- Meant for companies & people with taste.
- Invented by the people, for the people.
- Always have a choice. Pick a different beer or framework - no hard feelings.
- When in doubt, pick high quality.
If your organization does not require a mandated regulation such as FFIEC, COBIT, HIPAA, etc. then NIST Cyber Security Framework is a good framework to adopt to help build up your Information Security Program. CSF provides a good solid balance and of course maps to all of the other frameworks.
The thing is even with a vCISO or Managed Security Service
You want to understand and truly build a security program for your company. You want to be on the fore front of any new up and coming regulation or cybercrime that may happen in our cyber universe and concerning your partners, customers and cyber world that we all share. CSF is easy to understand and easy to implement.
AND like Craft Beer
You don’t want to necessarily go with the most common light beer because it is right up and front and easy to grab and in your face, you want to take a step back, look over the options, consult with the bartender, pick the local IPA, pick something of quality.
But again, it does not matter
Just pick something and start building your Information Security Program!