become and stay compliant with cybersecurity and privacy requirements, such as EU GDPR and NIST 800-171.
The SCF is made up of volunteers, mainly specialists within the cybersecurity profession, who focus on Governance, Risk and Compliance (GRC) and the cybersecurity side of privacy. These are auditors, engineers, architects, incident responders, consultants and other specialists who live and breathe these topics on a daily basis.
The SCF is now available to the public at no cost. For those interested in learning more, they can learn more here. https://www.securecontrolsframework.com/secure-controls-framework
For more information on the SCF visit http://www.securecontrolsframework.com.