Risk management frameworks and the myth of cross mapping them

The way a compliance and risk framework describes a control and the way framework B describes a similar control is not a one-to-one correlation They can be close but it is not apples to apples You might be comparing a Granny Smith to a Golden Delicious and while they’re both apples they’re different flavors and different colors Cross mapping be very careful Now our platform is framework agnostic Yes we have documentation We have assessments We have asset We have all the scorecards for the top 20 frameworks CIS 123 NIST HIPAA privacy HIPAA security DSF New York DSF basically the ones that you’re seeing with the exception of ISO ISO is a proprietary paid framework and I don’t want to cross lines there So once I get into their ecosystem and then have those legal agreements to be able to do that then I might add ISO but we have ISO experts on staff that can help you Okay So framework agnostic #compliancescorecard

Podcast: Play in new window | Download