Announcements
Voting is now open!
Members, make your selections in the annual (ISC)² Board of Directors election. Vote Now! Voting is open until Sept. 22.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
neevarp
Newcomer I

GRC for new security product company

Hi Valuable members,

 

I am new to this community and this forum. I wanted to get your guidance on few things.

 

For a new Security product company focusing on end point security. The company does not have any Security or Cybersecurity framework, governance, compliance, threat modeling, risk management, etc.. 

 

Where do I start and what are the important documents I need to be fully cybersecurity aware company. 

 

Hope all the experts and veterans in this field will shed some light on this and help this company be cybersecurity ready from all aspects.

 

Kind regards

Neevarp

2 Replies
TomRegner
Viewer

Re: GRC for new security product company

You might try by reviewing, and perhaps adopting, the open source Common Controls Framework (CCF) published by Adobe.  You can read more about it here. It has proven to be quite effective.
https://www.adobe.com/trust/compliance/adobe-ccf.html

neevarp
Newcomer I

Re: GRC for new security product company

Thank you Tom