Hi Valuable members,
I am new to this community and this forum. I wanted to get your guidance on few things.
For a new Security product company focusing on end point security. The company does not have any Security or Cybersecurity framework, governance, compliance, threat modeling, risk management, etc..
Where do I start and what are the important documents I need to be fully cybersecurity aware company.
Hope all the experts and veterans in this field will shed some light on this and help this company be cybersecurity ready from all aspects.
Kind regards
Neevarp
You might try by reviewing, and perhaps adopting, the open source Common Controls Framework (CCF) published by Adobe. You can read more about it here. It has proven to be quite effective.
https://www.adobe.com/trust/compliance/adobe-ccf.html