Why are security frameworks important?

- [Instructor] Modern life involves using the internet all the time. If you think about it, there are seven billion people in the world and 3.8 billion of them are internet users. That's over half. Data flows everyday between people and companies. Whether you're doing business, perhaps you're going to the doctor, or maybe you're doing a bit of personal shopping on your own time, data is in every part of our lives. It is vital that companies, from the very largest to the very smallest, have the security frameworks in place to protect the data they are using and/or collecting.

Interestingly, in 2017, 20% of companies reported they were not utilizing a security framework. So, how do they determine where their security risks are? Frameworks guide the implementation and management of security controls within an organization. They provide standards outlining best practices. You take a grocery list to the store, don't you? Similarly, security frameworks provide a checklist so that you don't forget anything.

Frameworks provide a reference, common language and vernacular. They use common measurements and they use best practices and benchmarking of other industry peers. There are a variety of reasons why organizations choose to implement security frameworks. Oftentimes, the reason they choose to move towards a framework will drive the benefits they derive from using that particular one. Some of the top drivers include legal compliance, national safety, public safety.

Many companies think about the reputation and financial security in case of a security breach. And some companies think about how security can be a differentiator for them by providing confidence to their consumers that their data is secure. The main benefits to any organization that leverage security frameworks include things like a solid baseline for measuring security effectiveness. This allows you to report in a consistent manner to your leadership what your baseline was and the improvements you're making.

There's compliance, making sure that you can show your auditors that you're doing the things required by law. The last benefit is improved, demonstrable maturity. Just as there are benefits with a security program, no program comes without its challenges. Some of the top challenges include a lack of budget, the inability to buy the tools or resources needed to work through your program. Another is trained staff, having the right capabilities on your security team is important.

Many organizations are looking for automated tools so that they can stop doing manual processes that are not scalable for their organization. And finally, many organizations see a lack of integration between tools so that everything seems to be a one-off that needs to be administered separately. As we look at the top benefits and challenges, the benefits definitely outweigh the challenges where security is concerned. It's like eating an elephant. You do it one bite at a time.

These frameworks will raise the bar of your security program inch by inch.