Yesterday, I mentioned going through all those reference architects and architecture examples. And another thing I found was something else I really don’t like: The assumption that control library deployments is all the “security architecture” you really need. Obviously, if you’ve been around for long enough, you know this is true. Control libraries are…well, they’re […]
Ever wanted a SABSA vocabulary for the CIS20?
It seems like you can’t swing a cat without bumping into the CIS20 when you talk to people about their security programs. It’s one of the things that comes up far more often than ISO 27000, and even more often than the NIST CSF, but that seems to be changing a little. I have to […]
