topic Re: GRC for new security product company in Governance, Risk, Compliance

GRC for new security product company

neevarp — Fri, 20 Aug 2021 13:28:53 GMT

Hi Valuable members,

I am new to this community and this forum. I wanted to get your guidance on few things.

For a new Security product company focusing on end point security. The company does not have any Security or Cybersecurity framework, governance, compliance, threat modeling, risk management, etc..

Where do I start and what are the important documents I need to be fully cybersecurity aware company.

Hope all the experts and veterans in this field will shed some light on this and help this company be cybersecurity ready from all aspects.

Kind regards

Neevarp

Re: GRC for new security product company

TomRegner — Sat, 21 Aug 2021 19:18:12 GMT

You might try by reviewing, and perhaps adopting, the open source Common Controls Framework (CCF) published by Adobe. You can read more about it here. It has proven to be quite effective.
https://www.adobe.com/trust/compliance/adobe-ccf.html

Re: GRC for new security product company

neevarp — Mon, 23 Aug 2021 23:13:35 GMT

Thank you Tom