This discussion is to review an approach to mitigating risk through self assessment and alignment of remediation efforts with a Hierarchy of Security needs. The primary principle is to help develop information security and risk management programs through various foundational requirements.
The hierarchy is developed to identify the completeness of foundational requirements and provide next steps to assist in maturing security programs to attain the appropriate level of maturity.
- Approach to addressing risks by identifying and developing foundational requirements
- Alignment of remediation efforts with a Hierarchy of Security needs.
- Next steps
About Beckie Mossman
Beckie Mossman is a consultant specializing in network security services, with a background in assessments, audit and compliance. She started her career as an analyst in Army Intelligence and continued in information as a Security Architect and Engineering with various organizations.
About Brian Johnson
Brian Johnson, CISSP, CISA, is a security consultant with a background in network
and web penetration testing, IT audit, and compliance in banking,
retail and medical industries.