Understanding the MyCISO Getting Started Framework
The MyCISO Getting Started Framework offers a short set of 20 control questions, spread across the 6 functions of NIST as well as a good spread of 15 security domains. This broad but shallow assessment will provide a good indication of your overall security, without having to complete a comprehensive assessment with a full framework. This framework is designed to get an organisation started on their security journey and is a stepping stone towards MyCISO Intermediate, NIST CSF or ISO 27001.
Target Audience
The MyCISO Framework is tailored for organisations that are early in their security journey or organisations seeking to get a ‘pulse’ on their security posture more quickly, on the way to completing a broader framework.
Key Security Domains Covered
The MyCISO Getting Started Framework includes 20 controls that align to the following security domains:
- Asset Management: Identifies and manages organisational assets.
- Business Continuity & Disaster Recovery: Maintains and recovers business operations during disruptions.
- Configuration Management: Secures system configurations to mitigate vulnerabilities.
- Change Management: Controls changes to systems to prevent unintended consequences.
- Data Classification & Handling: Classifies and handles data based on sensitivity.
- Endpoint Security: Protects endpoints like laptops and mobile devices.
- Risk Management: Identifies, assesses, and mitigates risks.
- Security & Privacy Governance: Establishes and maintains security policies.
- Human Resources Security: Defines roles and responsibilities for security.
- Identification & Authentication: Manages user identities and access controls.
- Incident Response: Handles security incidents effectively.
- Continuous Monitoring: Monitors security controls continuously.
- Security Awareness & Training: Educates staff on cyber security risks.
- Third-Party Management: Manages risks from third-party vendors.
- Vulnerability & Patch Management: Identifies and addresses vulnerabilities promptly.
MyCISO recommends selecting a larger and more comprehensive framework upon completing MyCISO Getting Started.
Additional Resources
MyCISO offers various supplementary resources to support organisations in implementing the framework:
- Advisories and alerts on emerging threats.
- Training programs for staff awareness.
- Tools and templates for policy development.
- Official documentation and guidelines available on MyCISO’s website.
Benefits and Adoption
Adopting the MyCISO Framework provides several key benefits:
- Quick identification of security domains likely to be weakest.
- A pulse on the current maturity in the organisation
- Fast access to reports
- Ability to quickly move past control assessments into the Risk Scenario Assessment part of MyCISO.
In conclusion, the MyCISO Getting Started Framework is a quick starter framework providing a broad but shallow set of control questions, enabling organisations seeking to start using MyCISO to track their security program with a quick start to their journey.
