A Frankenstinean Approach to an Information Security Management System: Implementing ISO 27001 with the CIS CSC (R22a)
The CIS CSC controls are designed to prevent breaches, but there is no current means to be audited as compliant with this standard and prove that it was implemented effectively. ISO 27001 audits are generally done with the ISO 27002 control set in mind, but it is far from a requirement. In this session, the presenter will discuss how we’ve approached this frankenstein approach to security standards and auditing, and discuss our success and challenges.