Cobalt,
Lazarus,
MageCart,
Evil,
Revil
—
cybercrime
syndicates
spring
up
so
fast
it’s
hard
to
keep
track.
Until…they
infiltrate

your
system.
But
you
know
what’s
even
more
overwhelming
than
rampant
cybercrime?

Building
your
organization’s
security
framework.

CIS,
NIST,
PCI
DSS,
HIPAA,
HITrust,
and
the
list
goes
on.
Even
if
you
had
the
resources
to
implement
every
relevant
industry
standard
and
control
to
a
tee,
you
still
couldn’t
keep
your
company
from
getting
caught
up
in
the
next
SolarWinds.
Because
textbook
security
and
check-the-box
compliance
won’t
cut
it.
You’ve
got
to
be
strategic
(especially
when
manpower
is
limited!).
And
lean.

Learn
the
ropes
now.

3
Pro
Tips
for
Building
Your
Lean
Security
Framework

Without
a
framework
in
place,
you’re
either
navigating
the
cyber-risk
universe
with
blinders
on
—
or
buried
so
deep
in
false
positives
you
couldn’t
spot
a
complex
attack
until
it’s
already
laterally
advancing.

But
why
build
your
security
framework
from
scratch,
when
you
could

steal
a
page
(or
3!)
from
other
pros
in
the
space?
Get
quick
tips
from
their
free
guide
for
bootstrapped
IT
security
teams
below.

Pro
Tip
1:
Customize
Industry
Standards
to
Your
Needs

Your
first
step
to
building
your
lean
security
framework?
Don’t
reinvent
the
wheel!

Customize
industry
frameworks
and
standards
to
the
unique
needs
of
your
organization.
For
example,
lay
your
foundation
with
the
Center
for
Internet
Security,
CIS,’
Critical
Security
Controls,
or
the
National
Institute
of
Standards
and
Technology,
NIST’s,
Cyber
Security
Framework.

Next,
start
laying
your
security
bricks
with
industry-specific
standards:
the
Payment
Card
Industry,
PCI’s,
Data
Security
Standard
(DSS)
if
you
accept
payment
for
goods
or
services
with
credit
cards;
or
the
Health
Insurance
Portability
and
Accountability
Act
(HIPAA)
if
you’re
in
healthcare;
and
so
on.

Pro
Tip
2:
Get
Comfortable
with
Risk

Controls.
You
know
you
need
them,
but
some
controls
are
more
valuable
to
your
security
posture
than
others.

Why?
Because
some
simply
aren’t
worth
the
expense.

For
example,
storing
your
company’s
personal
data
in
the
cloud
is
risky.
What’s
the
alternative?
Housing
it
on-premises?
That’s
expensive
and
comes
with
its
own
set
of
risks.
So
you
choose
to
accept
the
risk
of
using
the
cloud,
right?

You’ll
want
to
weigh
the
value
of
implementing
the
various
controls
across
your
four
key
areas
of
risk
management:
threat;
technology
and
integration;
cost;
and
third-party
vendors.

Tip
3:
Embrace
Emerging
Trends
and
Technologies

Chances
are
you’ve
already
moved
to
the
cloud
like
most
scaling
companies
because
it’s
cost-effective.
So
don’t
limit
yourself
to
industry
frameworks
and
standards
designed
only
for
companies
hosting
their
entire
tech
stacks
on-premises.

Use
the
Cloud
Security
Alliance’s
Cloud
Controls
Matrix
and
Shared
Responsibility
Model.
Jump
on
the
Zero-Trust
bandwagon.
Integrate
your
tech
stack
with
an
XDR.
Outsource
threat
monitoring
and
response
to
an
MSP,
MSSP,
or
MDR.
Transfer
some
of
your
risk
to
a
cloud
insurance
provider.

The
Bottom
Line

You’ve
got
more
than
enough
options
for
building
a
risk-tight
security
framework.
The
trick
is
picking
and
choosing
wisely.

If
you
found
these
3
tips
helpful
—

download
Cynet’s
free
guide, “How
to
Build
a
Security
Framework
If
You’re
a
Resource-Drained
IT
Security
Team”
for
more.