Hi Valuable members,
I am new to this community and this forum. I wanted to get your guidance on few things.
For a new Security product company focusing on end point security. The company does not have any Security or Cybersecurity framework, governance, compliance, threat modeling, risk management, etc..
Where do I start and what are the important documents I need to be fully cybersecurity aware company.
Hope all the experts and veterans in this field will shed some light on this and help this company be cybersecurity ready from all aspects.
MITRE ATT&CK would be a good place to start.