Excerpt from ESORMA Domain #1: Scope Webinar. If you would like to see more, become a free portal member by clicking on the Free Gifts button above, registering and learn all about Scope.
- 24 top tips & suggestions
- The ESORMA Background Story
- 4 types of Scope
- No cost cybersecurity options
- Security & Governance
- Application and Documentation
- Scope & Muscle Memory
- and more
- Q & A
There are a number of common heavyweight and well regarded governance frameworks in use by major companies, global enterprises and government bodies. Invariably, these are also very interested in maintaining high levels of IT, and more recently Cyber Security.
Major frameworks are a good place to start and they help ensure that enterprises follow best practices and operate in a secure manner, there are many benefits and in some cases, they have been in use for many decades. They are proven not to extend well into the complex areas of IT security, or more specifically Cyber Security in practice, most get bogged down in small details and progress is often slowed as a result.
The reasons are straightforward, the threat landscape is constantly changing and existing frameworks are incomplete or complex. The bigger frameworks are ideally suited to working where there are groups of people who share a common understanding of the business operation as well as the need for best practices. Unfortunately when it comes to complex IT and Cyber Security matters, while most will share a common understanding of the business operations in essence, few understand it at a technical level and this is where the difficulty exists.
The top down, committee approach is correct in principle, yet when it comes to IT and Cyber Security, many can't keep up, it is easy to become bewildered and confused. By the time it is all explained the process can become very frustrating for those involved and time that is usually of the essence is lost. This is especially the case when solutions, although complex, may be low cost and fast for a practitioner to implement.
There is a need, therefore for a straight forward, plain and simple security architecture framework that does away with unnecessary terminology, verbosity and complexity that could bridge the gap and enable an organisation to communicate its mission and to follow the plan it has, effectively.
Introducing ESORMA Framework
ESORMA stands for Enterprise Security Operations Risk Management Architecture.
ESORMA is a unique, agile architecture, methodology and framework designed to help you manage Governance, Risk and Compliance. It allows a management team to communicate effectively with cyber security practitioners and vice versa. ESORMA is agile as it is expected to deal with a constantly changing threat landscape. ESORMA is clear as the scope is always applied to all domains. ESORMA is tuned for fast actionable solutions to real world problems without the clutter in order to ensure modern enterprises are as protected as they can be. In essence the practitioner can quickly develop an action plan and business managers will be assured underlying value activity is undertaken.
The ESORMA Domains
Security is complex enough in itself without needing to be further enshrouded in a cloak of mystery, theoretical language and messy artefacts. So for that reason ESORMA is written from the perspective of enabling and maintaining communications between staff and colleagues without being bogged down in the complexity, while allowing colleagues with the complex knowledge to implement at the detailed level.
ESORMA strips away the unnecessary terminology, methodology and mystery surrounding architecture and instead provides a practical, real world approach to managing information security. It does this by placing emphasis on key process areas that are always required to manage risk right from Governance at the top of an enterprise to operations at its bottom.
These areas are known as the essential domains of enterprise security and are: Scope, Priority, Evaluate, Enable, Harden, Monitor, Operations and Compliance. The framework delves into these domains and demonstrates how to effect strategic change and protection. This process can be applied at a top level by the team and at a deeper component level, determined and implemented by the practitioner.
Introducing the ESORMA Community
The core concept of ESORMA is to enable best practice and to ease integration of Cyber Security within a GRC framework. This would not be possible without a community of like minded people and the benefits of information and best practice sharing a committed community could bring.
As well as best practice, quick start kits, the ESORMA framework also provides an on-line platform members can also communicate through our unique and private messaging system in order to share resources and provide peer to peer support.
The ESORMA domains image is deliberately not a map, and neither is it a grid, it simply shows that everything starts with a scoping exercise, and could go in any of eight directions of which all parts of the GRC framework reside. Whether your scope is full, broad, partial or specific. From wherever you start you can go in any direction. The objective is to suit the project you have in mind, not the ESORMA GRC framework.
Equally there is no insider language or unique and new conventions, there should be nothing new to learn or to confuse other people with. If any language is to be followed, it should be the language of the organisation that wants to employ the ESORMA framework. As a convenient framework ESORMA provides the basis to include all parts of your business within while taking care of security.
In addition there are a range of tools and services available within the online community platform that will facilitate fast start opportunities and get you talking to peers within the industry.
Click here to read about the ESORMA membership community.
Click here to read about David White, ESORMA founder.
Click here to read about Mustafa Ahmed, ESORMA founder.